Why Upgrade: Single Sign-On and Advanced IAM

Free is great. You’ll get no argument from us. And, despite being free, Cells Home Edition is a very capable sharing and collaboration platform. But if your organization has been using the Home edition for a while, maybe it’s time to boost your sharing and collaboration capabilities to meet your business’s needs. Cells Connect and Enterprise both support a wide range of access control solutions and advanced authentication and authorization capabilities. Let’s take a quick look at what’s on offer.

This post is part of a series highlighting the advantages of upgrading from Cells Home to Cells Connect or Cells Enterprise: 

1. Single Sign-On and Advanced IAM (this post)
2. Reporting, Audit and Compliance Capabilities
3. Get More Scalable, Efficient and Reliable with Cells Connect and Enterprise

SSO and Third-party Directory

One issue that comes up repeatedly is the password management fatigue caused by having to remember and manage credentials for multiple platforms. The solution is Single Sign-On or SSO, as it’s often known.

Above a certain size, virtually every organization eventually adopts a single sign-on (SSO) strategy to streamline access across multiple platforms. 

For years, if you were looking to manage identities and access across an enterprise, LDAP or Lightweight Directory Access Protocol was the standard solution. And for many organizations, it still is. Cells Connect and Enterprise fully support authentication via LDAP, while also offering: 

• Multiple directories support

• Advanced LDAP-attribute-based filtering

• Configurable LDAP-attribute mapping (including user attribute, profile, role or group path)

• “MemberOf” support & “MemberOf” emulation

Many larger enterprises have moved on to the newer OAuth2 and OIDC (OpenID Connect) authentication and access protocols. Again, Cells Connect and Enterprise have got you covered.

• Cells support all OpenID Connect or OAuth2 identity providers, as well as SAML2, AzureAD

• New users are created directly in Pydio at login time

You can do a deep dive on Identity management in our Knowledge Base.

Cells also has centralized directory capabilities that make it possible for you to use it as an OIDC Identity Provider for other platforms (users are managed in Cells). If you need to set up multiple connection methods (e.g. Pydio native connector for administrative users and a third-party OIDC for standard users), you can use Pydio’s “Sites” feature to provide customized access points with the appropriate connectors. You can even customize the branding to provide a truly seamless user experience. Check out how that works here.

Advanced Rule-based Security Policies

Pydio Home provides basic role-based access control. But if your organization needs more dynamic security rules, Cells Connect and Enterprise provide highly capable rule-based access control (see what we did there? Rules vs roles).

At its most basic, rule-based security policies are defined by determining WHO is ABLE to perform WHAT on SOMETHING in a given CONTEXT. Using this foundational structure, you can create complex, contextual security policies by stacking rules that are evaluated at runtime to provide fine-grained access control with the ability to answer questions in evolving environments. 

One simple example would be adding a rule to the security that evaluates where a connection is being made from and denying all access from known bad or unknown connection sources to reduce security risks. But that is really just the beginning. 

You can read up on security policies in Cells here.

Hardened Security Measures

Pydio Cells Enterprise boasts an array of advanced platform security measures to keep your documents and data safe. Here are just a few highlights. 

• Pydio's customizable password complexity rules mean you can enforce a mix of uppercase, lowercase, numerical, and special characters as a strong first line of defense.

• Multi-factor authentication via OTP, U2F, and Duo Security significantly reduces the risk of unauthorized access due to compromised credentials.

• Pydio’s IP ban feature reduces the impact of brute force attacks by protecting against excessive login attempts. And IP blacklisting and whitelisting provides additional access control enhancing overall security posture.

• Compliance is another critical aspect of security. Pydio allows you to set up the Terms of Service users need to agree to so they reflect your organization’s policies or regulatory obligations like GDPR – promoting legal compliance and user awareness.

• Cells Connect and Enterprise also provides a nuanced approach to administrative access through its Admin Delegation feature, which allows for the granting of restricted administrative permissions to non-admin users. This feature reduces the danger of “overprivileged accounts” and improves security posture.

Automated Authorization Provisioning via Cells Flows

With all these layers of access control, the management workload could get out of hand. So, using Cells Flows, our no-code workflow builder, we’ve set up off-the-shelf workflows to allow you to automate role assignment, user onboarding, inactive user detection and/or removal, and much more! Here is an example of how Flows works for authorization provisioning and a real-world use case to show you how it works.

Stay Tuned for More Reasons to Upgrade to Connect or  Enterprise

In our next post in this series, we’ll look at the advanced audit, compliance and reporting features available in Cells Connect and Cells Enterprise editions.

Interested In Upgrading?

Curious about upgrading? Visit our Pricing page to get an overview of Cells Connect and Enterprise Edition. Or set up a session to talk to one of our Cells specialists to find out which version fits your organization best.