Secure Access for Third-Parties and Temporary Users

# Secure Access for Third-Parties and Temporary Users

The Importance of Securing Third-Party Access

In today’s interconnected business environment, collaboration with external parties such as vendors, contractors, partners, and suppliers is the norm. These collaborations often necessitate granting third parties with access to internal systems, networks, or data. However, every access point can be a potential vulnerability to IT administrators, and securing access for third party and temporary users is crucial to protect sensitive information.

Tackling the Unique Challenges of Third-Party Access

As IT administrators, you face distinctive challenges when managing third-party access and opening up your internal systems and resources to these external parties. Here’s a breakdown for those on the frontline of tech implementation:

• Limited Scope and Duration: Unlike regular employees, third-parties often need access for a limited duration or specific tasks. This requires granular control, meaning you have to be on top of who can access what resources, and for how long.
• Varied Identities: With a range of external entities including vendors, contractors, partners, and suppliers, each has unique access needs. Your system needs to adapt to these requirements efficiently, which requires flexibility and scalability.
• Revolving Access: Efficient processes for onboarding and offboarding are essential to ensure third parties only have access for as long as they genuinely need it.
• Auditing and Monitoring: Keeping an eye on third-party activities can be the difference between a secure system and a costly data breach. Regular audits improve oversight and promote accountability and compliance.
• Enabling Third-Party Access at the Speed of Your Business

Third-party access management demands a dynamic and adaptive approach that accounts for the unique risks, identities, and requirements that external entities bring. However, existing IT tools and approaches are cumbersome and lack security controls. Splashtop Secure Workspace (SSW) provides a unique solution to enable third-party access with a few clicks, making the lives of IT administrators easier by dramatically cutting down the onboarding and offboarding time, and simplifying real-time monitoring and comprehensive security controls.

On-Demand Onboarding

Many companies work with external IT support to handle technical issues or conduct maintenance on their internal systems and servers. For controlled access, it’s not uncommon to connect with external IT personnel through a Remote Desktop Protocol (RDP) server. Achieving this often involves several steps including setting up a dedicated RDP server, creating user accounts for authorized external IT, establishing a virtual private network (VPN), setting permissions for limited privileges and access rights to ensure they can only perform necessary tasks, and making sure the access is revoked when the tasks are completed. This process can be cumbersome and time consuming to complete.

With Splashtop Secure Workspace, this onboarding process is as simple as sending the third-party user a secure link.

Step 1: Accessing Application Sharing

1. Log in to your Splashtop Secure Workspace super admin account or org admin account using your credentials.
2. Once logged in, navigate to the Applications menu.
3. Select the Applications page to view the list of private applications.

Step 2: Initiating Application Sharing

1. In the Actions column of the desired private application, click on the ... button.
2. From the dropdown menu, select Share to start the application sharing process.

Step 3: Configuring Sharing Details

1. In the application sharing configuration, you will see the following options to input:
   • Public Title: By default, the application's display name will be used as the public title.
   • Allowed Usage: Specify the maximum number of times this sharing can be used.
   • Valid Till (optional): Set an expiration date for the sharing. If not set, the sharing will never expire.
   • Account (optional): Choose the Dynamic Credentials attached to this application for the sharing.
   • Passphrase (optional): Set a passphrase that will be required to use this sharing.
   • Passphrase (repeat): Enter the passphrase again to confirm.
   • Sharing Note (optional): Add any additional notes or instructions for the sharing.
2. After configuring the sharing details, click on the Save button to create the application sharing.

Onboarding with SSO

Integrating access tools with existing systems is crucial for streamlined workflows. Splashtop Secure Workspace seamlessly integrates with Single-Sign-On (SSO) solutions such as Microsoft Azure Active Directory (now Entra ID), Okta, or GitHub. This means users can authenticate with their SSO identity while preserving the convenient browser-based access. For example, a company can onboard a contractor for a software development project via their GitHub account by taking the following steps:

1. Configure GitHub as an identity provider on Splashtop Secure Workspace (SSW)
2. Register SSW as an OAuth app on GitHub. On GitHub, go to Settings → Developer settings → OAuth Apps → Register a new OAuth application and follow the OAuth app registration instructions
3. Create "Contractors" group, add user, and assign appropriate privilege for access. Refer to the add private application documentation page for detailed instructions.
4. Now the contractor can log in with GitHub credentials from the organization SSW page (https://ORG.us.ssw.splashtop.com/) and access the SSH application using assigned secrets, all without exposing the SSH credentials.

Conclusion

Splashtop Secure Workspace is more than just a tool. It’s a solution tailored for IT administrators who need to balance security with efficiency and convenience, whether setting a person up for ad-hoc or long-term access needs.