Enterprise Single Sign-on (ESSO)
|
|
- Baldric Reeves
- 8 years ago
- Views:
Transcription
1 Reference Code: TA001301SEC Publication Date: August 2007 Author: Alan Rodger TECHNOLOGY AUDIT Enterprise Single Sign-on (ESSO) ActivIdentity BUTLER GROUP VIEW ABSTRACT Enterprise Single Sign On (ESSO), from ActivIdentity, is a solution set that enables organisations to effectively combine Single Sign-On (SSO) with strong security, providing end-users with secure access to almost any type of application without remembering individual passwords. Application-specific passwords are now seen as constituting more of an efficiency problem than a security benefit, as they are a major cause of calls to an organisation s helpdesk. ActivIdentity ESSO provides multiple options to augment SSO with greater security and/or business value, via smartcard related functions, kiosk-style workstation sharing, selfservice password reset, and integration with identity provisioning systems. The solutions require a Windows client machine environment with a downloaded module running, and end-users identities are normally defined in a directory, so the solution is suitable for SSO needs within enterprises rather than in the consumer-facing Web at large. In this realm, ActivIdentity provides a leading solution that caters well for ongoing change, and incurs little commitment of technical management resources. Butler Group believes that client platform support should be extended to include mobile devices and Linux, in order to support enterprise needs of the future. There are many options for modular implementation approaches, allowing further evaluation before wholesale adoption. KEY FINDINGS Efficiency benefits, plus added value and security from strong authentication. No need to change the majority of user experience, avoiding costs of re-training. Allows customisation of end-user experience via powerful script language. Use of directory infrastructure and features confers many advantages. Client platform support should be extended, as ESSO is currently Microsoft-dependent. LOOK AHEAD 64-bit Vista and Linux support are amongst a large number of enhancements to be released during late 2007 and Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 1
2 FUNCTIONALITY Product Analysis ActivIdentity ESSO solutions provide users with access to network resources, using a single, secure log-in at a dedicated or shared workstation. This eliminates the users burden of remembering multiple passwords, an approach which can reduce helpdesk costs and improve productivity. The solution s key components include: SecureLogin SSO, which provides automated log-in capabilities to a wide range of Windows, Web, Java, and terminal emulator applications. The product works by automatically responding to application events associated with log-in or other password-related activities, prior to these appearing at the user interface. Built for directory environments, it can provide centralised policy management, and inheritance through user groups, using existing enterprise infrastructure. ActivClient, which allows the combination of SecureLogin SSO with Strong Authentication technology such as smartcards, USB tokens, biometrics, and other security methods. Implementation examples include using smartcards and Public Key Infrastructure (PKI) capabilities to enable PKI encryption of the user s SSO data store in the directory and local cache. SSO credentials can also be stored on the smartcard, enhancing work mobility. With the ActivClient smartcard middleware, users can also generate One-Time Passwords (OTPs) from the smartcard and automatically submit these for sign-on to other applications, e.g. a Virtual Private Network (VPN). SecureLogin Kiosk, which provides instant log-in and access to applications on shared workstations, and is suitable for environments (e.g. healthcare) where rapid access is an important business factor, without compromising security policy. SecureLogin Password Reset Manager, which enables users to securely reset their own Windows Domain password. It integrates seamlessly with SecureLogin SSO to enable password reprovisioning to be independent of helpdesk intervention, increasing productivity and reducing support costs. Identity Provisioning Integration, which integrates SecureLogin SSO with identity provisioning products from IBM Tivoli, Novell, and Sun Microsystems, and enables automatic provisioning and management of SSO credentials from the Identity Provisioning console. SecureLogin SSO provides the basic capability to automatically handle application-level passwords (and potentially other, non-application log-ins such as infrastructure passwords), and consequently these can be strengthened if necessary without adversely impacting the end-user experience. Since the end-user has only a single password to remember, it is feasible for the primary network password to be made more complex, thus providing higher security. It is designed to require minimal end-user intervention, and after simple installation can be used with little, if any, end-user training. The product can also be used to take the user past the authentication sequence of an application and into any sub-menu or sub-level of an application, further reducing the costs associated with application navigation. Butler Group believes the addition of strong authentication to be a wise addition to password-based SSO, in order to more securely protect the access rights that a single password confers. Complementing SecureLogin SSO, the product choices provided by ActivIdentity give many options for highly secure and flexible log-in processes to be easily adopted, including: Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 2
3 Smartcard log-in to Windows using strong two-factor authentication, with two options: the first is Smart Card Password Login, in which users insert their card and enter a PIN, unlocking their network password (stored securely on the smartcard) and submitting it to Windows. The second option is Smart Card PKI Login, which entails the same user experience, but instead of simply submitting the network password, the smartcard is verified using digital signatures based on asymmetric (PKI) keys and certificates (this option requires that an organisation has a PKI in place, i.e. Certificate Authority issuing certificates and publishing a Certificate Revocation List (CRL)). A user s application credentials (usernames and passwords) can be stored in a PIN-protected area on the card enabling easy portability of credentials for use with SecureLogin SSO on other workstations. Credentials stored on a smartcard are synchronised with the user s directory-based credentials store, and so are recoverable in case the card is lost. Encryption of user s SSO credential store on their PC and in the directory using a PKI-based certificate on their smartcard. Enforced presence of smartcard for SecureLogin SSO operations (i.e. mandatory two-factor authentication). SecureLogin and Windows session log-out upon removal of the smartcard. Product Operation A SecureLogin SSO client module, present on each user s workstation, is responsible for the automated signon functions. It watches for log-in and password related events (e.g. prompts for log-in details or password changes) for SSO-enabled applications and handles these events according to the policy logic, configured in SecureLogin by the administrator. It can deal with log-in prompts without requiring user intervention, as long as valid credentials are currently held these are retrieved from the directory, or alternatively, from the local cache for off-line or stand-alone log-ins. If no credentials are held for the user, SecureLogin SSO prompts the user for these credentials and then stores these in the repositories, from where they can be retrieved, populating password prompts for automated log-in at each subsequent application start-up. The power of having a directory platform is used in two major ways: to map SSO details onto the user structure that is defined in the directory; and to distribute the SecureLogin client modules and policy logic to workstations. Significant cost savings and other benefits are realised by customer organisations due to the solution s re-use of existing definitions of identity within the directory, and of the directory s distribution capabilities. Reinforcing the use of familiar tools and environments, administration of SecureLogin SSO is performed via administrative consoles appropriate to the hosting directory service -- for example, a Microsoft Management Console plug-in is provided for use with Microsoft Active Directory or Microsoft Active Directory Application Mode; imanager plug-ins are provided for Novell edirectory administration; and the SecureLogin Manager is provided for use with other Lightweight Directory Access Protocol (LDAP) directories. The administrator can automate the user credential population process using the interfaces that ActivIdentity supplies to provisioning applications such as IBM Tivoli, Novell Identity Manager, and Sun Java System Identity Manager. Users credentials are stored in encrypted form within the directory, under triple use of Data Encryption Standard (3DES) security, or the government-grade Advanced Encryption Standard (AES). Administrators have several options for SSO-enabling applications used within their organisation. SecureLogin comes with more than 80 pre-defined application definitions (for popular Windows, Web, and Terminal Emulator applications). For SSO-enabling other applications and Web sites, administrators are empowered with simple to use Wizards. Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 3
4 The Wizard approach is a one-off task of mapping applications log-in and password process- related characteristics to the appropriate SecureLogin actions. Application window features, such as title and data entry boxes, are dragged and dropped into the Wizard, which prompts the Administrator for other input necessary to create the definition of how the client module should respond. The output takes the form of a script, and the flexibility that this affords allows it to also be customised to identify and intercept any particular window arising from an end-user application, and to tailor the user interaction. For example, if a legacy application displays an unhelpful error message, or provides insufficient guidance in a message, the script can implement a replacement message or undertake replacement user interaction under control of the script, without the need to amend the end-user application. Normally, however, the script mandates that the user s password is used to log-in automatically to the application whenever it is activated by the user, hence the user s usual experience is to observe a very brief, automatic, interaction before being presented with the next interaction (after log-in) with his end-user application. For password changes, the script can be written to cater for the application s password policy, and can be configured either to prompt the user to choose a new password, or to transact automatically with the application and generate a new password that complies with the bounds set by the application s password policy. Invisible to the end-user throughout its operation, the scripting language is based on Unicode, and has the capability to use international languages, both in its recognition of characteristics in Windows being displayed, and in displaying its own messages. Scripts are held within the directory, and distributed to client machines via the directory s download mechanism. Product Emphasis ActivIdentity ESSO allows a flexible approach to be taken for sign-on and authentication. SecureLogin SSO provides the foundation of increased security by centrally managing application- or systems-specific passwords (rather than these being handled by individual users), while still protecting back-end systems and applications with the strict enforcement of native password policy. It does so by leveraging the storage and distribution benefits of the enterprise directory, as well as its repository of user structure and access rights, as a foundation for building a robust identity security policy, bringing overall benefits of efficiency and ease-ofuse. This architecture does, however, restrict the benefits to an organisation s processes relating to identities that are already known to its directory, rather than new customers registering on the Web. For organisations taking the wise step of enhancing password-based security with stronger authentication methods, ActivIdentity ESSO enables integration to be achieved more easily, and offers increased value over some competitor alternatives by providing, off-the-shelf, a set of processes that can be used as the foundation for real-world implementation of the main strong authentication technology options such as USB tokens, and smartcards. DEPLOYMENT The extent of resources required to deploy solutions depends on the size and complexity of the user base and application portfolio. While ActivIdentity states that customers installing the standard SecureLogin SSO product do not require a Professional Services (PS) engagement, ActivIdentity does offers PS packages to accelerate deployment and assist their customers in getting the full use and Return On Investment (ROI) from SSO projects. In addition, ActivIdentity Professional Services provides packages to support customers deploying SSO with strong authentication or Identity Management components, or SSO-enabling complex applications. Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 4
5 There are many ways in which a modular approach to implementation can be taken. For example, applications can be added in phases to the portfolio managed under ActivIdentity ESSO. ActivIdentity also provides product capabilities beyond SSO that enable additional identity-related features to be added, such as smartcard related functions (e.g. storage of PKI-encrypted credentials and OTP generation), advanced card management, kiosk-style rapid sharing of workstations, self-service password reset, connectors to popular identity provisioning systems, and advanced auditing features. Pre-packaged training is of a four-day, instructor-led format, and prepares participants to qualify for certification. A review of background technology (identity and cryptography technologies, including smartcards, PKI, and OTP) is followed by three days of hands-on and instructor-led training on SecureLogin SSO that includes: Managing SSO in a corporate environment (e.g. distribution of application definitions to end-user workstation). Installation of SecureLogin SSO in a corporate environment with Microsoft Active Directory and other LDAP directories. The interaction of SecureLogin SSO with smartcards and other strong authentication methods. Creating and editing application definitions for Windows, Web, and terminal emulator applications. Administration of the solution s implementation in the end-user environment is conducted within the normal administration processes for the directory system. For Microsoft Active Directory deployments, this is done via the Microsoft Management Console. On most directory systems, SecureLogin SSO is added as an additional tab to the presentation layer of the administrator s interface. This tab is used to define the options (such as those in the list below) to be made available by SecureLogin SSO, to the user population represented by the container being maintained (e.g. a user, or user group): Whether configuration access is to be available. Whether passwords can be viewed. Whether a System Tray icon is to be shown on the desktop. Whether SecureLogin SSO should be disabled. Whether access to SecureLogin SSO scripts is to be available. The ActivIdentity ESSO Management tools, and the end-user client facilities, can operate within Windows 2000 Professional SP3/SP4, Windows XP Professional (any service pack up to SP2), Windows 2003 (Enterprise and Standard Editions), and Windows Vista (32-bit, with 64-bit support available in a late- 2007/early 2008 SecureLogin SSO release). Browser-based facilities are supported on Microsoft Internet Explorer 6.0 and 7.0, and Mozilla Firefox 1.0, 1.5, and 2. The following directory products are supported as deployment environments: Microsoft Windows 2000 Sever Active Directory. Microsoft Windows Server 2003 Active Directory. Microsoft Windows Server 2003 Active Directory Application Mode (ADAM). Novell edirectory 8.7 and 8.8. Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 5
