Single sign on (sso) emulation by means of password synchronization
Scope
This page discusses the call to provide sso facilities as support for easily controlled access to complex enterprise infrastructures, and the necessity for their being an integral part of an enterprise's user management procedures. In the real world, password synchronization is an alternative to sso when used for managing the security of single or multiple enterprise business applications running on the large, multi-user IT service supported by a Unix and Windows infrastructure. Password synchronization is a feature os simplified sign-on, also confusingly known as sso.
The sso problem
The proportion of the workforce having access to business critical software continues to increase as does the number of applications they use.
In the past, a user may have required access to one application residing on a single system. Now, a user may have to be registered on several different servers, operating system types, databases and business applications. Registration of each user with each facility is needed.
The problem is made worse by staff moving around, demanding changed access rights and new ones. Factors such as the global distribution of systems, the disabling (closing) of accounts for those leaving the organization and the everyday issues of forgotten passwords, temporary staff, new applications and new systems, and the problem is evident.
Security considerations
Most security problems are caused by staff rather than those outside the organization, so this must be addressed first. The ideal solution is one package which supports the administration of both the user population and their security profiles at the same time.
It would be much better if each user could maintain one password for use across all the facilities to which she/he needs access. Password synchronization is a "must have" for the modern, complex environment, and is the pragmatic alternative to the ideal.
In addition to the large community of application users, the smaller class of privileged users (commonly system administrators) present their own problems for which sso software should be the solution. They frequently have unrestricted access to resources and data and, yet more problematic, their activities are neither monitored nor recorded for possible auditing. At the same time, privileged users often need to be able to turn their attention rapidly from machine to machine. OSM supplies software products which close this gap. See also www.cosduty.com.