Authenticating Windows

Three options for Windows authentication with eSSO clients.

The eSSO client authenticates to Windows via GINA chaining or replacement. Organizations frequently use this option for stronger authentication methods not natively supported in Windows (for example, OTP or biometrics). The eSSO system manages the user's Active Directory username and password behind the scenes and replays it at the right time. For Windows Vista, eSSO vendors will need to make significant changes to the eSSO client, since GINA chaining or replacement will not be possible.
More on enterprise single sign-on

Learn how to properly deploy enterprise single sign-on to benefit your organization

Find out how single sign-on differs from single authentication systems

The eSSO client leverages the native Windows authentication. This option is frequently used when the organization wishes to make the eSSO software as unobtrusive as possible, and have lower authentication requirements (the exception here is smart cards, which are supported natively in Windows).

In kiosk-mode under a generic Windows identity, there is one Windows desktop and identity, and the workstation is shared by many users. The primary reason for this configuration is speed because the traditional Windows user logon, desktop rendering and logoff can take too long.

This was last published in July 2006

Dig Deeper on Single-sign on (SSO) and federated identity

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.