Single Sign-on Solutions
In the ideal world, all business applications would use a centralised authorisation and authentication store. Unfortunately we do not live in an ideal world, and most organisations, even large mature enterprises, lack a coherent authentication strategy or a solid authentication framework.
Authentication is a complex problem. Portals need to authenticate users to back-end data sources and applications, yet these applications may each have different underlying security infrastructures requiring users to remember an increasing number of credentials, both usernames and passwords, to access core business applications they use every day.
As we known, human error is a major component of systems failure and therefore, reducing the password burden for users, sometimes called ‘password fatigue’, is highly attractive. Many businesses are moving forward with password reduction initiatives, trying where possible to leverage centralised authentication mechanisms such as Kerberos, but in most cases, this is aspirational and road mapped, with problems ever present.
Single sign on products can facilitate with the aforementioned issues, allow users access to all applications from one logon, providing s a unified mechanism to manage the authentication of users and implement business rules determining user access to applications and data. Products can offer increased levels of security, with seamless strong multi-factor authentication, centralised logging and consistent workflow automation. Some SSO products can also help reduce IT labour costs and user satisfaction by allowing users with an SSPR (self-service password reset) option, in the common event of a password lock-out.
With the challenge faced by organisations managing identities and passwords, our security architects at JAW Consulting UK have experience in assisting organisations from small to large global enterprises with this problem, and have first-hand knowledge of the selection, design and integration of SSO products including the required application profiling and scripting for your business applications, and definition of workflow processes to support your user provisioning and shared workstation configuration. We have worked with some leading solutions from Actividentity, Quest, Novel Secure Login, IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM eSSO) and Encentuate.