Enterprise Single Sign On Manager

Automatic log-in to all the applications and systems

Enterprise Single Sign On Manager is an organisation-wide Single Sign On software solution enabling end-users to log in just once, after which access is granted automatically to all the authorised network applications and resources.   Enterprise Single Sign On Manager operates as an extra software layer intercepting all log-in processes and completing the details automatically.

Once the end-user has logged into the network, Enterprise Single Sign On Manager takes over the log-in process further and initiates an automatic log-in to all the applications and systems to which the end-user has access.  The advantage of this system is that Enterprise Single Sign On Manager can be deployed rapidly in any network, and supports 100% of the application and system landscape.

Login Automation Tool

Organisations currently use complex networks comprising multiple resources, such as internal network applications, internet applications and operating systems, with end-users typically needing to enter a username and password for each.  In some cases there can be more than 15 different applications with associated usernames and passwords.  This creates a number of problems.  Not only is manual entry time-consuming, it is also extremely awkward to have to remember a multitude of passwords.  Users adopt all sorts of insecure methods to cope with this situation, such as passwords written on PostIt notes, extremely simple passwords, or passwords under the keyboard.  Users frequently have to call the helpdesk for a forgotten password.

Reduction of password reset calls

Nevertheless, all sorts of preventive measures are taken by system administrators to keep the network secure, such as introducing complicated passwords, the validity of a password, or communicating with users not to write down their passwords.  This produces more frustration among users and an overload of password reset calls.

Enterprise Single Sign On Manager eliminates the time-consuming and risky operations associated with remembering and entering so many different passwords.

Enhances ease of use

End-users no longer need to log in separately for every application they want to use.  Based on their rights, Enterprise Single Sign On Manager automatically supplies the required username and passwords and the application is opened.  Enterprise Single Sign On Manager is easy and efficient.

Reduces risks

Multiple applications generally require multiple usernames and passwords.  This confidential information is often written on a piece of paper and stays within reach of the computer.  This is an insecure situation and negates your expensive and complex security measures.  Enterprise Single Sign On Manager reduces the risks within your organisation by avoiding this frequently-occurring situation.

Fulfils compliance

Enterprise Single Sign On Manager acts as a central access portal to all applications.  This offers several options for fulfilling compliance.  Thus, access to the entire network for an end-user can be denied in a single SSO action instead of having to go through every application individually.  With Enterprise Single Sign On Manager, if you wish, a report can be generated on which user accounts have access and the dates and times access occurred.  Finally, Enterprise Single Sign On Manager can perform extra checks before log-in is achieved.  This often occurs with critical applications where extra security is built in to verify that the right end-user wants access.  This allows for the integration of Smart Cards or a PIN code, amongst others.

Security

Enterprise Single Sign On Manager handles all user account details securely.
Communication: All information exchanged between the various Enterprise Single Sign On Manager components is encrypted.
Local storage: When using a laptop, depending on the configuration, all log-in details are encrypted and stored locally on the hard drive.
Database: A copy of every username and password is stored in the central database.  These details are encrypted.
Logging: All end-user activities are logged in the central Enterprise Single Sign On Manager database.  Enterprise Single Sign On Manager is developed in such a way that all confidential information is exchanged and stored securely.
DPAPI Security: The coded algorithms in Enterprise Single Sign On Manager are based on DPAPI Security, but other algorithms can be applied to meet your organisation’s security standards.  The highly acclaimed DPAPI password security system complies with the strictest security rules.  It also offers the possibility of retrieving data in the case of lost or forgotten passwords.

Scalability

We often observe a peak in the use of an SSO application in the mornings as employees begin their working day.  Research shows that in 96.5 per cent of cases, Enterprise Single Sign On Manager is used during the first 30 minutes of the working day.  During this time, the central Enterprise Single Sign On Manager engine must be capable of supplying all the details for the end-users and their applications.  To streamline this process, the log-in request is distributed to a variety of Microsoft Windows Services.  Our license model permits an unlimited number of Enterprise Single Sign On Manager service requests in the network and supports up to 250,000 workstations.

High availability

End-users will be dependent on the SSA solution to an increasing degree.  The software’s availability is thus crucial.  Enterprise Single Sign On Manager guarantees that end-users are always able to use the software through a variety of mechanisms.  These mechanisms are:
Replication: User account details can be stored in a relational database.  Standard applications for secure storage are applied.  Enterprise Single Sign On Manager supports locating the database on a cluster server and/or database replication.
Multiple services: The central Enterprise Single Sign On Manager engine is a Microsoft Windows service.  Enterprise Single Sign On Manager has fault-tolerant implementation.  Information on the rights of the end-user is exchanged via a replicable database.  On the end-user’s side, Enterprise Single Sign On Manager automatically selects an available service.
Local storage: Local storage is supported if a workstation cannot establish a connection to the central Enterprise Single Sign On Manager service.  The local workstation then utilises an offline mode.

Fast User Switching

This feature allows users to logon to and logoff from public computers quickly.  When users log on using Fast User Switching, applications that they require can be automatically started and logged on to.  When users log off, Enterprise Single Sign On Manager can log off from the applications and/or close them.
The login procedures can be simplified by combining Fast User Switching with a user badge.  In this way, users can obtain access to applications by inserting their pass.  They can log out by removing their pass, so that the computer becomes available for the next user.

Follow-Me

An addition to Fast User Switching is the Follow-Me principle, which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer.  This results in considerable time savings, particularly in the case of specialists who make their rounds along departments and need to have access to their data via various computers.

Integration with other solutions

The central Enterprise Single Sign On Manager engine supports integration with external systems and applications.  Enterprise Single Sign On Manager has both a COM object interface and contains support for an open standard SPML (Service Provisioning Markup Language).  SPML is based on SOAP/XML messages and Enterprise Single Sign On Manager supports web services.  Enterprise Single Sign On Manager can be integrated with applications for password resetting and user provisioning.
Password reset: When an application requests the entry of a new password after a period of time, Enterprise Single Sign On Manager itself can generate and store a new password.  Enterprise Single Sign On Manager can also allow the end-user to fill in a new password manually.
User Provisioning: When a new employee begins work, user accounts and passwords must be created in a variety of systems and applications.  Enterprise Single Sign On Manager can create a link with a number of applications for automated User Provisioning, such as UMRA, IDM3, ILM and Sun Identity Manager.  The end-user thus has direct access to the application landscape and doesn’t have to do anything himself.

Multiple user accounts per employee

Some end-users have access to an application through a variety of accounts and usernames, for instance system administrators.  For example they have a ‘normal’ account and an ‘admin’ account.  This system administrator probably has access to a number of environments for development, testing or production.  In such cases Enterprise Single Sign On Manager shows an extra window when the application is launched.  Here the administrator selects a specific username and/or environment.  Enterprise Single Sign On Manager then ensures that the application is launched in the correct environment with the correct username/password combination.

Delegating applications

During a vacation or sick leave, it may be necessary to grant another user temporary access to one or more applications.  This requires network modification to ensure that the temporary user acquires the correct rights.  This also entails risksas it is often forgotten to revoke the temporary rights again.  Enterprise Single Sign On Manager offers the ability to delegate specific rights of the absent employee to another end-user for a specific period.  Once the configured period has passed, the rights of the temporary employee are automatically revoked.