There are two ways to implement enterprise single sign-on (SSO) for remote logons. One is to use Citrix itself,...
which you already have, and the other is to set up an SSL VPN with another provider.
Citrix Password Manager lets users sign on whether they're already in the network and behind the corporate firewall, or whether they're off-site and remotely logging in from outside the firewall. The product uses the Citrix Presentation Server to manage passwords, and users can access their accounts with the Citrix Web Interface. Password Manager has been enhanced for SSO, too, and integrates with Active Directory.
Password Manager is fully automated, and users can set themselves up and reset passwords on their own without having to call the help desk.
Another approach for remote user authentication is an SSL VPN. An SSL VPN allows specific remote users to connect to particular internal applications, which is what you're trying to do here. This contrasts with a traditional IPsec VPN, which connects a workstation to a network.
As for combining SSO with an SSL VPN, Aventail Corp. now offers SSO access in its beefed- up ST2 platform. Aventail is a leading vendor in the SSL VPN market and integrates with Active Directory, LDAP and RADIUS, an authenticating server for remote users.
Another top player in the SSL VPN arena is Juniper Networks Inc. Juniper joined forces with RSA Security (which is now owned by EMC Corp.) to add SSO functionality to its SSL VPN offering. The RSA Federated Identity Manager handles the SSO side of the application and integrates into existing corporate directories.
The key point to remember with SSO is that it cuts both ways. With a single user ID and password for multiple applications, it provides real ease of use for your employees. That ease of use, however, extends equally to malicious users trying to get into your system. In one stroke, an entire network can be compromised.
Whichever SSO solution you choose, make sure it's secure, harden all SSO hardware and software and educate users in safe password handling practices.
Dig Deeper on Single-sign on (SSO) and federated identity
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.