I'm looking for a technology that allows a user to securely log in to multiple servers (with different domains and possibly even different LANs) simultaneously. Do you have any suggestions?
There are two technologies that come to mind. The first consists of commercially available enterprise single sign-on (eSSO) proprietary products. These are readily available, and many of the major identity and access management vendors have these products in their respective portfolios. However, since you mentioned different domains and LANs, you may have to supplement these tools with a standards-based technology, such as a federation tool.
Federation tools (such as IBM's Tivoli Identity Federation, Oracle Corp.'s Oracle Identity Federation, Ping Identity Corp.'s PingFederate, Courion Corp.'s Access Assurance, etc.) work by predefining the access rights that you or your partner's users will have. This is done first through legal negotiations to establish the constituent classes and rights that the constituents will have on the remote systems. Then, within each federation tool, the token, or assertion, data is defined to express these rights that will be passed during the authorization communications between the clients and end points. Once the federation technologies are installed on both sites, the tools pass along tokens based on these predefined access rights, rather than just passing user authentication data.
While federation is still evolving, the feasibility of using federation technologies within an organization, or even between business partners, is growing daily and has already been in use for several years.
For more information:
- Read more about content-aware IAM and how it unites data protection with user access.
- What's the difference between SSO and federated identities? Learn more.
Dig Deeper on Single-sign on (SSO) and federated identity
Related Q&A from Randall Gamby
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ... Continue Reading
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ... Continue Reading
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading