Single sign-on: Difference between revisions
No edit summary |
|||
| Line 8: | Line 8: | ||
'''The structure of a Single Sign-On solution''' |
'''The structure of a Single Sign-On solution''' |
||
A Single Sign-On (SSO) solution should seamlessly integrate strong authentication, application single sign-on, physical access control, and event reporting to provide one enterprise-wide automated employee information access policy managed and enforced within a single, easy to use administrative framework. |
A Single Sign-On (SSO) solution should seamlessly integrate strong authentication, application single sign-on, physical access control, and event reporting to provide one enterprise-wide automated employee information access policy managed and enforced within a single, easy to use administrative framework. SSO is used in many industries to improve business objectives, including [http://www.imprivata.com/content350/ financial services], [http://www.imprivata.com/content351/ government], [http://www.imprivata.com/onesign_solutions_for_healthcare/ healthcare], [http://www.imprivata.com/content532/ utilities], and [http://www.imprivata.com/solutions/ more]. |
||
''COMPLIANCE'': You need visibility into the who, what, where and when of employee access activity. When did an employee enter a facility or room, when did they logon to the network, what applications did they access and when did they exit? This identity-centric access data should be centrally captured and provided in standard reports to easily address regulatory compliance mandates and audit needs. |
''COMPLIANCE'': You need visibility into the who, what, where and when of employee access activity. When did an employee enter a facility or room, when did they logon to the network, what applications did they access and when did they exit? This identity-centric access data should be centrally captured and provided in standard reports to easily address regulatory compliance mandates and audit needs. |
||
Revision as of 17:08, 11 April 2008
 | It has been suggested that Enterprise single sign-on be merged into this article. (Discuss) Proposed since August 2007. |
Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. Single sign-off is the reverse process whereby a single action of signing out terminates access to multiple software systems.
The term enterprise reduced sign-on is preferred by some authors because they believe single sign-on to be a misnomer: "no one can achieve it without a homogeneous IT infrastructure".[1]
In a homogeneous IT infrastructure or at least where a single user entity authentication scheme exists or where a user database is centralized, single sign-on is a visible benefit. All users in this infrastructure would have a single set of authentication credentials, e.g. in an organization which stores its user database in a LDAP database. All information processing systems can use such an LDAP database for user authentication and authorization, which in turn means single sign-on has been achieved organization-wide.
The structure of a Single Sign-On solution
A Single Sign-On (SSO) solution should seamlessly integrate strong authentication, application single sign-on, physical access control, and event reporting to provide one enterprise-wide automated employee information access policy managed and enforced within a single, easy to use administrative framework. SSO is used in many industries to improve business objectives, including financial services, government, healthcare, utilities, and more.
COMPLIANCE: You need visibility into the who, what, where and when of employee access activity. When did an employee enter a facility or room, when did they logon to the network, what applications did they access and when did they exit? This identity-centric access data should be centrally captured and provided in standard reports to easily address regulatory compliance mandates and audit needs.
CONVENIENCE: The average employee has between 12-15 different applications that they access in their daily course of business. Each application may require a separate password which must then be changed on a regular basis. The net result is that password management adds up to huge headaches and frustration. Studies show that 60% of all IT Help Desk calls are password related; so the elimination of password management problems while improving user convenience and productivity is a necessity in the corporate infrastructure.
CONVERGENCE: Many companies have multiple silos of security, so it is necessary to centrally map an employee’s multiple corporate IT and physical security to monitor & identify access policies and events plus generate reports in real time.
See also
- Identity management
- Password fatigue
- Lightweight Directory Access Protocol (LDAP)
- Java Authentication and Authorization Service (JAAS)
- Central Authentication Service (CAS)
- OpenID
- OpenSSO
- Shibboleth
- Windows Live ID
- NTLM
- SAML
- Kerberos