There isn't a cookie cutter set of requirements or components for implementing single sign-on (SSO) in an organization. It depends predominantly on two things: the size of the organization and the risk levels of the different systems that would be enrolled in the SSO set up.
Besides that, SSO comes in different flavors and varieties such as a set of software modules or as a hardware appliance. Again, it all depends on the size and business needs of the organization.
As a general rule, however, every SSO implementation should have the following: an inventory of systems, a needs analysis and a deployment schedule.
Before setting up an SSO system, it's important to know what systems are in place, what type of authentication they require and what directory services they are using. One purpose of SSO is to knit together diverse systems. So, a good SSO system should be able to work with both Active Directory and LDAP, as well as handle the different types of authentication systems in the environment. The other thing to consider is whether the organization needs SSO strictly for network access or for Web access as well.
Next, conduct a needs analysis to determine which systems should have SSO access. Which systems are being accessed the most frequently by users? Are they a mix of Web applications or network systems? This will determine what technology components are necessary for SSO implementation.
Lastly, it's necessary to put a deployment schedule in place. Users have to get accustomed to the SSO system. A roll out should be in phases, so that if something goes wrong, or employees are having difficulty, it won't take down the entire access management infrastructure at once.
The key components of an SSO depend on whether it's a software or hardware implementation. For a software-based implementation, such as with IBM's Tivoli, dedicated servers are required to run the system. Also important are development resources to tweak and customize the packages to the organization's specific requirements.
For a hardware-based implementation, such as with Imprivata Inc.'s all-in-one appliance, the product must be compatible with the network architecture.
This was first published in June 2008