Single sign-on: Difference between revisions
Mindmatrix (talk | contribs) |
|||
Line 34: | Line 34: | ||
* [http://www.authenticationworld.com/Single-Sign-On-Authentication/ Single Sign-on Article on AuthenticationWorld.com] |
* [http://www.authenticationworld.com/Single-Sign-On-Authentication/ Single Sign-on Article on AuthenticationWorld.com] |
||
* [http://www.opengroup.org/security/sso/sso_intro.htm/ Single Sign-on Intro with Diagrams] |
* [http://www.opengroup.org/security/sso/sso_intro.htm/ Single Sign-on Intro with Diagrams] |
||
* [http://www.imprivata.com/ Imprivata OneSign Solution] |
|||
Revision as of 17:17, 11 April 2008
It has been suggested that Enterprise single sign-on be merged into this article. (Discuss) Proposed since August 2007. |
Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. Single sign-off is the reverse process whereby a single action of signing out terminates access to multiple software systems.
The term enterprise reduced sign-on is preferred by some authors because they believe single sign-on to be a misnomer: "no one can achieve it without a homogeneous IT infrastructure".[1]
In a homogeneous IT infrastructure or at least where a single user entity authentication scheme exists or where a user database is centralized, single sign-on is a visible benefit. All users in this infrastructure would have a single set of authentication credentials, e.g. in an organization which stores its user database in a LDAP database. All information processing systems can use such an LDAP database for user authentication and authorization, which in turn means single sign-on has been achieved organization-wide.
The structure of a Single Sign-On solution
A Single Sign-On (SSO) solution should seamlessly integrate strong authentication, application single sign-on, physical access control, and event reporting to provide one enterprise-wide automated employee information access policy managed and enforced within a single, easy to use administrative framework.
COMPLIANCE: You need visibility into the who, what, where and when of employee access activity. When did an employee enter a facility or room, when did they logon to the network, what applications did they access and when did they exit? This identity-centric access data should be centrally captured and provided in standard reports to easily address regulatory compliance mandates and audit needs.
CONVENIENCE: The average employee has between 12-15 different applications that they access in their daily course of business. Each application may require a separate password which must then be changed on a regular basis. The net result is that password management adds up to huge headaches and frustration. Studies show that 60% of all IT Help Desk calls are password related; so the elimination of password management problems while improving user convenience and productivity is a necessity in the corporate infrastructure.
CONVERGENCE: Many companies have multiple silos of security, so it is necessary to centrally map an employee’s multiple corporate IT and physical security to monitor & identify access policies and events plus generate reports in real time.
See also
- Identity management
- Password fatigue
- Lightweight Directory Access Protocol (LDAP)
- Java Authentication and Authorization Service (JAAS)
- Central Authentication Service (CAS)
- OpenID
- OpenSSO
- Shibboleth
- Windows Live ID
- NTLM
- SAML
- Kerberos