
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Pre-requisites for implementing enterprise single sign-on (SSO)

Ask The Security Expert: Questions & Answers

EMAIL THIS

Pre-requisites for implementing enterprise single sign-on (SSO)

EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 30 June 2008
What are the pre-requisites/necessary technology components required to implement single sign-on (SSO) in an organization?

BROWSE BY TAG

Identity Management and Access Control, Enterprise Identity and Access Management, User Authentication Services, Enterprise Single Sign-On (SSO), Information Security Management, Business Management: Security Support and Executive Communications, Expert Archive: Identity Management and Access Control, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	Learn about enterprise strategy for server virtualization single sign-on
	Employee information security awareness training for new IAM systems
	Can you combine RFID tag technology with GPS to track stolen goods?
	Is there a free enterprise-caliber password-management tool?
	Cryptosystem attacks that do not involve obtaining the decryption key
	Can any firm or organization get a digital signature certificate?
	Should the CTO have domain administrator access?
	Does password sharing in international branches violate SOX?
	What are best practices for secure password distribution after a data breach?
	Is it possible to encrypt CDs and DVDs as well as SD cards?

Enterprise Single Sign-On (SSO)

Changing times for identity management

Kerberos configuration as an authentication system for single sign-on

How to use single sign-on for Web access control to prevent malware

Learn about enterprise strategy for server virtualization single sign-on

Enterprise single sign-on: Easing the authentication process

Exploring authentication methods: How to develop secure systems

User provisioning and SSO for PeopleSoft- and Unix-based products

Sun launches open source OpenSSO for identity management

Startup Symplified delivers SSO in the cloud

SaaS Offering Handles SSO

Enterprise Single Sign-On (SSO) Research

Business Management: Security Support and Executive Communications

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

New partnerships, creative thinking help security bust recession

How to align an information security framework to your business model

Service-focused security offers best value to organization

Cybersecurity Act of 2009: Power grab, or necessary step?

Information security skills must include communication, expert says

Mimic the IBM approach to security at RSA

Sell the business on virtualization security

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

single sign-on (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

There isn't a cookie cutter set of requirements or components for implementing single sign-on (SSO) in an organization. It depends predominantly on two things: the size of the organization and the risk levels of the different systems that would be enrolled in the SSO set up.

Besides that, SSO comes in different flavors and varieties such as a set of software modules or as a hardware appliance. Again, it all depends on the size and business needs of the organization.

As a general rule, however, every SSO implementation should have the following: an inventory of systems, a needs analysis and a deployment schedule.

Before setting up an SSO system, it's important to know what systems are in place, what type of authentication they require and what directory services they are using. One purpose of SSO is to knit together diverse systems. So, a good SSO system should be able to work with both Active Directory and LDAP, as well as handle the different types of authentication systems in the environment. The other thing to consider is whether the organization needs SSO strictly for network access or for Web access as well.

Next, conduct a needs analysis to determine which systems should have SSO access. Which systems are being accessed the most frequently by users? Are they a mix of Web applications or network systems? This will determine what technology components are necessary for SSO implementation.

Lastly, it's necessary to put a deployment schedule in place. Users have to get accustomed to the SSO system. A roll out should be in phases, so that if something goes wrong, or employees are having difficulty, it won't take down the entire access management infrastructure at once.

The key components of an SSO depend on whether it's a software or hardware implementation. For a software-based implementation, such as with IBM's Tivoli, dedicated servers are required to run the system. Also important are development resources to tweak and customize the packages to the organization's specific requirements.

For a hardware-based implementation, such as with Imprivata Inc.'s all-in-one appliance, the product must be compatible with the network architecture.

More information:

Learn more best practices for implementing SSO.
Interested in keeping up the IAM trends? Read this tip from a security expert.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy