Interoperability between identity and access management products is critical to achieving secure outcomes. Without standards-based interoperability, customers risk getting a fragmented patchwork of security products that leaves gaps and makes their systems vulnerable to cyber attacks.
CAEP and Shared Signals are standards proposed by the OpenID Foundation, the same organization that has standardized OpenID Connect, which is now used by most organizations to login users. Common interfaces such as “Sign-In with Google” use OpenID Connect. SGNL has been actively involved in the development of CAEP and Shared Signals right from the beginning.
CAEP (Continuous Access Evaluation Profile) defines a “Session Revoked” event, which is of immediate interest to many customers in order to logout users from live sessions at various cloud services or internal applications based on changes to a user’s security posture.
The SGNL CAEP Hub, which was announced earlier this year, enables customers to adopt the OpenID CAEP, SSF and RISC standards. Through proprietary integrations, the CAEP Hub extends such capabilities to those services that don’t yet support the standards.
In March 2024, at the Gartner IAM Summit in London, UK, a few implementers demonstrated interoperability between their products using CAEP. SGNL’s CAEP Hub product successfully interoperated both as a Transmitter and Receiver with all products that supported the corresponding complementary capability. Here’s a detailed chart of the products that the SGNL CAEP Hub interoperated with, and the CAEP events that were used to prove interoperability
SGNL CAEP Hub as the Transmitter
The following table shows the interoperability of the SGNL CAEP Hub acting as a Transmitter, as demonstrated at the Gartner IAM Summit in London, UK on March 4th and 5th, 2024
| Receiver | CAEP Events | Effect on Receiver |
|---|---|---|
| Cisco Duo | Session Revoked | Users’ session risk re-evaluated |
| Okta | Session Revoked | User is logged out of Okta |
| SailPoint | Session Revoked | Administrator alerted of session revocation |
SGNL CAEP Hub as the Receiver
The following table shows the interoperability of the SGNL CAEP Hub acting as a Receiver, as demonstrated at the Gartner IAM Summit in London, UK on March 4th and 5th, 2024
| Transmitter | CAEP Events | SGNL Action on Receiving Event |
|---|---|---|
| Cisco Duo | Session Revoked | Administrators can define workflows and choose actions |
| Helisoft | Session Revoked, Token Claims Change | |
| Okta | Session Revoked | |
| SailPoint | Session Revoked |
Conclusion
SGNL is committed to open standards-based interoperability, and has demonstrated broad interoperability with leading industry players. SGNL CTO, Atul Tulshibagwale, also coordinated the Gartner IAM Summit interoperability event. We look forward to having more industry players participate and demonstrate interoperability in order to achieve secure outcomes for customers.
Schedule time with a SGNLer to learn more about our approach to interoperability, context-based policies and dynamic access management.