Secure SSO for cloud access using existing on-premise Active Directory identities

single sign on userlock

UserLock provides secure single sign-on (SSO) for existing on-premises Active Directory (AD) identities, extending access protection to the cloud. Combined with enhanced multi-factor authentication (MFA) and remote access controls, UserLock offers comprehensive access security – protecting network, remote and cloud access, from anywhere.

  • Optimal security and simplicity: Userlock’s secure SSO retains the on-premises Active Directory as the authoritative user directory for access to Microsoft 365 and cloud applications. And, you can rest easy with the ability to deploy SSO backup servers and automatic SSO certificate rollover.
  • Enhanced access protection: UserLock’s granular multi-factor authentication (MFA) and contextual restrictions protect SSO access without unnecessarily impeding employees.
  • Easy app integration: UserLock SSO is pre-configured to support widely-used cloud apps, and offers the ability to configure non-supported SaaS apps using SAML protocol.
  • More secure remote access: New MFA enhancements further protect remote access and help organizations scale MFA across all employees.

Today’s modern hybrid organization relies on Active Directory and the cloud to do business. And with the skyrocketing demand for remote work, IT teams need to streamline access to both the corporate network and cloud applications from wherever employees work.

“This change in user access requirements creates new security risks that can often lead organizations to adopt either complex, costly or disruptive changes,” said François Amigorena, President & CEO of IS Decisions.

With UserLock, organizations can benefit from an easy-to-use, non-disruptive and affordable SSO solution that builds on their existing investment in Active Directory to effectively secure employee access to both the corporate network and multiple cloud applications.”

On-Site federated authentication for secure SSO

Installed in minutes on a standard Windows server, UserLock SSO supports SAML 2.0 protocol to enable federated authentication of cloud applications. Each user needs to log in only once with their existing AD credentials (and a second factor if MFA is required), to seamlessly access all cloud resources.

  • Maintain secure on site authentication, even for remote access
  • Enforce accounts, services, roles and group policies
  • Keep existing directory, no need to create and manage a new directory for user ID’s
  • Retain existing access to resources and applications hosted locally, no need for changes or provisioning

Granular MFA that’s scalable across all users

With UserLock, administrators can define how frequently and under what circumstances to request MFA. MFA is an essential control to establish trust in the user’s identity and reduce account takeover (ATO) risks, and granular controls allow IT leaders to avoid frustrating users with MFA prompts more frequently than necessary.

UserLock helps organizations scale this granular MFA across all users, with the ability to:

  • Enable MFA on more connections: UserLock already makes it easy to enable MFA for Windows logon, RDP, RD Gateway, and VPN connections. It also supports MFA for VPN connections with RADIUS Challenge and Microsoft IIS Sessions – with protection for a single web application such as Outlook on the Web, RD Web Access, or an entire intranet site.
  • Enable MFA in more conditions: To further protect remote users, UserLock’s web application, UserLock Anywhere, can prompt MFA on remote machines if VPN connections to the network fail, or if the employee connects remotely without domain access.
  • Choose between more authentication methods: UserLock supports authentication with YubiKey FIPS and Token2 ALU, AZ, and NFC. It’s also possible to now add an alternative method of second-factor authentication (2FA), such as a YubiKey alongside an authentication app. Administrators can also choose to have MFA backup codes for MFA recovery displayed when a user enrolls.


Learn More:

Download a UserLock Trial – Fully Functional & Free for 30 Days

Read More About Single Sign-On Security Issues for Active Directory


Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.