Q

How to log in to multiple servers with federated single sign-on (SSO)

Single sign-on is a rapidly evolving technology that, when partnered with federation tools, can offer a greater and greater level of granularity for access control. Learn how from expert Randall Gamby.

I'm looking for a technology that allows a user to securely log in to multiple servers (with different domains and possibly even different LANs) simultaneously. Do you have any suggestions?

There are two technologies that come to mind. The first consists of commercially available enterprise single sign-on (eSSO) proprietary products. These are readily available, and many of the major identity and access management vendors have these products in their respective portfolios. However, since you mentioned different domains and LANs, you may have to supplement these tools with a standards-based technology, such as a federation...

tool.

Federation tools (such as IBM's Tivoli Identity Federation, Oracle Corp.'s Oracle Identity Federation, Ping Identity Corp.'s PingFederate, Courion Corp.'s Access Assurance, etc.) work by predefining the access rights that you or your partner's users will have. This is done first through legal negotiations to establish the constituent classes and rights that the constituents will have on the remote systems. Then, within each federation tool, the token, or assertion, data is defined to express these rights that will be passed during the authorization communications between the clients and end points. Once the federation technologies are installed on both sites, the tools pass along tokens based on these predefined access rights, rather than just passing user authentication data.

While federation is still evolving, the feasibility of using federation technologies within an organization, or even between business partners, is growing daily and has already been in use for several years.

For more information:

  • Read more about content-aware IAM and how it unites data protection with user access.
  • What's the difference between SSO and federated identities? Learn more.
  • This was first published in September 2009
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close