Cloud Gate SSO

Cloud Gate SSO server determines IP address of end users and decide where the user can login Google Apps, employees inside company intranet can have access to Google Apps, out-on-duty users can also have access to Google Apps with their IP addresses pre-registered by system administrator.

Google delivers wonderful user experience on mobile devices for Gmail and Google calendar services. With the mobile client ID restriction feature, only permitted mobile users can access Google Apps services from their devices, thus work safely on the go. NTT Docomo, au(KDDI) devices are fully supported, most devices from Softbank and Willcom are supported as well. Regarding the support of devices from other carriers, please contact us for more information.

Laptop and Homework PC, that are allowed to login from outside of company network, can be registered as PC Client at Cloud Gate server and have access to Google Apps. Non-registered access from out side of the network is prohibited.

POP and IMAP clients inside company intranet are allowed to connect to Google Apps to send and receive email. Clients outside of the network are prohibited from accessing Google Apps.

By synchronizing with the Active Directory (LDAP) server that an enterprise have already adopted, the user ID and password stored on AD can be used to login Google Apps. The AD accounts and Google Accounts can also be synchronized by Cloud Gate SSO server so that there no need for duplicated account for each single user.

• Any changes made by the administrator on Active Directory will be synchronized onto Cloud Gate SSO server automatically.
• Users can always use the updated ID & Passwords to login Google Apps.

Customers who are using Google Apps Premier Edition Mail Archiving service and Postini paid Edition can now also utilize our system to synchronize Active Directory account and Postini account. With the use of account synchronization, end users do not have to login again onto Postini Archiving Option. There is no duplicated account management on Google Apps and Postini, which saves IT administrators a lot of management work.

Cloud Gate SSO solution is built on the SSO server that utilize the standard single sign-on protocol, SAML (Security Assertion Markup Language), which would take over the authentication entrustment from Google Apps and build up the authentication communication between SSO server and LDAP server.
The XML document exchanged by the SAML protocol between Google Apps and SSO server is ensured with digital signature, SSL communication certification and MD5 data hash check. (The digital signature encryption algorithm is using the extremely strong 1024bit public key)
By generating the public key (authentication file) on Cloud Gate SSO server and uploading via Google Apps management dashboard, sing sign on mechanism gets established.

Users who use systems including Google Apps will get a login form from SSO server to fill in their ID and Password. SSO server then passover the login form to authentication server such as LDAP server to get the user authenticated, finally redirect the authentication result to Google Apps.
After checking the digital signature and validity of authentication result and confirming the positive result of authentication, Google Apps will recognize the login session and user can start to use Google Apps.
When the login succeed, the whole session gets authenticated, end user will not be redirect to SSO server within this session, no matter which Google Apps service they use.

Single Sign on activity can also unlock the users to not only Google Apps, but also other supported service including SaleForce using the same user account.
With all the user accounts managed within company intranet and all the authentication communication limited between Active Directory and Cloud Gate SSO, with the security environment been well kept, with all the user activity logged and stored inside, enterprise users can enjoy clouded services without any security apprehension.