Citrix Password Manager lets users sign on whether they're already in the network and behind the corporate firewall, or whether they're off-site and remotely logging in from outside the firewall. The product uses the Citrix Presentation Server to manage passwords, and users can access their accounts with the Citrix Web Interface. Password Manager has been enhanced for SSO, too, and integrates with Active Directory.
Password Manager is fully automated, and users can set themselves up and reset passwords on their own without having to call the help desk.
Another approach for remote user authentication is an SSL VPN. An SSL VPN allows specific remote users to connect to particular internal applications, which is what you're trying to do here. This contrasts with a traditional IPsec VPN, which connects a workstation to a network.
As for combining SSO with an SSL VPN, Aventail Corp. now offers SSO access in its beefed- up ST2 platform. Aventail is a leading vendor in the SSL VPN market and integrates with Active Directory, LDAP and RADIUS, an authenticating server for remote users.
Another top player in the SSL VPN arena is Juniper Networks Inc. Juniper joined forces with RSA Security (which is now owned by EMC Corp.) to add SSO functionality to its SSL VPN offering. The RSA Federated Identity Manager handles the SSO side of the application and integrates into existing corporate directories.
The key point to remember with SSO is that it cuts both ways. With a single user ID and password for multiple applications, it provides real ease of use for your employees. That ease of use, however, extends equally to malicious users trying to get into your system. In one stroke, an entire network can be compromised.
Whichever SSO solution you choose, make sure it's secure, harden all SSO hardware and software and educate users in safe password handling practices.
This was first published in February 2007