6 Sun Java Directory Server. OpenLDAP IBM Tivoli Directory Server. Integration with Microsoft s ADAM, an application-specific directory instance for non-strategic directory deployment, is also available. Microsoft Terminal Services are supported on Microsoft Windows Server 2003 Terminal Services, Microsoft Windows XP Remote Desktop, and Microsoft Windows Vista Remote Desktop (on 32-bit systems). Citrix deployments are supported as follows: Server elements can be on MetaFrame XP Presentation Server FR3 SP4 on Windows 2000, or Citrix Presentation Server (4, or 4.5) on Windows 2000 Server, or on Windows Server Client: elements on Citrix Presentation Server Client version The standard offering for ActivIdentity ESSO provides the SecureLogin SSO client and management functionality, along with built-in support for hundreds of applications, and the extensibility to support log-ins to almost any Web, Java, client-server, or host-based application. Pricing starts at US$59 per user, with volume discounting available. PRODUCT STRATEGY The solution is targeted in general at large global organisations such as the Fortune 500 and Forbes Global 2000, and although the company states that it is scalable down to the needs of smaller companies, it is usually implemented within organisations with at least several thousand employees. It is appropriate across industry sectors, although key vertical sectors are defined as government, healthcare, and financial services. The company sees a major market opportunity where companies undergoing mergers and acquisitions are often bringing together multiple networks, and have numerous applications that make managing passwordbased requests a major helpdesk problem. The company includes factors such as number of employees, the number applications they use, and past experience of helpdesk call volumes, to construct a standard calculation of ROI, which it states could reach 300% after three years for an organisation with approximately 10,000 employees, based on industry analyst estimates. SecureLogin SSO is sold directly, as well as via OEM resellers, and other partners such as global alliance partners, and a community of Valued-Added Resellers (VARs) and distributors whose technical capabilities and skills have met ActivIdentity SSO training certification criteria. Individual, well-known Systems Integrators number amongst these partners in the three major global regions, and the company has global alliances with EDS, HP, IBM, Novell, Sun Microsystems, and Verisign. Novell offers the product as Novell SecureLogin, complementing its suite of identity management offerings in over 2,000 of its customer organisations. Key technology partnerships are with Oberthur Card Systems (as well as many other card manufacturers) for smartcards, Citrix (ActivIdentity is a Presentation Server partner), Novell, Sun Microsystems, and IBM (all three as partners for Identity Management integration), Microsoft (ActivIdentity provides operating system and application integration), and Ensure Technologies (for proximity device integration). The product is licensed on a per user basis, with significant discounts available at higher volumes. Subsequent to initial licence purchase a choice of plans is available for support, both of which include the annually payable maintenance charge: Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 6
7 Standard Support, at 20% of licence cost, involves ActivIdentity providing support during an 8-hour period on weekdays, but with first- and second-level support being provided by partners such as the customer s reseller dealer (which also provide product upgrades within this support model). Premium Support, at 25% of licence cost, in which ActivIdentity provides 24x7 support (and product upgrades) directly to the customer, and trains and certifies two of the customer s staff on the product. A significant upgrade of Wizard functionality within ActivIdentity ESSO is in progress, and a new version may be included in a release later in Another major development is product support for Linux, which is planned for the first half of COMPANY PROFILE ActivIdentity was formed in 2005, when ActivCard took a new name following its acquisition of Protocom earlier that year. Both were established vendors in the Identity and Access Management (I&AM) market, with highly complementary portfolios: ActivCard s main focus within the market was authentication, secure remote access, and smartcard management systems; Protocom s, enterprise SSO (this being the source of the ActivIdentity ESSO product). The company is headquartered in Fremont, California, and has development centers in the United States, Australia, and France, and sales and service centers in more than ten countries. It has 314 employees, of whom 118 are based in the EMEA region, 128 in North America, and 68 in Asia Pacific. In 2006, 51.7% of its revenues arose from business in the Americas, 42.1% from the EMEA region, and 6.2% from Asia Pacific. Around 40% of the workforce is involved with Research and Development (R&D), 29% in sales and marketing activities, 16% in services or customer support, and the remainder have administrative or other operational roles. Its shares are traded publicly on the NASDAQ (ACTI), on which exchange ActivCard listed in Its financial results in recently completed financial years, showing consolidated figures of the merged companies, are summarised in Table 1. Table 1: Financial Details Year (see notes below) Revenue (US$ Million) Change on Previous Year (%) 26.5% 25.6% n/a Gross Margin: 62.9% 55% 57.5% Notes: 1 Revenues reported are for the 12-month periods ended 30 September. 