Single Sign-On (SSO) projects are generally large and require extensive planning and sophisticated meshing with existing authentication infrastructures. As a result, SSO tends to be highly vertically integrated. However, because the technology is still relatively new and not very widespread, there's still room for smaller players.
Due to the large scale of SSO deployments, the market has been dominated by big players like Cisco, Microsoft and IBM. A key requirement of SSO is that it has to fit neatly into an organization's existing architecture. Since many enterprises are already using authentication products from these companies, using their SSO products is a natural fit.
In addition, large-scale SSO deployments rely on database back ends and software modules that act as gateways to each individual authentication system. This support infrastructure can be complicated enough to require large back end systems.
On the other hand, Imprivata, a smaller player, promotes itself as the mid-market alternative. Its product is a series of self-contained servers that handle the entire SSO implementation for smaller networks. It has a Web-based interface for administration, and automatically updates user IDs and passwords behind the scenes on individual systems that require password changes every 60 or 90 days. Most of the company's customers are small to medium-sized businesses, and mid-sized government agencies and municipalities.
Whether smaller players, like Imprivata, will be acquired remains to be seen. For now, SSO comes in different sizes to meet different requirements. And, despite the heavy vertical integration that currently exists in the marketplace, as SSO spreads to smaller organizations, there will most likely be some shifts.
This was first published in August 2006