In my last blog post I showed some screenshots of how our Centrify for Samsung KNOX solution already supports the recently announced Galaxy Note 3, which is not yet out until the end of the month. Well this week at the IFA show in Berlin —a large consumer and mobile trade event — not only did Samsung announce their smartwatch (the Galaxy Gear), their new version of their “phablet” smartphone (the Galaxy Note 3, which I blogged about in my last blog post), but they also announced an update to their tablet (the Galaxy Note 10) that will also be available at the end of September. Well at the IFA show we also got our hands on a Galaxy Note 10 and we had no problems getting it up and installed with Centrify. Let’s see it in action via some photos!
[For those who don’t know what Samsung KNOX is about, I urge your watch this YouTube video entitled “Introduction to Samsung KNOX.”]
Here’s the new Galaxy 10 and a screenshot of the contents of the KNOX container. Note how the apps have the lock in the lower right corner.
You may remember from prior blog posts or by watching that YouTube video mentioned above that the KNOX container provides the ability to separate work and play, ie your business apps such as Box or Evernote are secure in this container, and you can toggle between your personal home (where your personal apps, music, videos, games, etc. reside) and the KNOX business home.
By the way, to show that this Galaxy 10 tablet is in fact running KNOX, here is a screenshot of the KNOX “splash screen.”
Now back to inside the KNOX container. You will see the Centrify for KNOX app as shown by this icon below.
So if user were to simply click and launch that app they would see their apps that IT has set up to let them authenticate to as shown below.
Or if the user click on a rich app such as Box that supports the Centrify Mobile Authentication Services SDK …
Then our solution also silently authenticates the user into his Box stuff as shown here.
Because there is in fact no entering of passwords, we call this “Zero Sign-on“.
Aha you say to me, but I get one click access today to apps such as Box etc. so why do I need this Centrify and Samsung KNOX thingy for SSO? Yes, users do have a poor man’s SSO for any app in that the application can cache the credentials and use those credentials in the future until the account is locked or removed. But the user may still have a multitude of passwords for the different applications that he is using, or worse yet, he may use the same password for apps with critical data as is used for social apps thus compromising the app with sensitive data when a breach of any other app’s password database occurs. Hence the beauty of using protocols such as SAML and Centrify’s implementation of it to have Active Directory (via the Centrify Cloud Service) be the place where authentication occurs and the master password.
In addition, Centrify in effect solves the password problem permanently, regardless of the refresh cycle IT has established for passwords. Our goal is not to cache credentials like a simple password wallet, but to eliminate passwords entirely and all of the inherent security risks, frustrations and inconveniences magnified on the mobile platform that are associated with their use.
Finally, even if you did have a password wallet on your phone for a particular app, isn’t it not better to have that app inside a password protected container, so even if you lost your device, the person who now has your phone can’t get into that password walleted app as it is not resides in a secure container.
Anyway, a little food for thought. For more information, see this video on Centrify mobile single sign-on and Samsung KNOX.