Self-service password reset
|
|
- Clinton Parsons
- 7 years ago
- Views:
Transcription
1 Tutorials, A. Allan, R. Witty Research Note 22 December 2003 Best Practices for Managing Passwords: Tools Password self-service, synchronization and single sign-on tools reduce the administrative burden of password management and enhance security. A primary benefit, and key risk, is that users must remember only one password. Core Topic Security and Privacy: Security Management Strategies and Processes Key Issues How will enterprises arm themselves to address increasing information security risk? How will enterprises manage the complexity of authentication and access control in a highly distributed world? Passwords are the most ubiquitous authentication mechanism and will be used for at least 80 percent of enterprises' authentication needs during the next two to three years. However, because each new system can mean another user ID and password for users to remember, and may have different password formation and management rules, the password management burden on users and help desks can rapidly increase. Gartner estimates that between 10 percent and 30 percent of help desk calls are password-related some enterprises report that as many as 60 percent of their help desk calls are about passwords. In addition, users who must remember several passwords are often tempted to write the passwords down, increasing the security risk of the passwords being discovered by attackers. Many enterprises are seeking to ease the administrative burden of password management through self-service tools. In addition, password synchronization and single sign-on (SSO) can reduce the number of passwords that users must remember. Password Management Tools Password management tools generally provide one or both of two functions: Self-service password reset Automatic password synchronization Self-service password reset usually is done through Web browser interfaces or, less commonly, via interactive voice response systems. Users can reset forgotten passwords for one, many or all of the systems that they use. To do this securely, reset tools must employ an alternative identity verification mechanism, such as a set of challenge-response questions and Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
2 answers. Users must correctly answer each question in the set, or a random set of questions out of a larger pool. A user can, optionally, use a self-service password reset function to set the same password across all systems: this is manual synchronization. Automatic synchronization differs in that it is transparent to users. When a user resets the password on one system (often the network operating system), special software on that system detects the change and propagates it to the user's other systems. Because the user will use this new password for all systems, this approach sometimes is called consistent (or consolidated) sign-on. Consistent sign-on also can be achieved by having each system "talk" to the same authentication service. This approach is wellknown from Sun Microsystems' Network Information System (NIS) and NIS+ for Unix operating systems. A broader application across multiple operating systems and applications is through Lightweight Directory Access Protocol (LDAP). The user has only one password the LDAP password for LDAPenabled target systems. Microsoft's Active Directory can be used in this way. Examples of password management vendors include: Blockade Systems Courion M-Tech Information Technology Sun Microsystems (Waveset Technologies) SSO Tools SSO goes a step further than password synchronization: The user has only one password and after the initial logon, subsequent logons are transparent to the user. Microsoft Windows 2000 and Windows Server 2003 use Kerberos for multidomain SSO. This can be extended to other "Kerberized" applications (for example, Oracle and SAP) and to other platforms (for example, most Unix operating systems and IBM z/os mainframes). Kerberos also can be used between these systems without Windows. After the initial, primary authentication the normal Windows logon Kerberos uses cryptographic tickets to authenticate the user to other systems. The systems "consume" Kerberos tickets rather than passwords. The primary problem with Kerberos and similar approaches is that each target system has to be modified. In heterogeneous enterprises, this can kill full deployment. Therefore, most enterprise SSO (ESSO) tools interact directly with target 22 December
3 systems' logon screens, passing the user's ID, password and maybe other information to each system as the user accesses it. The tools support Windows logon panels, text screens (for Unix and mainframe terminal emulation) and HTML forms. The primary authentication mechanism may be a password that is managed by the SSO tool, or a network operating system or LDAP password. Subsequent logons may use the same password that is, the SSO tool ensures automatic password synchronization. More often, the SSO tool will negotiate the use of a different password with each system. Many SSO tools also can set random system passwords without the user's participation. The user doesn't know what the target-system passwords are, but he or she can continue to access those systems using the SSO tool. In a wholly Web-based application environment, one of three different approaches may be used: The server that performs the initial authentication can store an encrypted cookie on the user's workstation. When the user goes to another server, the server retrieves the user's credentials from the cookie without having to re-authenticate the user. Secured Web servers can sit behind a reverse proxy server. The user authenticates to this server only, and the proxy picks up the requested content or application and delivers it to the user. A new approach makes use of the Security Assertions Markup Language (SAML), which servers can use to exchange authentication requests and assertions via Extensible Markup Language (XML) messages. These Web SSO approaches are offered in portals and extranet access management products. Examples of SSO vendors include: Computer Associates Imprivata Passlogix Protocom Development Systems (licensed by Novell) Costs The licensing cost starts at about $10 per user for password management tools and about $75 per user for ESSO tools. Prices will decrease for larger numbers of users. The higher price 22 December
4 for ESSO tools reflects the need for client software and the complexities of the real-time approach. User provisioning tools, which offer password management in addition to more-complex functionality, and extranet access management tools, which offer Web SSO (and sometime limited ESSO) in addition to administrative and access control, start at about $30 per user. Benefits The key benefit of password synchronization and SSO tools is that users have only one password to remember. Therefore: They are less likely to forget their passwords and thus are less likely to call the help desk to reset their passwords. Gartner estimates a 65 percent reduction in passwordrelated calls. They are less likely to write their passwords down, thus mitigating a significant security vulnerability. A single, strong password management policy can be enforced. SSO has the additional operational benefit that users do not have to manually log on to multiple systems. Although it can be argued that this improves users' productivity, it may not always be possible for enterprises to demonstrate real improvements. For example, it's difficult to prove that a minute saved here, 30 seconds saved there, increases productivity because it depends on what users do with the time saved. Nevertheless, in some organizations where users have to log on to multiple systems at the start of the day, it may be possible to demonstrate real productivity improvements. For example, a bank reports that it saved 20 minutes per teller per day by implementing ESSO. A distinctive security benefit of ESSO is that the primary password can be arbitrarily strong. In contrast, in password synchronization, the password must be valid on all target systems and thus must conform to the weakest set of rules (short, limited character sets) of those systems. Password synchronization tools can avoid this problem by having different password policy groups, but users then would need two or more passwords. Also, by hiding target-system passwords from users, ESSO tools reduce the possibility that attackers will discover these passwords and directly target individual systems. Attackers would need users' primary passwords and access to PCs with the right client software. Passwords that users must use externally for example, for Web access to corporate canbeexposed. Finally, ESSO tools allow an enterprise to easily implement a stronger authentication mechanism across all 22 December
5 systems simultaneously, rather than having to integrate the mechanism with each individually. Risks The primary risk with self-service password reset is that identity verification questions and answers are more likely to be guessed or discovered by social-engineering methods (see "Unmasking Social-Engineering Attacks") than users' passwords, thus creating a security vulnerability. Choosing suitable questions for password reset challenge-response identity verification is a subtle art (see "Best Practices for Managing Passwords: Self- Service Q&A"). Enterprises that deploy self-service password reset tools also face the challenge of getting users to register. Users often lack the motivation to register until the first time they need to use the tool by then, it's too late. Password synchronization and SSO "put all the eggs in one basket" that is, an attacker who discovers a user's password gains entry to all systems to which that user has access. (The need for client software for ESSO will limit this vulnerability to internal attacks.) This risk is offset somewhat by the better management of a single password, which can reduce the likelihood of discovery. Key Facts: Password self-service, password synchronization and enterprise SSO tools ease the administrative burden of managing passwords and increase security by: Reducing the number of passwords that users must remember Reducing help desk call volume related to password reset requests Increasing productivity by reducing the time required to log on to multiple systems (ESSO only) Acronym Key ESSO enterprise single sign-on LDAP Lightweight Directory Access Protocol SAML Security Assertions Markup Language SSO single sign-on XML Extensible Markup Language Enabling enterprises to enforce a single, strong password management policy Bottom Line: Password management (self-service and synchronization) and single sign-on tools can yield operational benefits and ensure good password management practices. Their benefits must be weighed against their risks. 22 December
G00123440 A. Allan. Directory authentication providing a common ID and password across multiple systems
. llan Research Note 21 October 2004 Commentary Enterprise Single Sign-On Tools re Comprehensive but Costly Managing multiple user identities and passwords is difficult for companies and users. ESSO can
More informationThe Four "A's" of Information Security
Strategic Planning, R. Witty, A. Allan, J. Enck, R. Wagner Research Note 4 November 2003 Identity and Access Management Defined An IAM solution requires multiple products from multiple vendors. It also
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationResearch. Identity and Access Management Defined
Research Publication Date: 4 November 2003 ID Number: SPA-21-3430 Identity and Access Management Defined Roberta J. Witty, Ant Allan, John Enck, Ray Wagner An IAM solution requires multiple products from
More informationOpen Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
More informationSecurity solutions Executive brief. Understand the varieties and business value of single sign-on.
Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationBest Practices for Password Strength
A. Allan Research Note 6 December 2004 Passwords Are Near the Breaking Point Mitigating authentication weaknesses by increasing password length and complexity will reduce security if passwords are pushed
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationImprove Security, Lower Risk, and Increase Compliance Using Single Sign-On
SAP Brief SAP NetWeaver SAP NetWeaver Single Sign-On Objectives Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On Single sign-on in the SAP software architecture Single sign-on
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationPasslogix Sign-On Platform
Passlogix Sign-On Platform The emerging ESSO standard deployed by leading enterprises Extends identity management to the application and authentication device level No modifications to existing infrastructure
More informationAn Oracle White Paper December 2010. Implementing Enterprise Single Sign-On in an Identity Management System
An Oracle White Paper December 2010 Implementing Enterprise Single Sign-On in an Identity Management System Introduction Most users need a unique password for every enterprise application, causing an exponential
More informationMarket Trends in 2002 and 2003
Markets, J. Pescatore, R. Wagner Research Note 8 January 2003 Extranet Access Management 2H02 Magic Quadrant Inside-the-firewall (intraenterprise) integration to reduce costs dominated the extranet access
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationCritical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management
Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES
CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML
More informationPatch management point solution. Platform. Patch Management Point Solution
Markets, R. Colville, M. Nicolett Research Note 18 March 2003 Patch Management: Identifying the Vendor Landscape As the importance of patch management increases, it is important to understand the limitations
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationWhite paper December 2008. Addressing single sign-on inside, outside, and between organizations
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
More informationWhat CIOs Want to Know About Microsoft Active Directory
IGG-01222003-01 J. Enck Article 22 January 2003 What CIOs Want to Know About Microsoft Active Directory Active Directory deployments are increasing and so are questions about the technology. Gartner addresses
More informationSuccessful Enterprise Single Sign-on Addressing Deployment Challenges
Successful Enterprise Single Sign-on Addressing Deployment Challenges 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: User Problems with Passwords 2 3 Approaches
More informationPassword Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist
Password Self-Service for Novell edirectory Brent McCormick Novell Corporate Technology Strategist Audience by Industry Government Healthcare Financial Services Education Telecommunications Manufacturing
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationIntegrating Hitachi ID Suite with WebSSO Systems
Integrating Hitachi ID Suite with WebSSO Systems 2015 Hitachi ID Systems, Inc. All rights reserved. Web single sign-on (WebSSO) systems are a widely deployed technology for managing user authentication
More informationIBM Tivoli Access Manager for Enterprise Single Sign-On
Deliver seamless access to applications with an easy-to-deploy solution IBM Single Sign-On Highlights Help simplify the employee experience by eliminating the need to remember and manage user names and
More informationVyom SSO-Edge: Single Sign-On for BMC Remedy
Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective
More informationHow To Get A Single Sign On (Sso)
Single Sign-On Vijay Kumar, CISSP Agenda What is Single Sign-On (SSO) Advantages of SSO Types of SSO Examples Case Study Summary What is SSO Single sign-on is a user/session authentication process that
More informationUse This Eight-Step Process for Identity and Access Management Audit and Compliance
Research Publication Date: 28 March 2005 ID Number: G00126592 Use This Eight-Step Process for Identity and Access Management Audit and Compliance Roberta J. Witty, Ant Allan, Jay Heiser Authentication,
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
VENDOR PROFILE Passlogix and Enterprise Secure Single Sign-On: A Success Story Sally Hudson IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
More informationChoosing an SSO Solution Ten Smart Questions
Choosing an SSO Solution Ten Smart Questions Looking for the best SSO solution? Asking these ten questions first can give your users the simple, secure access they need, save time and money, and improve
More informationThe Identity and Access Management Market Landscape
Research Publication Date: 7 November 2003 ID Number: COM-21-4534 The Identity and Access Management Market Landscape Roberta J Witty Integrating identity and access management components into an overall
More informationApproaches to Enterprise Identity Management: Best of Breed vs. Suites
Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity
More informationCase Study: CMS Data-Sharing Project Highlights the Benefits of a Multiplatform Approach
Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multiplatform Approach 9 November 2009 Jay Heiser, John Girard Gartner RAS Core Research Note G00168944 The U.S. government agency responsible
More informationSSO Case Study: The USPS Gives SSO Its Stamp of Approval. May 10, 2005. Wayne Grimes, Manager, Customer Care Operations, USPS
SSO Case Study: The USPS Gives SSO Its Stamp of Approval Wayne Grimes, Manager, Customer Care Operations, USPS May 10, 2005 Today s topics An overview of the USPS USPS SSO efforts Lessons we learned along
More informationBusiness Applications and Infrastructure Entwined
Markets, S. Hayward, B. Burton, J. Comport, Y. Genovese, T. Bittman Research Note 9 July 2003 Business and Infrastructure Entwined Oracle's bid for PeopleSoft encompasses more than applications. It illustrates
More informationTroux Configuration Management Software
Sharon Fisher Product Report 5 December 2003 Troux Configuration Management Software Summary With the Troux Blueprinting System, Troux hopes to help create a new market with software to map an information
More informationCIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02
IGG-01152003-02 J. Pescatore, R. Wagner Article 15 January 2003 CIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02 CIOs and many other executives are interested in insights on how
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationWhitepaper: Centeris Likewise Identity 3.0 Security Benefits
Whitepaper: Centeris Likewise Identity 3.0 Security Benefits Author: Manny Vellon VP, Product Development Centeris Corporation Abstract This document describes how Centeris Likewise Identity improves the
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationHOBCOM and HOBLink J-Term
HOB GmbH & Co. KG Schwadermühlstr. 3 90556 Cadolzburg Germany Tel: +49 09103 / 715-0 Fax: +49 09103 / 715-271 E-Mail: support@hobsoft.com Internet: www.hobsoft.com HOBCOM and HOBLink J-Term Single Sign-On
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationAn Oracle White Paper December 2010. Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication
An Oracle White Paper December 2010 Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication Introduction Protecting data in the digital age is critical. A security breach, if
More informationSEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public
SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management
More informationExtranet Access Management Web Access Control for New Business Services
Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationSAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.
Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?
More informationManagement Update: Powerhouse Vendors Implement Document Management
IGG-10302002-04 G. Landers, K. Shegda, D. Logan Article 30 October 2002 Management Update: Powerhouse Vendors Implement Document Management Interest within enterprises is growing in the management of unstructured
More informationSingle Sign-On between SAP Portal and SuccessFactors
Single Sign-On between SAP Portal and SuccessFactors Dimitar Mihaylov 7/1/2012 Contents 1. Overview... 3 2. Trust between SAP Portal 7.3 and SuccessFactors... 5 2.1. Initial configuration in SAP Portal
More informationThe Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway
The Essentials Series: Enterprise Identity and Access Management Authentication sponsored by by Richard Siddaway Authentication...1 Issues in Authentication...1 Passwords The Weakest Link?...2 Privileged
More information101 Things to Know About Single Sign On
101 Things to Know About Single Sign On IDENTITY: 1. Single sign on requires authoritative sources for identity. 2. Identity authoritative sources needs to contain all the enterprise identity data required.
More informationServer-based Password Synchronization: Managing Multiple Passwords
Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax:
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationHow to Get to Single Sign-On
How to Get to Single Sign-On Gregg Kreizman Neil Wynne Twitter: @neilwynne Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSingle Sign-On. Security and comfort can be friend. Arnd Langguth. alangguth@novell.com. September, 2006
Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationDocument Management Software Provider Designs for Identity and Access Flexibility
Microsoft Windows Server System Partner Solution Case Study Document Management Software Provider Designs for Identity and Access Flexibility Overview Country or Region: Canada Industry: Professional Services
More informationSingle sign on may be the solution
Whitepaper Single sign on may be the solution by Martijn Bellaard Martijn Bellaard is lead architect at TriOpSys and an expert in security. The average ICT environment has slowly grown into an environment
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationEnterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.