2 Revenues reported are for the four quarters ended 30 September Source: ActivIdentity D A T A M O N I T O R The company has a wealth of products whose technologies combine as solutions for SSO, strong authentication, secure information, and transactions, as well as device and credential management. It offers packaged solutions that tailor its technology to the enterprise, government, financial services, and healthcare markets. Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 7
8 The convergence of the market areas addressed by ActivCard and Protocom, given the need for strong authentication security to protect the added value bestowed by SSO, provided the motivation for the acquisition, and a market opportunity for ActivIdentity. In particular, a presidential directive (HSPD-12) in the USA that decreed all Federal employees and contractors must have a Personal Identity Verification (PIV) card, expanded the market for solutions in which ActivIdentity had significant success: it won a contract to provide 10 million smartcards for the US Department of Defense, covering implementations in all three major military services. Overall, ActivIdentity has over 4,000 organisations as customers, with over 15 million users of its solutions: the company has more than 400 customer organisations that are direct users of its ESSO solutions, with over 1,000 more as customers of the Novell SecureLogin product. Major customers that use ActivIdentity ESSO include the General Services Administration (GSA), Convergys, Webster Bank, Scott & White Hospital (all of the foregoing being US-based), Royal Dutch Shell (based in The Netherlands), Saudi Aramco (Saudi Arabia), Areva (France), and Mapfre (Spain). SUMMARY ActivIdentity s dual heritage of leading SSO and strong authentication gives it a major strength in this market space, an area which customer organisations are finding increasingly meets a number of important requirements. Organisations implementing SSO have been increasingly wary of users entire access rights being protected only by a single password the range of capabilities that Actividentity offers enables customers to enhance the protection around SSO with a range of secondary strong authentication technologies, and the Actividentity ESSO solution range includes readily activated processes that provide implementation and management advantages. Table 2: Contact Details ActivIdentity Europe Avenue du Général de Gaulle Suresnes, Cedex France Tel: +33 (0) Fax: +33 (0) Corporate Headquarters 6623 Dumbarton Circle Fremont, California USA Tel: +1 (510) Fax: +1 (510) Source: ActivIdentity D A T A M O N I T O R Headquarters Europa House, 184 Ferensway, Hull, East Yorkshire, HU1 3UT, UK Tel: +44 (0) Fax: +44 (0) Butler Direct Pty Ltd. Level 46, Citigroup Building, 2 Park Street, Sydney, NSW, 2000, Australia Tel: + 61 (02) Fax: + 61 (02) Butler Group 245 Fifth Avenue, 4th Floor, New York, NY 10016, USA Tel: Fax: For more information on Butler Group s Subscription Services please contact one of the local offices above. Important Notice This report contains data and information upto-date and correct to the best of our knowledge at the time of preparation. The data and information comes from a variety of sources outside our direct control, therefore Butler Direct Limited cannot give any guarantees relating to the content of this report. Ultimate responsibility for all interpretations of, and use of, data, information and commentary in this report remains with you. Butler Direct Limited will not be liable for any interpretations or decisions made by you. Butler Group. This Technology Audit is a licensed product and is not to be photocopied Page 8
ActivIdentity. Smart Employee ID. Butler Group Subscription Services. Security. Abstract
Butler Group Subscription Services TA001173SEC Technology Audit Security ActivIdentity Written by: Alan Rodger Smart Employee ID Date: January 2007 Abstract Smart Employee ID, from ActivIdentity, is an
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
VENDOR PROFILE Passlogix and Enterprise Secure Single Sign-On: A Success Story Sally Hudson IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
More informationCitrix MetaFrame Password Manager 2.5
F E A T U R E S O V E R V I E W Citrix MetaFrame Password Manager 2.5 Citrix access infrastructure provides on-demand access to information, and Citrix MetaFrame Password Manager makes that information
More informationIBM Tivoli Access Manager for Enterprise Single Sign-On
Deliver seamless access to applications with an easy-to-deploy solution IBM Single Sign-On Highlights Help simplify the employee experience by eliminating the need to remember and manage user names and
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationSingle Sign-On. Security and comfort can be friend. Arnd Langguth. alangguth@novell.com. September, 2006
Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?
