Secure SSO for Cloud Applications using existing on premise Active Directory Identities

single sign on userlock

The new release of UserLock 11 provides existing on-premise Active Directory (AD) Identities with secure Single Sign-On (SSO) access to both the corporate network and multiple cloud applications, from wherever they are working. In combination with Multi-Factor Authentication (MFA) it enables on-premise AD identities to securely access Microsoft 365 and other leading cloud applications.

  • For maximum security and ease, Userlock SSO maintains Windows Server Active Directory as the authoritative user directory and extends it to work with the cloud.
  • Given the increased vulnerability of corporate passwords for all organizations, UserLock’s granular Multifactor Authentication (MFA) provides the SSO protection you need without unnecessarily impeding employees.
  • New MFA enhancements have been added to help organizations scale MFA across all employees.


Today’s modern hybrid organization relies on Active Directory and the cloud to operate. With the demand for remote work at an unprecedented scale, IT teams need to streamline access to both the corporate network and cloud application from wherever employees are working.

This change in user access requirements creates new security risks that can often lead organizations to adopt either complex, costly or disruptive changes.” said François Amigorena, President & CEO of IS Decisions.

With UserLock, organizations can benefit from an easy-to-use, non-disruptive and affordable SSO solution that leverage’s their existing investment in Active Directory to effectively secure employees access to both the corporate network and multiple cloud applications.”

On-site Federated Authentication

Installed in minutes on a standard Windows server, UserLock SSO supports SAML 2.0 protocol to enable federated authentication of cloud applications. Each user needs to log in only once with their existing AD credentials (and a second factor if required), to seamlessly access all cloud resources.

  • Secure on site authentication is retained, even for remote access
  • Accounts, services, roles and group policies continue to be enforced
  • No need to create and manage a new directory for user ID’s
  • No change or provisioning needed for existing access to resources and applications hosted locally

Granular MFA that can be scaled across all users

With UserLock, administrators can define under what circumstances and with what frequency MFA is requested. MFA is an essential control to establish trust in the user’s identity and reduce account takeover (ATO) risks but it must also have the granularity to avoid the user being prompted for MFA every time they log in or access a cloud application.

New enhancements have been added to help organizations scale this granular MFA across all users:

  • Enable MFA on more connections

UserLock already makes it easy to enable MFA for Windows logon, RDP, RD Gateway, and VPN connections. MFA is now supported for VPN connections with RADIUS Challenge and Microsoft IIS Sessions – to protect a single web application such as Outlook on the Web, RD Web Access, or an entire intranet site.

  • Enable MFA in more conditions

To further protect remote users, MFA can now still be prompted on remote machines if VPN connections to the network fail with the introduction of a new web application ‘UserLock Anywhere’.

  • More authentication methods

New hardware-based YubiKey FIPS and Token2 ALU, AZ, NFC and Bio, are now all supported. For all users, administrators can now also add an alternative method of second-factor authentication, such as a YubiKey alongside a mobile app. Administrators can also choose to have MFA backup codes displayed when a user enrolls, for MFA recovery.


UserLock’s Single Sign-On and Multi-Factor Authentication enhancements are now available with the release of UserLock 11.

Supporting Resources:

Fully functional free UserLock trial

What’s New for UserLock 11

More about Single Sign-On Security Issues for Active Directory


Share this post :


Chris is Directeur Général Adjoint of IS Decisions. IS Decisions software offers organizations proven and effective solutions to help protect a Windows Active Directory Network against external attacks and the insider threat.

Secured By miniOrange