Single Sign-On… in 60 minutes or less!
Submitted by CJ Gill on January 14th, 2010
Over the last couple of months I have worked with many IT administrators for their Single-Sign-On (SSO) requirements. In this blog post, I will talk about the benefits, security and simplicity of our SSO solution.
What is Single-Sign-On?
Wikipedia says that it is a property of access control of multiple, related, but independent software systems. In simpler terms, it means you sign in with a single username and password — and then you get access to all your computer-based applications like printer, email, network drives etc.
One might think what’s the big deal… why can’t I use the same password for all services? Well, imagine if you use same password for email, LeapFILE and IM and your email password expired after 30 days and you can’t reuse last 3 passwords. Now you have to change all the passwords so that they are all same.
So with SSO, you use the single user name password, not the same user name password.
Before the era of HIPAA and the Sarbanes-Oxley Act, many organizations turned a blind eye to password management. But now, with fines from federal regulations looming, information security departments are getting tougher about password security.
What are the benefits of Single-Sign-On?
- No more password fatigue
- Reduced IT costs due to lower number of IT help desk calls about passwords - According to recent research by Enterprise Management Associates (EMA), password management costs $250 per year, on average, for every computer user in an organization. So, if an agency has 10,000 employees, it is shelling out $2.5 million annually just for assisting staffers who have lost or forgotten their passwords.
- Security and real time access control
- Centralized reporting for compliance adherence
- Supports latest as well as conventional directory services
How we do it?
We use a lightweight hardened Linux virtual machine which runs inside your network and talks to your AD server for login requests using a service account (we call it the binding user).
Simplicity, flexibility and security are the features that make our SSO solution so robust. No information (user credentials or domain controllers) leaves the corporate firewall and user access can be restricted by Groups or OU’s in the Active Directory.
We also deploy an SSL certificate inside the virtual machine to encrypt all the information exchange between Authentication Gateway and LeapFILE servers. Deploying this highly secure solution can take only 60 minutes or less for most customers. Recently, I have deployed SSO with one of the top accounting firms and it actually took around 30 minutes. This is what’s required from the customer for a typical deployment:
- Import the virtual machine into your existing VMware infrastructure
- Power on the imported VM and give it internet access and AD server IP
- Prepare your Firewall and configure access rules
- You’re done! We will configure the rest of it :)
Now that you have a fair idea about the SSO solution, talk to us and see how your company can benefit from it. Our solution managers will give you more detailed information and examples.
Are you ready for the 60 minute deployment? I am.
