{"id":4220,"date":"2021-01-05T13:16:43","date_gmt":"2021-01-05T18:16:43","guid":{"rendered":"https:\/\/www.exchangedefender.com\/blog\/?p=4220"},"modified":"2021-01-05T13:18:25","modified_gmt":"2021-01-05T18:18:25","slug":"exchangedefender-oauth-implementation","status":"publish","type":"post","link":"https:\/\/www.exchangedefender.com\/blog\/2021\/01\/exchangedefender-oauth-implementation\/","title":{"rendered":"ExchangeDefender OAuth Implementation"},"content":{"rendered":"\n<div style=\"height:34px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/Copy-of-Untitled-18-1024x536.png\" alt=\"\" class=\"wp-image-4226\" width=\"779\" height=\"406\"\/><\/figure><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>ExchangeDefender is starting 2021 with a subtle yet huge change in the way our applications and services interact on the backend \u2013 we have fully implemented OAuth. OAuth is a popular <a href=\"https:\/\/www.youtube.com\/watch?v=BNEoKexlmA4\">authentication \/ login framework<\/a>\u00a0that uses authorization tokens instead of passwords to grant you access to different\/unrelated services.  <\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>What this means in practical terms is that once you login to ExchangeDefender, you will be authorized to access all of the applications you have access to without logging in again and again as you hop from your SPAM Quarantine to your Password Vault to Wrkoo Invoices or ExchangeDefender support.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>It also means you are now able to use authenticator apps from Google, Microsoft, as well as SMS. We are already working on Microsoft Authenticator, and for users that don\u2019t trust big tech, Authy. &nbsp;<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">What will it look like?<\/h3>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Deployment of OAuth is completely transparent to the user and their login experience will not change. We are currently running OAuth in an open beta with our larger MSPs and enterprise customers and the login screen looks like this:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image.png\" alt=\"\" class=\"wp-image-4221\" width=\"840\" height=\"419\" srcset=\"https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image.png 623w, https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image-300x150.png 300w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>After you login with your username and password, you will be taken to our OAuth enrollment screen where you will be prompted for your password again (<em>or prompted to reset it, if it\u2019s older than 90 days<\/em>). <\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image-1.png\" alt=\"\" class=\"wp-image-4222\" width=\"844\" height=\"473\" srcset=\"https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image-1.png 623w, https:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2021\/01\/image-1-300x169.png 300w\" sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/figure><\/div>\n\n\n\n<p>That\u2019s all. You\u2019ll be enrolled in OAuth and from that point\non your access to all our sites and services will be handled with\nauthentication tokens instead of passwords.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>After you\u2019re authenticated, your avatar in the upper right hand side will feature shortcuts to the rest of the ExchangeDefender\/Wrkoo\/Own Web Now sites you have access to and they\u2019ll be just a click away. This implementation will help us streamline access to all of the services the user is authorized to access, making it much easier to access all the services without dealing with multiple portals, sites, and login&nbsp; credentials.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>P.S.<\/strong> I have blogged repeatedly imploring our partners and clients to adopt better password policies and two-factor authentication. Truth is, no matter how amazing and unique your password is, it\u2019s passing through series of potentially compromised routers and networks. Even though ExchangeDefender offers free 2FA, OTP, and requires strong passwords with option to automatically expire them \u2013 the adoption rate is still under 10%. <\/p>\n","protected":false},"excerpt":{"rendered":"<p> [&hellip;]<\/p>\n","protected":false},"author":50,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,46],"tags":[],"class_list":["post-4220","post","type-post","status-publish","format-standard","hentry","category-uncategorized","category-product-features"],"_links":{"self":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/4220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/comments?post=4220"}],"version-history":[{"count":10,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/4220\/revisions"}],"predecessor-version":[{"id":4233,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/4220\/revisions\/4233"}],"wp:attachment":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/media?parent=4220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/categories?post=4220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/tags?post=4220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}