More informationCitrix Password Manager 4.1
F E A T U R E S O V E R V I E W Password Manager 4.1 The access platform provides on-demand access to information, and Password Manager makes that information available with a single logon. Password Manager
More informationand the software then detects and automates all password-related events for the employee, including:
Reduce costs, simplify access and audit access to applications with single sign-on IBM Single Sign-On Highlights Reduce password-related helpdesk Facilitate compliance with pri- costs by lowering the vacy
More informationPasslogix Sign-On Platform
Passlogix Sign-On Platform The emerging ESSO standard deployed by leading enterprises Extends identity management to the application and authentication device level No modifications to existing infrastructure
More informationChoosing an SSO Solution Ten Smart Questions
Choosing an SSO Solution Ten Smart Questions Looking for the best SSO solution? Asking these ten questions first can give your users the simple, secure access they need, save time and money, and improve
More informationAdministration Guide. SecureLogin 8.0. October, 2013
Administration Guide SecureLogin 8.0 October, 2013 Legal Notice NetIQ Product Name is protected by United States Patent No(s): nnnnnnnn, nnnnnnnn, nnnnnnnn. THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN
More informationExtending Identity and Access Management
Extending Identity and Access Management Michael Quirin Sales Engineer Citrix Systems 1 2006 Citrix Systems, Inc. All rights reserved. Company Overview Leader in Access Infrastructure NASDAQ 100 and S&P
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationCitrix Password Manager 4.5 Partner and Sales FAQ
Citrix Password Manager 4.5 Partner and Sales FAQ I. Messaging and Positioning... 2 What is Password Manager?... 2 What is Citrix announcing with the availability of Password Manager 4.5?... 3 Why is Password
More informationVPN Solutions FAQ www.aladdin.com/contact North America International Germany Benelux France Spain Israel Asia Pacific Japan
A l a d d i n. c o m / e T o k e n VPN Solutions FAQ VPN authentication is a critical link in the chain of trust for remote access to your organization. Compromising that trust can expose your private
More informationIBM Security Access Manager for Enterprise Single Sign-On
IBM Security Access Manager for Enterprise Single Sign-On Simplify password management, strengthen access security and demonstrate compliance Highlights Achieve faster time to value and higher ROI with
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationActive Directory and DirectControl
WHITE PAPER CENTRIFY CORP. Active Directory and DirectControl APRIL 2005 The Right Choice for Enterprise Identity Management and Infrastructure Consolidation ABSTRACT Microsoft s Active Directory is now
More informationIdentity & Access Management
Written by Alan Rodger, June 2004 TA000562IAM Technology Infrastructure Butler Group Subscription Services Identity & Access Management TECHNOLOGY AUDIT Open Systems Management (OSM) COSuser v2.3 Abstract
More informationExtranet Access Management Web Access Control for New Business Services
Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationFor Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.
Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio
More informationServer-based Password Synchronization: Managing Multiple Passwords
Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax:
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationAn Oracle White Paper Sep 2009. Buyer s Guide for Enterprise Single Sign On
An Oracle White Paper Sep 2009 Buyer s Guide for Enterprise Single Sign On Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationSmart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER
Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER Table of Contents.... About This Paper.... 3 Introduction... 3 Smart Card Overview.... 3 Getting Started... 4 Authenticating
More informationIdentity Management and Single Sign-On
Delivering Oracle Success Identity Management and Single Sign-On Al Lopez RMOUG Training Days February 2012 About DBAK Oracle Solution Provider and License Reseller Core Technology and EBS Applications
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationEnterprise SSO Manager (E-SSO-M)
Enterprise SSO Manager (E-SSO-M) Many resources, such as internet applications, internal network applications and Operating Systems, require the end user to log in several times before they are empowered
More informationHow To Configure An Activcard Smart Card With An Hp Powerbook On A Pc Or Ipa (Powerbook) On A Powerbook 2 (Powercard) On An Hpla 2 (Ahemos) Or Powerbook (Power Card
Implementing ActivIdentity Smart Cards for Use with HP Compaq t5720 Thin Clients and HP Blade PCs Introduction............................................................ 2 Prerequisites............................................................
More informationOracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release 11.1.1.2.0 E15720-02
Oracle Enterprise Single Sign-on Logon Manager Installation and Setup Guide Release 11.1.1.2.0 E15720-02 November 2010 Oracle Enterprise Single Sign-on Logon Manager, Installation and Setup Guide, Release
More information2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.
Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout
More informationSimplifying Security with Datakey Axis Single Sign-On. White Paper
Simplifying Security with Datakey Axis Single Sign-On White Paper Copyright and trademark notice 2003 Datakey Inc. All rights reserved. Version 1.0 No part of this document may be reproduced or retransmitted
More informationThe Encryption Anywhere Data Protection Platform
The Encryption Anywhere Data Protection Platform A Technical White Paper 5 December 2005 475 Brannan Street, Suite 400, San Francisco CA 94107-5421 800-440-0419 415-683-2200 Fax 415-683-2349 For more information,
More informationetoken Single Sign-On 3.0
etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to
More informationEnhancing Password Management by Adding Security, Flexibility, and Agility IBM Redbooks Solution Guide
Enhancing Password Management by Adding Security, Flexibility, and Agility IBM Redbooks Solution Guide The number of logins and passwords that employees must manage on a daily basis continues to be a source
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationEnterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.
Enterprise Single Sign-On City Hospital Cures Password Pain Stephen Furstenau Operations and Support Director Imprivata, Inc. www.imprivata.com Application Security Most organizations could completely
More informationAdvanced Authentication
Architecture Overview Authasas Advanced Authentication Strong Authenticating to Novell edirectory using Domain Services for Windows November, 2011 Authasas Advanced Authentication Asterweg 19D12 1031 HL
More informationSmart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment
Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment 2009, Raritan Inc. Executive Summary While many organizations have employed
More informationAdministration Guide ActivClient for Windows 6.2
Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12
More informationHow To Get A Single Sign On (Sso)
Single Sign-On Vijay Kumar, CISSP Agenda What is Single Sign-On (SSO) Advantages of SSO Types of SSO Examples Case Study Summary What is SSO Single sign-on is a user/session authentication process that
More informationThe Benefits of an Industry Standard Platform for Enterprise Sign-On
white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed
More informationCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationFinancial Security Symposium 2012. Singapore
Financial Security Symposium 2012 Singapore Identity Assurance Solutions - Establishing Trust in Online Identities LEE Meng Chuan Regional Sales Manager, ASEAN Identity and Access Management (IAM) About
More informationetoken TMS (Token Management System) Frequently Asked Questions
etoken TMS (Token Management System) Frequently Asked Questions Make your strong authentication solution a reality with etoken TMS (Token Management System). etoken TMS provides you with full solution
More informationMicrosoft Windows Server 2003 Integration Guide
15370 Barranca Parkway Irvine, CA 92618 USA Microsoft Windows Server 2003 Integration Guide 2008 HID Global Corporation. All rights reserved. 47A3-905, A.1 C200 and C700 December 1, 2008 Crescendo Integration
More informationImplementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware
Implementing Federal Personal Identity Verification for VMware View By Bryan Salek, Federal Desktop Systems Engineer, VMware Technical WHITE PAPER Introduction This guide explains how to implement authentication
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationDay One Employee Productivity and Increased Security: Integrated Provisioning and SSO
Day One Employee Productivity and Increased Security: Integrated Provisioning and SSO Introduction The pressure to increase productivity among end-users and IT administrators alike is an ongoing challenge
More informationDIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
More informationDirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet
Technical Data Sheet DirX Identity V8.5 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationDeriving a Trusted Mobile Identity from an Existing Credential
Deriving a Trusted Mobile Identity from an Existing Credential Exploring and applying real-world use cases for mobile derived credentials +1-888-690-2424 entrust.com Table of contents Approval of the mobile
More informationNETWRIX IDENTITY MANAGEMENT SUITE
NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationCitrix Access Gateway
F E A T U R E S O V E R V I E W Citrix Access Gateway Citrix Access Gateway is a universal SSL VPN appliance that combines the best features of IPSec and typical SSL VPNs without the costly and cumbersome
More informationCitrix and Terminal Services Guide SecureLogin 8.1
Citrix and Terminal Services Guide SecureLogin 8.1 September, 2015 www.netiq.com/documentation Legal Notice NetIQ Product Name is protected by United States Patent No(s): nnnnnnnn, nnnnnnnn, nnnnnnnn.
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationPassword Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions
Password Management Buyer s Guide FastPass Password Manager V 3.3 Enterprise & Service Provider Editions FastPassCorp 2010 FPC0 FastPassCorp 2010. Page 1 Requirements for Password Management including
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationService management White paper. Manage access control effectively across the enterprise with IBM solutions.
