<img alt="" src="https://secure.hook6vein.com/218483.png" style="display:none;">

BIO-key Blog

Read below for news, insights, and discussion on identity and access management.

Securing PeopleSoft Access – Don't Leave it Out of Your IAM Strategy

by BIO-key Team

Secure access needs to be given to all applications, regardless of the type of application it is and where it is located – on-premises or in the cloud. However, the larger and more critical the application is, the more complicated and challenging it can become to secure access to it.  

One of those complex applications, that is essential to business operations is Oracle PeopleSoftTM, which poses a huge cybersecurity challenge with vast amounts of sensitive data and high volumes of access that need to be authorized. Not to mention it has traditionally been an on-premises application, and now some organizations are taking the steps to move it to the cloud. 

To make matters more complicated, remote access to PeopleSoft quickly moved from “want to have” to “need to have”, creating a mixture of complexity and liability that can leave enterprise IT organizations facing many challenges to secure access for a remote workforce and customers, students, partners and others outside their organization.  

So how do you make sure PeopleSoft isn’t isolated from your enterprise identity and access management (IAM) strategy? 

PeopleSoft Authentication is Complex 

Enabling the PeopleSoft authentication process can be a challenge because typical PeopleSoft environments, along with their IAM requirements are very complex. Different groups of users (full-time employees, students, retirees, staff, contingent works, applicants, etc.) scattered across multiple identity providers (IdP), require different levels of access to PeopleSoft, creating a complex structure of roles and access controls that need to be established.  

Also, once a user has been authenticated to PeopleSoft, that doesn’t necessarily mean they are authorized to access all the data and applications within it. Being able to secure access inside PeopleSoft, to both data and different areas of the application is often a requirement, that feels unobtainable with any standard IAM strategy approach.

No SAML Support Creates an Isolated Application 

In addition, PeopleSoft is an older application, with its founding dating back to the late 1980s. Although it has been modernized over time, it still has legacy elements that can make it difficult to integrate into modern IAM solutions and support things like multi-factor authentication (MFA) and single sign-on (SSO). For example, PeopleSoft does not natively communicate with SAML/ADFS – which means that PeopleSoft is forced to remain isolated from your enterprise IAM strategy. 

At this point in the PeopleSoft authentication conundrum, organizations would be forced to have a separate IdP(s) for PeopleSoft, along with an extensive series of customizations and servers to operate the whole process. All of this means the PeopleSoft authentication process is out-of-band, prone to errors, a security liability, and requires constant maintenance. Sadly, many PeopleSoft customers have migrated away solely because managing identity and access presented too many challenges. 

Customizing PeopleSoft Authentication Causes User Friction While Being a Security Liability 

So, let’s say you decide to undergo countless hours of custom development, add the additional servers, and try to enable the PeopleSoft authentication process alone. Whether you’re talking about MFA or just using a password, you are almost 100% guaranteed to receive negative feedback from users. 

Why? Because the PeopleSoft authentication plan above does not take user experience into account. Users will not be able to bypass the PeopleSoft log in screen via SSO, and their MFA challenges will quickly become an annoyance, not to mention the extra password to remember. The custom code used for the project is typically cut and paste from other sources that hackers can reverse engineer, potentially exploiting loopholes to gain unauthorized access.  All work for no reward! 

So the question remains, how do you secure access to PeopleSoft and eliminate the extra credential that users would be forced to manage? 

Go Beyond Obvious IAM Options & Look for Flexibility 

When securing access to PeopleSoft, or any complex business application, it is important to do three things:

  1. Look for a high level of flexibility in any IAM solution you are considering to make sure it can accommodate the complexity of your environment
  2. Look beyond the obvious IAM choices that are often thought of when implementing MFA and SSO to increase security and convenience at the same time
  3. Don’t go it alone – find a provider who is familiar with PeopleSoft and knows how to seamlessly integrate any IAM solution into it. 

First, having the wrong IAM solution can quickly limit your ability to secure access for all PeopleSoft users. It is important to look for flexible options, especially for MFA, that can provide a different experience for each user to accommodate their needs and the level of ability they have to complete the authentication. This is also important when supporting remote workers and customers. Their needs are unique and more challenging as they are often in isolation, away from the IT team, performing the authentication on their own.  

Second, looking beyond the obvious options can open up more possibilities for the IT team and users. For example, many organizations know it is important to implement MFA. Going beyond that obvious step and bringing in a more advanced authentication approach such as Contextual Authentication is when organizations can elevate and streamline their MFA implementation. Another step you should take is to also look at additional authentication methods, namely biometrics, which has proven to be the most secure and convenient method for users, and the only way to positively identify the individual gaining access to PeopleSoft.  

Finally, you don’t want to spend the countless hours of custom development as mentioned above. Custom development can often be a security risk and difficult to maintain. It’s best to look for a provider who is able to “productize” your IAM solution into PeopleSoft, making it part of the application and easy to support. This means enabling protocols such as SAML for SSO so that PeopleSoft becomes an integrated part of your enterprise IAM strategy. 

Securing Access to PeopleSoft Requires Modern IAM 

Complex applications, like PeopleSoft, are here to stay. Running much of a business’s operations and holding some of its most sensitive data, access to it must be secure. However, that’s easier said than done as a high volume of users, from anywhere and on any device require access to it. Without the right approach or solution PeopleSoft can quickly become isolated from your enterprise IAM strategy and frustrate users as they are presented with an additional log in prompt to gain access.  

It is important to modernize your IAM and secure access to PeopleSoft by finding a solution with a high level of flexibility, choices that go beyond the obvious ones, and a professional team with the skill set to seamlessly integrate it.  

Modernizing PeopleSoft IAM: How to Avoid Unwanted Costs and Users Frustrations 

In this on-demand webinar you will hear about options you may not have considered for securing access to PeopleSoft, like multi-factor authentication, biometric, and single sign-on, that increase user adoption as well as cut back on costs. 

modernizing peoplesoft IAM webinar graphicWatch now


BIO-key Team

Author: BIO-key Team

Subscribe to the BIO-key blog!

Recent Posts