Cloud Protector Setup
Introduction
2 min
keystrike cloud protector includes two main components a local proxy installed on employee workstations, and a central idp proxy that manages the organization's identity provider (idp) single sign on (sso) requests web traffic from an employee's workstation can be categorized into one of three types, each handled differently a non sso traffic b sso device bound usage c sso full session protection a non sso traffic w ebsites that do not require sso authentication are unaffected as they are not routed through the local proxy b sso device bound usage for sso enabled applications that are not within the set of webapps having full session protection, authentication requests are routed through the local proxy and idp proxy before reaching the idp this ensures that all sso web applications benefit from added security, as the authentication is tied to both the user and the device —making stolen authentication cookies or tokens unusable outside that context once authentication is complete, subsequent traffic to the web application bypasses the local proxy protection level defends against credential theft and prevents authentication or session reuse from unauthorized devices c sso full session protection for sensitive or high value saas applications, keystrike provides continuous session enforcement in addition to device binding the authentication all subsequent traffic is routed through the local proxy each request is checked for recent user input (keyboard, mouse) in addition to device integrity if the user becomes inactive or the device fails validation, access is immediately blocked this ensures that only an active, authorized user on a trusted device can maintain a session protection level prevents idle device abuse, session hijacking, and unauthorized session continuation