Enterprise Single Sign-On (SSO) Manager

Organizations currently use complex networks comprising multiple resources, such as internal network applications, internet applications and operating systems, with end-users typically needing to enter a username and password for each. In some cases, there can be more than 15 different applications with associated usernames and passwords which creates a number of problems. Not only is manual entry time-consuming, it is also extremely awkward to have to remember a multitude of passwords. Users adopt all sorts of insecure methods to cope with this situation, such as passwords written on Post-It notes, extremely simple passwords, or passwords under the keyboard. Users frequently have to call the helpdesk for a forgotten password.
Research shows that 67 percent of all business professionals spend too much time with the login procedure. Read the research.

Reduction of password reset calls to the helpdesk

Nevertheless, all sorts of preventive measures are taken by system administrators to keep the network secure, such as introducing complicated passwords, the validity of a password, or communicating with users not to write down their passwords. This produces more frustration among users and an overload of password reset calls.

Tools4ever’s Single Sign-On solution eliminates the time-consuming and risky operations associated with remembering and entering so many different passwords.

How does E-SSOM work?

E-SSOM works as a service on a workstation and is activated when a login dialog is displayed to the user. E-SSOM will fill in the username, password and press the OK button automatically. The user of the workstation may see the login screen briefly but there will be no action (manually login) to undertake with the application.

References

Customers who use Enterprise Single Sign On Manager include:
Hospital Rivierenland

Fast User Switching

This feature allows users to logon to and logoff from public computers quickly. When users log on using Fast User Switching, applications that they require can be automatically started and logged on to. When users log off, E-SSOM can log off from the applications and/or close them. The login procedures can be simplified by combining Fast User Switching with a user badge. In this way, users can obtain access to applications by inserting their pass. They can log out by removing their pass, so that the computer becomes available for the next user.

Two-factor authentication

Two-factor authentication (TFA or 2FA) involves using two independent resources to confirm a person’s identify. E-SSOM can provide additional security for the SSO login based on a user pass-card with a PIN code.

Follow-Me

An addition to Fast User Switching is the Follow-Me principle, which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. This results in considerable time savings, particularly in the case of specialists who make their rounds along departments and need to have access to their data via various computers.

Links

Almost every application is suitable for single sign on access. Here is a list of applications for our customers with E-SSOM support.

Security

E-SSOM handles all user account details securely.
Communication: All information exchanged between the various E-SSOM components is encrypted.
Local storage:When using a laptop, depending on the configuration, all log-in details are encrypted and stored locally on the hard drive.
Database: A copy of every username and password is stored in the central database. These details are encrypted.
Logging:All end-user activities are logged in the central E-SSOM database. E-SSOM is developed in such a way that all confidential information is exchanged and stored securely.
DPAPI Security: The coded algorithms in E-SSOM are based on DPAPI Security, but other algorithms can be applied to meet your organization’s security standards. The highly acclaimed DPAPI password security system complies with the strictest security rules. It also offers the possibility of retrieving data in the case of lost or forgotten passwords.

Scalability

We often observe a peak in the use of an SSO application in the mornings as employees begin their working day. Research shows that in 96.5 percent of cases, E-SSOM is used during the first 30 minutes of the working day. During this time, the central E-SSOM engine must be capable of supplying all the details for the end-users and their applications. To streamline this process, the log-in request is distributed to a variety of Microsoft Windows Services. Our license model permits an unlimited number of E-SSOM service requests in the network and supports up to 250,000 workstations.

High availability

End-users will be dependent on the SSA solution to an increasing degree. The software’s availability is thus crucial. E-SSOM guarantees that end-users are always able to use the software through a variety of mechanisms. These mechanisms are:
Replication: User account details can be stored in a relational database. Standard applications for secure storage are applied. E-SSOM supports locating the database on a cluster server and/or database replication.
Multiple services: The central E-SSOM engine is a Microsoft Windows service. E-SSOM has fault-tolerant implementation. Information on the rights of the end-user is exchanged via a replicable database. On the end-user’s side, E-SSOM automatically selects an available service.
Locale storage: Local storage is supported if a workstation cannot establish a connection to the central E-SSOM service. The local workstation then utilizes an offline mode.

Integration with other solutions

The central E-SSOM engine supports integration with external systems and applications. E-SSOM has both a COM object interface and contains support for an open standard SPML (Service Provisioning Markup Language). SPML is based on SOAP/XML messages and E-SSOM supports web services. E-SSOM can be integrated with applications for password resetting and user provisioning.
Password reset: When an application requests the entry of a new password after a period of time, E-SSOM itself can generate and store a new password. E-SSOM can also allow the end-user to fill in a new password manually.
User Provisioning: When a new employee begins work, user accounts and passwords must be created in a variety of systems and applications. E-SSOM can create a link with a number of applications for automated User Provisioning, such as UMRA, IDM3, ILM and Sun Identity Manager. The end-user thus has direct access to the application landscape and doesn’t have to do anything himself.

Multiple user accounts per employee

Some end-users have access to an application through a variety of accounts and usernames, for instance system administrators. For example they have a ‘normal’ account and an ‘admin’ account. This system administrator probably has access to a number of environments for development, testing or production. In such cases E-SSOM shows an extra window when the application is launched. Here the administrator selects a specific username and/or environment. E-SSOM then ensures that the application is launched in the correct environment with the correct username/password combination.

Delegating applications

During a vacation or sick leave, it may be necessary to grant another user temporary access to one or more applications. This requires network modification to ensure that the temporary user acquires the correct rights. This also entails risks as it is often forgotten to revoke the temporary rights again. E-SSOM offers the ability to delegate specific rights of the absent employee to another end-user for a specific period. Once the configured period has passed, the rights of the temporary employee are automatically revoked.

Enhances ease of use

End-users no longer need to log in separately for every application they want to use. Based on their rights, E-SSOM automatically supplies the required username and passwords and the application is opened. E-SSOM is easy and efficient.

Reduces risk

Multiple applications generally require multiple usernames and passwords. This confidential information is often written on a piece of paper and stays within reach of the computer. This is an insecure situation and negates your expensive and complex security measures. E-SSOM reduces the risks within your organization by avoiding this frequently-occurring situation.

Fulfills compliance

E-SSOM acts as a central access portal to all applications. This offers several options for fulfilling compliance. Thus, access to the entire network for an end-user can be denied in a single SSO action instead of having to go through every application individually. With E-SSOM, if you wish, a report can be generated on which user accounts have access and the dates and times access occurred. Finally, E-SSOM can perform extra checks before log-in is achieved. This often occurs with critical applications where extra security is built in to verify that the right end-user wants access. This allows for the integration of Smart Cards or a PIN code, amongst others.

Software requirements

Minimal hardware requirements

Processor: Pentium III (Pentium 4 or higher recommended)
Memory: 512 MB RAM (1 GB or more recommended)
Hard disk space: 256 MB (1 GB or more recommended)

Depending on the exact configuration and used components the system requirements may vary.