member sign-in
Forgot password? Create new account Close

Enterprise Single Sign On

Definition

Enterprise Single Sign On is a technology developed to ease access to systems providing subsequent and automatic authentication when accessing once the product, without bringing any modifications to the target systems. Enterprise Single Sign On technology also handles password change requests from target systems, support post sign on automation for additional tasks and provide functionality for systems that use Windows, network, Web and terminal client interfaces.

User Benefits

Enterprise Single Sign On satisfies the need for shared workstation support and helps reduce help desk costs. It also helps sustain a large number of user IDs and passwords for a given period of time.

The enterprise creates a password formation rule policy that applies to all targeted systems making password creation and change processes familiar to users.

Password management includes self-service password reset. It also provides password synchronization which can reduce the number of passwords that a user must remember for the target systems to one.

Passwords can be eliminated for any target system that has the authentication technology integrated such as application authentication using Active Directory or Lightweight Directory Access Protocol (LDAP).

Web SSO with Web access management (WAM) tools provide authentication, generally to Web applications only. WAM tools are used inside the enterprise as an SSO integration tool for Web applications on disparate platforms, or as externally facing tools to enable external users to have SSO to enterprise applications.

Business Impact

ESSO technology acts like a proxy between client devices and target systems. ESSO products provide various mechanisms to sense sign-on, user ID, password and password change requests for different target systems, and they process the needed data to the targets. Applications may be time consuming and sometimes difficult to integrate and implement due to custom coding products or new releases of specific applications or operating systems.  Therefore, when updating systems, enterprises must incorporate ESSO testing into the change management process.

The technology has to be able to create sign-on automation and provide a graphical wizard that helps administrators teach the product to recognize various sign on, password change and sign off events.

ESSO vendors may provide a platform for the following additional features:

  • the ability to limit access by workstation address
  • the ability to force a sign-off from workstation if a user walks away
  • detailed administration and delegation
  • web interface for administration
  • user-provisioning connectors

Some implementations specify the customer to implement needed resiliency on its own – for example, by using redundant server configurations.  This technology can offer many choices for integrating alternative authentication methods, such as fingerprint biometric technologies, proximity badges, one-time password (OTP) tokens and smart cards. All products must provide tools that log key events to be used in auditing except enterprises that have a central audit and reporting repository that are less likely to be concerned with ESSO products that lack reporting capabilities.


Products supporting this technology

Gemalto Imprivata

Today, companies of all types and sizes are deploying Strong Authentication inside the corporate firewall, enterprise-wide or even within applications, considering it an essential part of data security best practices. Moreover it must be said that most regulatory bodies are mandating it. At the same time, Strong Authentication technologies have become more practical, affordable, easy, and flexible to implement. As demand for Strong Authentication has grown, so have the number and variety of commercially-available forms of Strong Authentication devices that organizations can deploy.

More organizations are now moving from traditional distributed PC-oriented environments to the use of virtual servers and virtual desktops that can be accessed from almost anywhere. It is best practice to use strong authentication to guarantee the identity of these remote users working offsite.

The proliferation of application passwords in recent years has negatively affected productivity and data security in many organizations. Users have difficulty remembering multiple complex passwords and resort to either writing them down where they can be stolen, or calling IT helpdesks for frequent password resets. By deploying Strong Authentication, organizations can eliminate the need for users to deal with passwords entirely. This permanently solves a common user complaint while reducing resource requirements at IT help­desks and strengthening security, enterprise-wide.

Strong au­thentication with the proper management, tracking and reporting functionality provides demonstrable compliance in the form of audit logs that record all relevant access activity.

It’s important to know that a Strong Authentication solution can provide even greater value by acting as a platform for deploying additional capabilities across organizations to further strengthen security, satisfy related user needs, and reduce costs.

Single Sign-On enables user community to logon to the network and sign on to all the applications they are authorized to use on a daily basis by using a single strong password. Single Sign-On relieves users of the burden of memorizing multiple passwords, increases productivity and lowers resource costs by reducing the number of password reset calls to helpdesks. Users no longer resort to write down passwords mitigating the risk of being stolen and used by unauthorized people.

Combining Strong Authentication with Single Sign-On technology gives organization proven security benefits and enforce strong security policies enterprise-wide while increasing user satisfaction and requiring no changes to user workflow or behavior.

In most organizations, physical security (physical access to buildings and work areas) and logical security (access to IT resources) are separate realms. This lack of integration between physical and logical security systems creates gaps that can be exploited and prevents centralized management and control of overall security. An integrated physical/logical security solution makes it possible to link both security environments, synchronize control and response.

Implementing a solution by combining Single Sign On and Strong Authentication technologies a company can easily and effectively choose the right solution to employ security measures highly recommended by regulatory bodies, governmental commissions and industry analysts no matter how large or geographically dispersed is the company.

  • manufacturer