Password Synchronisation vs. Single Sign On

Clients often ask me to advise them on reducing the number of passwords end-users need to use in order to access their account and applications. Their first approach, in order to avoid multiple passwords, is usually to ensure that passwords are synchronised over different systems.

This is certainly a valid approach, but is it always the best solution? This post focuses on the advantages and disadvantages of using a password synchronisation tool to reduce the number of login credentials. It also looks at the strength of Enterprise Single Sign On software as an alternative (Such as Tools4ever's E-SSOM).

Although password synchronisation solutions will reduce the number of passwords the end user needs to key in, a number of technical conditions must be met in order for the software to function effectively:

1. Password synchronisation applications (for example PSM (Password Synchronisation Manager) by Tools4ever) need to be able to know which accounts in each application correspond to which user in the enterprise directory (such as Active Directory). However, this is not always an easy process as many applications use different (manual) naming conventions or limit the number and/or type of characters in the user name.

2. Each application must allow an automated password change whenever a password is amended in Active Directory. This often requires a specific connector or API. The password complexity rules of the application must also comply with those of the central directory. However, many applications have limited password complexity rules and therefore weaker passwords would need to be used at Active Directory level in order for the password synchronisation solution to work. This kind of scenario is not ideal as it could lead to potential security issues.

In many cases the conditions above mean that a new project must be undertaken to make password synchronisation possible. This involves time, resources and may involve changing usernames and passwords for the end user which is just the situation that we are trying to avoid.

Enterprise Single Sign On solutions can offer a number of advantages over PSM software. Firstly, it is often easier to implement an Enterprise Single Sign On solution. Enterprise SSO solutions (specifically E-SSOM by Tools4ever) can recognise the login screens/events of applications and can automatically fill them out. The result for the end user can be even better than a successful password synchronisation as not only do they no longer have to remember different sets of login credentials, but they also do not need to key in logon credentials for each application.

In the case of Enterprise SSO Manager:

  1. The conditions (as specified above) for password synchronisation do not have to be met.
  2. Nothing has to be changed in the existing login/password structures.
  3. No API's or connectors are necessary to access application passwords.
  4. The solution will work with any type of application or mode of authentication.

As such, Enterprise Single Sign On solutions are often the preferred choice over Password Synchronisation tools. Personally, I find that if you only have one or two applications to synchronise and all the conditions have been met anyway, Password Synchronisation can be an excellent tool to use. However, if the conditions for password synchronisation are not met natively or if you are interested in 'synchronising' more applications, an Enterprise SSO solution like Tools4ever's E-SSOM, would be the better solution in terms of light implementation, scalability and resulting ease of use for the end-user.

To learn more about E-SSOM and PSM please visit:
Enterprise SSO Manager
Password Synchronisation Manager

Single Sign On: regulating access cards

By now, many organisations are aware of the advantages of Single Sign On (SSO). Employees benefit from SSO because they only have to remember a single (complex) password rather than dozens of (complex) passwords, the IT department receives fewer password reset calls and network security is enhanced ensuring the organisation can meet auditing requirements.

Read more

Who’s speaking please?

The majority of calls received by the IT helpdesk need to be verified. After all, to protect the network, helpdesk needs to be certain that the caller is who they say they are before they can grant access rights to applications. So, how can they do this whilst protecting each end-user's personal information?

Read more

Access Management and SOX compliancy/audits

We frequently deal with companies that have to be compliant to SOX regulations. This often has a big impact on the IT department, particularly with regards to managing access rights. We find in these scenarios there are three very common issues which tend to arise:

Read more

SSO- The new software that could be the answer to NHS data protection woes

Healthcare organisations such as hospitals and surgeries operate complex networks comprising various applications running on multiple systems. Users need to have access to multiple applications for e-mail, the helpdesk and patient data, etc. In order to comply with increasingly strict security requirements, staff must enter separate username and password combinations for each application.

Read more

Can time- consuming login processes become a thing of the past?

Password synchronisation solutions can prove extremely useful for increasing efficiency and reducing costs. As with Tools4ever’s Password Sychronisation Manager, they allow end-users to use a single password for logging into their network, and all other applications they require access to. After end-users have changed their password, PSM ensures that they can log in directly to all the required systems and applications with a single set of log-on credentials. This can improve end-user productivity and minimise the number of password-related helpdesk calls. But is it possible to enhance efficiency and workforce productivity further still?

Read more