Enterprise Single Sign-On

Enterprise Single Sign-On (ESSO) solutions deliver on the promise of fast and simplified web and intranet access by allowing users to sign on to multiple applications using a single set of log-on credentials.

The Courion Enterprise Provisioning Suite™ solution works with many leading ESSO solutions, including Citrix Password Manager™ , Imprivata OneSign™, Encentuate® TCI, Healthcast eXactACCESS™ and more.

Enterprise Single Sign-On
Features:
  • Provides immediate access to all applications
  • Enables instant automated provisioning and ESSO credential registration
  • Automatically updates credentials when users are transferred, promoted, or provisioned for new systems
  • Automatically deletes credentails when a user leaves the organization
Benefits:
  • Provides seamless access experience—users are immediately productive
  • Enables simplified, integrated registration process
  • Reduces administrative costs

Self-Service Password Management and Web SSO

The Perfect Union to Reduce Support Cost and Improve Security

As companies continue to expand their e-business infrastructures and provide more transparent information access to employees, trading partners, and customers, the risk to information security greatly increases. At the same time, users must keep track of the multitude of user ID’s and passwords needed to log on the range of different systems and applications they need in their professional and personal lives. This situation has created a predicament for IT organizations that are seeking the proper balance of ease of use, cost effective administration and reliable information security.

As a result, much attention has been given to single sign-on (traditional SSO and web SSO) technologies that promise a solution to password headaches for end users and administrators. SSO minimizes the number of user IDs and passwords required, enabling users to leverage one ID and password across multiple systems and applications throughout the enterprise. With only one password to remember, users would not have to call the support center for forgotten passwords, therefore lightening administration and support burdens. Before exploring SSO products, however, it is important to truly understand the company’s needs and evaluate the extent to which SSO will fill them.

Single Sign-On Vendors

Single Sign-On (SSO) solutions can be divided into two categories:

  • Traditional (Internal) – Consolidates user authentication across internal corporate applications. Vendors in this category include Bull, Computer Associates, Cybersafe, Tivoli, and v-Go.
  • Web SSO or Web Access Management (WAM) – Web SSO centralizes user authentication and access rights for Web-based applications. Vendors in this category include Entrust, IBM, Netegrity, and RSA Security.

SSO: Is It Enough?

At first glance, SSO appears to be the best fit for each of these requirements. In an ideal environment, a single password would grant users access to all of their authorized applications. With only one password to remember, users would no longer have to write down passwords on notepads and password-reset requests would be minimized. However, most e-business scenarios are not “ideal” and restrict SSO benefits to address only a portion of the support and security requirements.

There is No True Single Sign-On

Even in environments where SSO is achieved, web and intranet users are still forced to remember multiple passwords. Varying password restrictions force users to choose different passwords for the numerous applications and services they access in their dayto- day lives. External e-business sites, voicemail, personal banking, online shopping services, cell phones and other applications may all require unique passwords. Moreover, as new passwords are added and the number of passwords in a user’s life continues to grow, older passwords change or expire. So, while SSO may help to reduce password complexity in one particular environment, users likely have a multitude of other environments that must be accessed via passwords. Therefore, while SSO may help to reduce password-reset requests, they will not be eliminated and may still comprise the largest volume of e-business support requests.

2001 CSI/FBI Computer Crime and Security Survey
  • 85% detected computer security breaches within the last 12 months*
  • 64% acknowledged financial losses due to computer breaches*
  • $377,828,700 in financial loses (186 respondents willing and/or able to quantify) *Based on responses from 538 US corporations and government agencies.
Password Policies: Securing the Key to the Kingdom

Single sign-on solutions, while satisfying end-user demands for simplicity, may pose limitations on enterprise security if password policies are not enforced. The weakest link in an SSO solution is the single password - the key to the kingdom - that grants access to everything the user is authorized to access. At a minimum, strong password mandates, including increased password length, alphanumeric requirements, and frequent password changes (e.g., 30-day refresh cycles), must be enforced to ensure passwords are not easily broken or guessed. However, similar to environments without SSO, these increased security policies make passwords more difficult to remember and can continue to drive up the volume of password-reset calls.

Password Complexity Prevails

Although intranet and web SSO technologies may help to reduce the total number of passwords a user must remember, strong password policies and the multitude of applications outside of the SSO solution will continue to drive password-reset requests to the support center. Therefore, administration requirements and support costs may not significantly benefit from SSO. Moreover, users themselves may experience some added convenience, but will continue to struggle with the countless passwords and policies they must remember for non-SSO applications.

Self-Service Password Management: The Perfect Resolution

Because password-reset requests cannot be completely eliminated, companies must directly address the problem in an effective, yet efficient manner. By enabling users to help themselves after a password is forgotten or expired, self-service password management gets users back up and running without burdening the support staff. Self-service password management solutions deliver a simplified computing environment to end users, while reducing support staff administration, decreasing related costs, and actually enhancing enterprise security.

Reduced Administration

With self-service password management, users can reset their own passwords without calling the support center. By redirecting these simple, yet highly repetitive requests, the 20 to 40% of support call volume that is attributed to password resets can be eliminated or significantly reduced. And without time-consuming password-reset requests, support staff can focus on more critical issues

Lower Support Cost

While SSO helps to consolidate user account and password information, self-service password management works to eliminate password-reset calls to the support center. Companies can support hundreds of thousands of users without adding additional support staff. The support call reduction and lowered costs usually leads to a fast return on investment (ROI) for self-service password management.

Ease of Use

After authenticating themselves through a series of challenge/response questions, users can simply input a new password that gets reset within the specified target application. In a matter of seconds, the user is back up and running and is once again productive. The service is available 24 x 7 and users no longer have to wait in hold queues for a support analyst. Moreover, because self-service password management enables customers and partners to reset their own passwords quickly and easily, password-related site abandonment is reduced.

Improved Security

Through automation, self-service password management technologies ensure consistent security policy enforcement and eliminate the security holes found in manual security administration processes. Users are always properly authenticated before any activity is initiated. Sessions are always encrypted. Logging and audit trails are guaranteed. As a result, both malicious and accidental security breaches are avoided.

With secure self-service, users no longer have to provide personal information to administrative and support personnel over the phone. As a result, support staff no longer needs supervisory security privileges within corporate applications. By reducing the number of people with access to confidential passwords and user information, user privacy is ensured.

Further Reading: Courion's PasswordCourier

PasswordCourier® from Courion Corporation provides self-service password management solutions that enable end users to reset and manage their own passwords without calling the support or security administrators. PasswordCourier enables customers and internal users to reset and synchronize their own passwords across multiple systems, mainframes, directories, databases and other corporate applications. PasswordCourier gets users back up and running in seconds and automatically logs all password activity within all leading support applications for auditing and service level management. Additionally, by automatically enforcing user authentication, password policies and intrusion monitoring, PasswordCourier increases security and closes the loopholes found in traditional manual-reset processes.

Contact Courion for more information on how the Courion Enterprise Provisioning Suite™ solution can deliver results to your business.

Back To top

Single Sign-On Partners
 
Copyright © 2008 Courion Corporation. All rights reserved.