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationWhat s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4
Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This
More informationSingle Sign-on 4.8 2015-03-15 04:30:46 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Single Sign-on 4.8 2015-03-15 04:30:46 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Single Sign-on 4.8... 10 Single Sign-on Installation and Upgrade...
More informationWhite paper December 2008. Addressing single sign-on inside, outside, and between organizations
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
More informationEnterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask
Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationTranslation Management System
Reference Code: TA001289CMT Publication Date: June 2007 Author: Sue Clarke TECHNOLOGY AUDIT Translation Management System SDL International BUTLER GROUP VIEW ABSTRACT SDL Translation Management System
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More Leostream Connect Administrator s Guide and End User s Manual Version 3.5 / 3.1 January 14, 2016
More informationAn Oracle White Paper December 2010. Implementing Enterprise Single Sign-On in an Identity Management System
An Oracle White Paper December 2010 Implementing Enterprise Single Sign-On in an Identity Management System Introduction Most users need a unique password for every enterprise application, causing an exponential
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationidentity management in Linux and UNIX environments
Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationREDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date 04 07 2014. Page 1 Public
REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION SD045 V4.1 Issue Date 04 07 2014 Page 1 Public 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s N3 Secure Remote Access (N3-SRA) Service offers
More informationUser Guide Remote PIV to VDI Using a PIV Card
User Guide Remote PIV to VDI Using a PIV Card Energy IT Services (IM-64) March 2015 Authors Prepared By Matthew Cummings Senior Systems Engineer IM-64 Version Control Date Version Document Revision Description
More informationSecure Authentication Managed Service Portfolio
Secure Authentication Managed Service Portfolio Combating Corporate Identity Theft Signify Managed Authentication Services Signify offers a complete range of Secure Authentication and Identity Management
More informationLinux Single Sign-on: Maximum Security, Minimum Cost
Linux Single Sign-on: Maximum Security, Minimum Cost Abdul Najam Safarulla and Kavitha D Linux-based Single Sign-on (SSO) solutions offer benefits that enhance security, reduce costs, offer a better user
More informationContents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7
Directory Connector SonicWALL Directory Services Connector 3.1.7 Contents Platform Compatibility... 1 New Features... 2 Known Issues... 3 Resolved Issues... 4 Overview... 7 About SonicWALL Single Sign-On
More information1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)... 3 1.1 Terminology... 4 1.2 Key Capabilities... 4
MED-V v1 Contents 1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)... 3 1.1 Terminology... 4 1.2 Key Capabilities... 4 2 High-level Architecture... 6 2.1 System Requirements for MED-V
More informationSingle Sign-On Access Management A Technical Framework on Access Management Systems
Single Sign-On Access Management A Technical Framework on Access Management Systems Polaris Software Lab Ltd., 766, Anna Salai, Chennai, INDIA 600 006 Single Sign-On Access Management Service This paper
More informationPSN compliant remote access Whitepaper
PSN compliant remote access Whitepaper March 2015 www.celestix.com/directaccess DirectAccess and IPsec connectivity in the public sector Mobile working in the public sector is nothing new but in recent
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationOracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release 11.1.1.5.0 E20998-01
Oracle Enterprise Single Sign-on Logon Manager Installation and Setup Guide Release 11.1.1.5.0 E20998-01 March 2011 Oracle Enterprise Single Sign-on Logon Manager, Installation and Setup Guide, Release
More informationPROTECT YOUR WORLD. Identity Management Solutions and Services
PROTECT YOUR WORLD Identity Management Solutions and Services Discussion Points Security and Compliance Challenges Identity Management Architecture CSC Identity Management Offerings Lessons Learned and
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationProvide access control with innovative solutions from IBM.
Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business
More informationFrequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationAchieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On
Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On 1 TABLE OF CONTENTS The Challenges of HIPAA and HITECH Compliance
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationApproaches to Enterprise Identity Management: Best of Breed vs. Suites
Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity
More informationOverview ActivClient for Windows 6.2
Overview ActivClient for Windows 6.2 ActivClient for Windows Overview P 2 Table of Contents Chapter 1: Introduction.....................................................................6 About ActivClient.......................................................................
More information