What are the pre-requisites/necessary technology components required to implement single sign-on (SSO) in an o...
There isn't a cookie cutter set of requirements or components for implementing single sign-on (SSO) in an organization. It depends predominantly on two things: the size of the organization and the risk levels of the different systems that would be enrolled in the SSO set up.
Besides that, SSO comes in different flavors and varieties such as a set of software modules or as a hardware appliance. Again, it all depends on the size and business needs of the organization.
As a general rule, however, every SSO implementation should have the following: an inventory of systems, a needs analysis and a deployment schedule.
Before setting up an SSO system, it's important to know what systems are in place, what type of authentication they require and what directory services they are using. One purpose of SSO is to knit together diverse systems. So, a good SSO system should be able to work with both Active Directory and LDAP, as well as handle the different types of authentication systems in the environment. The other thing to consider is whether the organization needs SSO strictly for network access or for Web access as well.
Next, conduct a needs analysis to determine which systems should have SSO access. Which systems are being accessed the most frequently by users? Are they a mix of Web applications or network systems? This will determine what technology components are necessary for SSO implementation.
Lastly, it's necessary to put a deployment schedule in place. Users have to get accustomed to the SSO system. A roll out should be in phases, so that if something goes wrong, or employees are having difficulty, it won't take down the entire access management infrastructure at once.
The key components of an SSO depend on whether it's a software or hardware implementation. For a software-based implementation, such as with IBM's Tivoli, dedicated servers are required to run the system. Also important are development resources to tweak and customize the packages to the organization's specific requirements.
For a hardware-based implementation, such as with Imprivata Inc.'s all-in-one appliance, the product must be compatible with the network architecture.
Dig Deeper on Single-sign on (SSO) and federated identity
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ... Continue Reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.