Enterprise Single Sign-On
In a typical heterogeneous enterprise environment, there may be a number of applications running off a multitude of systems and machines a user may have to access on a daily basis. To create a user individually for all these applications takes up time for each system and the assigning of access control can be troublesome and repetitive. Moreover a distributed model means slower response time for helpdesk requests, unnecessary overheads in servicing these requests and inefficiency on the part of the users (user has to sign into multiple domains). This leads to poor user experience, extensive administration costs, lack of security and privacy for the users and lack of interoperability with other business systems as well as with other third party identity/security management solutions.
These business challenges drive an enterprise to adopt a better Identity Management and Enterprise Single Sign-On (ESSO) solution When evaluating ESSO solutions it is good to keep in mind how to enable a comprehensive solution for managing identity profiles and permissions throughout the entire identity lifecycle, thereby providing aids in regulatory compliance – including Sarbanes-Oxley and HIPAA, and simplified administration – how you can control password policies from a single console. An ESSO solution should help to improve your company’s overall security.
Business Drivers for ESSO
Here are the main business drivers for ESSO in any enterprise:
- Password Management – There is a need within enterprise organizations to simplify the end user experience, to reduce password related help desk costs and enhance security by eliminating poor end user password management.
- Identity Management – There is a greater need for integrated enterprise sign-on which is a key requirement for, and often a first step, of a complete enterprise identity management solution.
- Strong Authentication – Extending strong user authentication to enterprise applications is a key requirement of a strong authentication initiative.
- Compliance – Eliminate the hidden end user costs associated with compliance driven initiatives. Extend audit and reporting capabilities to include user sign-on data.
Benefits of ESSO
ESSO offers a number of important benefits to an enterprise:
- Maximizes productivity – Allows users to gain quick and easy access from any location.
- Eliminates lost or forgotten passwords – users have just one password to remember.
- Lowers user support costs – virtually eliminates password-related support calls.
- Securely stores and manages all passwords – eliminates the need to manually manage passwords.
- Improves network security – prevents unauthorized users from accessing enterprise applications.
- Aids in regulatory compliance – including Sarbanes-Oxley and HIPAA compliance.
- Simplifies administration – enables control of password policies from a single console.
- Rapid Integration –Integrates with an existing Identity Management lifecycle management solution.
Oracle ESSO supports an extensive list of directories and databases as a central repository for user credentials, application logon templates, password policies, and client settings. Oracle ESSO helps enterprises advance their identity management, compliance and authentication initiatives by simplifying, extending and securing enterprise end user sign-on.
The basic steps of operation using Oracle ESSO are as follows:
- User requests access to an enterprise application that can be windows, mainframe, web or Java applications
- Oracle ESSO Logon Manager Agent intercepts user request on his desktop
- The ESSO Logon Manager retrieves the user record, and then fills in the appropriate users credentials for the ESSO enabled application. The application specific username and password are sent to the application.
- User is granted access to the application
Following is a list of exclusive features offered by the Oracle ESSO solution:
- Web-based access management SSO: This will include an SSO capability for Web-based applications. With Web-based SSO, the user supplies a credential. The Web server validates the password with a central credential server. If a match is found, the user is granted access to the Web-based application or system.
- Desktop/Mainframe/Host Applications access Management SSO: The ESSO solution should provide access to all desktop applications (ex: windows/Solaris) Mainframe applications (such as 3270, 5250), and Host applications (example Telnet). Provide users to use multiple emulators and multiple emulator sessions simultaneously. Supports user needs to both logons and password-change for desktop applications and allows administrators to add mainframe/desktop applications and configure them and easily deploy them to users.
- Java Applications & Applets access Management SSO: Provide user access to AWT and Swing and standalone Java Applications and Applets
- Credential Synchronization: Provide a way to replicate the user’s credentials (example username, password) automatically across all applications and resources.
- Event Logging: Provide ESSO administrator’s logs and report on application usage. Provide network administrators comprehensive reports on password-related activity, showing who used passwords, what applications they accessed, where, and when.
- Enterprise-class Scalability: The Oracle ESSO solution is unique in its ability to scale to service the needs of enterprises of all sizes.
- Faster Deployments, Updates and Rollback: The Oracle ESSO suite Plus (ESSO Suite Plus) is an extension to Oracle ESSO that provides the advantage of eliminating traditional software installation allowing system administrators to simply host the ESSO product online for users to download. Users will download and run ESSO with a simple click of a button from a host website or a network file share. This offers true ESSO portability and also reaching a wider set of audience in an Organization like remote, mobile and temporary users, including partners, outsourcers, contractors and other non-employees.