Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Forward Proxy

Forward Proxy solution provides additional security to the user's devices as it does not allow direct access to the internet and the proxy server can block the bad actors immediately.

Try Cloud Try On-Premise Request a Demo
Single Sign-On (SSO) Login - what is it and how it works



What is Forward Proxy?

A Forward Proxy (commonly referred to as a proxy) acts like a middleman between the internet and the user device. All requests from the user’s device will be going through the proxy server and will be filtered based on the rules defined by the system administrators or the operations team. This way all traffic of the organization can be made to go through a proxy server. This means all access to internal resources like servers, and even external resources and sites can be protected, restricted, and monitored based on different access levels.




Popular Use Cases





Blocking personal Gmail/outlook/yahoo accounts while using office laptops


miniOrange supports blocking personal emails by blocking them at the time of authentication into those services. This is a much-required functionality to achieve ZTNA ( Zero Trust Network Access). This gives any organization an additional layer of security by preventing users from sending any personal/non-shareable data via their personal emails.


MFA Methods SMS and phone verification flow




Multi-Factor Authentication flow for authenticator applications



Protecting access to servers/resources/databases

There are a lot of resources that companies want to protect behind a proxy server. This is basically required to protect the resources behind an IP address and put restrictions so that it can not be accessed without proper authorization. This allows organizations to have IP restrictions on top of their resources. Usually, organizations have critical resources like microservices, servers, databases, etc. These services perform critical operations like database service, license management service, etc. An additional layer of protection based on the user role is required. For example, Database admins should have written permission for the database and other users should have only read access. This is completely possible with a proxy server and the network administrators can manage the user access as per their role






Protecting reports/sheets/documents

This is also a popular use case where organizations want to protect their data studio reports or sheets or documents by adding an additional layer of security. The reports should only be accessed based on defined user roles. As these reports contain critical information about the organization, administrators want to tighten up the security by adding a second-factor authentication layer. All of the above is possible using a proxy server

MFA Methods miniOrange Authenticator flow





Email verification flow for MFA



Blocking bad actors and websites within the office network

A popular use case of blocking the employees to access a particular set of websites can be achieved with a proxy server. As all the systems in the network are connected to a central server, this centralized server can check the user request and can validate if the user is trying to access any blocked domain. The list of blocked domains can be maintained by a network administrator. Bad actors are those who are violating the security policy of an organization. It can be a user, web server, router, etc. A proxy server can help an organization block those bad actors.








Anonymizing users

Proxy servers are also used for keeping your users secure by blocking their direct contact with the internet. As all the requests are going via a proxy no services on the internet can identify the user making them anonymous. This is like using a VPN that users tend to use to connect to the internet

Hardware Token MFA Method flow




Security Questions method flow for Multi-Factor Authentication




Adding Standard SSO Protocol


Proxy is widely used for adding single sign-on for applications that do not support any standard SSO protocol like SAML, OAuth, or OpenID by default. It can also be used to support SSO for older versions of the applications or applications that have the SSO feature behind a paywall. miniOrange proxy can be very helpful in these cases where the application lacks support for any SSO protocol for user authentication or authorization. For example, adding SSO support for Hubspot's basic plan which only supports SSO in the Enterprise Plan. miniOranage supports a huge list of such applications and supports all the standard SSO protocols like SAML, Oauth, JWT, WS-Fed, etc. miniOrange can also be used to authenticate users from an external directory like Okta, or AD,to log into your applications








How does forward proxy work?

SSO being an Identity and Access Management (IAM) authentication service allows apps (even third-party) to confirm user identity. Identity standards like SAML, OAuth, and OpenID Connect allow encrypted tokens to be transmitted securely between the server and the apps to ensure that a user has already been authenticated and has rights to access the apps.


Single Sign-On (SSO) workflow

  • The proxy server serves all the user's requests to the internet on behalf of the user and sends the given response back to the same user.
  • This way all the data goes through that proxy server. User’s devices are connected to the internet via the proxy server which means that the server gets all the requests generated or requested by the user’s device.
  • Once the requests reach the proxy server, the proxy server applies a few rules which are defined by the organization’s admins.
  • These rules can be anything like blocking a few websites, checking the user’s current IP address, blocking personal email addresses, restricting access to resources, protecting sensitive information, etc.
  • Once the forward proxy checks all the rules, the proxy will block or allow the user’s request as per the organization’s rules. Suppose the request is allowed, then the request will be forwarded to the desired destination from the proxy
  • The destination can be an on-premise service of the organization or it can be a cloud service as well. Once the request reaches the destination service, a response will be formed and sent back to the proxy server.
  • The proxy server can do further verification at this point like filtering malicious responses, etc. It can also pass the response through some other filters (set by the admins) and at last if all the checks pass the response is sent back to the user device.







Want To Schedule A Demo?

Request a Demo
  


Our Other Identity & Access Management Products