If you have newly installed or updated your LRS products in the last two years, you are likely familiar with something called the LRS Gateway. This versatile infrastructure component plays a critical role in securing output environments by performing user authentication tasks for resources both inside and outside your organization’s network.
LRS Gateway has evolved to work with nearly any authentication authority, including LDAP, Active Directory, AzureAD, Ping, Okta and many others that now support the Open ID Connect (OIDC) standard. If you’re even remotely interested in security, like me, this is a big deal. Remember the old days when each separate web-based system came required its own LogonID, password, and authentication mechanism? OpenID, and especially OIDC, make this a thing of the past.
On the other hand, if you’re an average user, there’s probably only one question on your mind: “So What?”
To answer that question, let’s start with some basics about LRS Gateway and authentication with OIDC. From there, we can see what LRS Gateway authentication means for you.
LRS Gateway is the main way to interact and authenticate with many of our output management products. It acts as a connector to the authentication provider (LDAP, AD, Okta, etc.) and becomes its own OIDC provider. Since LRS products don’t know about resources outside of their own realm, LRS Gateway is essentially a “gateway” to other realms. Pretty straightforward right?
Now let’s move on to authentication. OIDC is the latest way to allow combined access to a wide range of domains within an organization. OIDC also allows applications to redirect authentication directly to the OIDC authentication server instead of handling authentication on their own. First, a user authenticates on an application connected to an OIDC provider. If that authentication is successful, the application is given a token that allows itself to act on behalf of that user for an amount of time without constant check-ups from the authentication server.
Think of it as an arcade. You have an arcade token, and you want to play a game. You insert that token into one of the arcade cabinets and once it recognizes a token has been inserted, you are now recognized as Player 1, free to play the game. If the machine does not recognize this as a valid token for that specific arcade, you will not be able to play.
You may still be asking the same question: “So What?” Well, this is big for everybody in a given organization, but it won’t feel that big at first. You’ll still be able to perform the same document-related actions you’ve been already been doing: printing, scanning, pull printing, etc. But you’ll be able to do them in more than one place using the same authentication method. Whether you’re working in the office, from home, from a remote office – wherever – the experience is both seamless and secure. An average user won’t even notice that Gateway is behind the scenes creating a secure pipeline between applications and OIDC. Which is exactly the point.
We can’t tell you every way this will affect you, but we know it’s going to be the future of security. It will be especially useful for a major innovation we will soon be announcing in an upcoming post on this Blog. One thing is for certain: everything is connected and secure with LRS Gateway.