Enterprise Single Sign-On City Hospital Cures Password Pain Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.com Application Security Most organizations could completely
More informationFAQs for Password Self Service
FAQs for Password Self Service Contents 1.1 What is PSS? 1.2 What do I do if I forget my Portal/POS or Network/Workstation password? 1.3 What do I do if my Portal/POS or Network/Workstation password has
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More information<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More informationSecurity and Identity Management Auditing Converge
Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,
More informationEXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole.
KuppingerCole Report EXECUTIVE VIEW By Peter Cummings October 2013 EmpowerID 2013 By Peter Cummings pc@kuppingercole.com October 2013 Content 1 Vendor Profile... 3 2 Product Description... 4 2.1 Single
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationPLM Eclipses CPC as a Software Market
Markets, M. Halpern, K. Brant Research Note 20 March 2003 PLM Eclipses CPC as a Software Market Gartner is retiring the Collaborative Product Commerce Magic Quadrant and introducing the Product Life Cycle
More informationTest Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0
Test Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0 SAP WebAS 6.40 Version 1.0 1.0 1 Copyright Copyright 2004 SAP AG. All rights reserved. No part of this documentation may
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationWeb Access Management and Single Sign-On
Web Access Management and Single Sign-On Ronnie Dale Huggins In the old days of computing, a user would sit down at his or her workstation, login to the desktop, login to their email system, perhaps pull
More informationVyom SSO-Edge: Single Sign-On Solution for BMC Remedy
Vyom SSO-Edge: Single Sign-On Solution for BMC Remedy Reduce service desk calls, improve end user satisfaction, and strengthen security with Single Sign-On for BMC Remedy Contact Vyom Labs Pvt. Ltd. dhiraj
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationSingle Sign-On Access Management A Technical Framework on Access Management Systems
Single Sign-On Access Management A Technical Framework on Access Management Systems Polaris Software Lab Ltd., 766, Anna Salai, Chennai, INDIA 600 006 Single Sign-On Access Management Service This paper
More informationFive Business Drivers of Identity and Access Management
Research Publication Date: 31 October 2003 ID Number: SPA-21-3673 Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation,
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationSSL VPN 1H03 Magic Quadrant
Markets, J. Girard Research Note 8 April 2003 SSL VPN 1H03 Magic Quadrant The emerging Secure Sockets Layer virtual private network market is standards-based, with good short-term return on investment
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationSingle Sign On Underneath the Hood - What Senior Managers Need To Know
Single Sign On Underneath the Hood - What Senior Managers Need To Know Copyright, 2006. Guy Huntington, AuthenticationWorld.com. This briefing is designed for senior managers wanting to know the implications
More informationExtending Identity and Access Management
Extending Identity and Access Management Michael Quirin Sales Engineer Citrix Systems 1 2006 Citrix Systems, Inc. All rights reserved. Company Overview Leader in Access Infrastructure NASDAQ 100 and S&P
More informationManagement Update: The Outlook for the PKI Market
IGG-07092003-04 V. Wheatman, R. Wagner Article 9 July 2003 Management Update: The Outlook for the PKI Market With less market emphasis on cryptographic key management, and more on rule-based identity and
More informationWHITEPAPER. Identity Access Management: Beyond Convenience
WHITEPAPER Identity Access Management: Beyond Convenience INTRODUCTION Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are
More informationidentity management in Linux and UNIX environments
Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual
More informationBusiness Intelligence: The European Perspective
Markets, F. Buytendijk Research Note 5 November 2002 Business Intelligence: The European Perspective When choosing business intelligence products, European users are not that different from North American
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationSimplifying Security with Datakey Axis Single Sign-On. White Paper
Simplifying Security with Datakey Axis Single Sign-On White Paper Copyright and trademark notice 2003 Datakey Inc. All rights reserved. Version 1.0 No part of this document may be reproduced or retransmitted
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
More informationWindows Server 2003 Active Directory: Perspective
Mary I. Hubley, MaryAnn Richardson Technology Overview 25 September 2003 Windows Server 2003 Active Directory: Perspective Summary The Windows Server 2003 Active Directory lies at the core of the Windows
More information