Identity Management And Access Control In A Single Sign-On Environment

Wikipedia defines identity management as “The management of individual identities, their authentication, authorisation, roles, and privileges within or across system and enterprise boundaries, with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” Phew!

In a nutshell, this means a business needs to be able to authenticate and authorise a user according to the role they play in an organisation and then assign them the least amount of privileges to do their job.

Creating your multi-level SSO plan

The first step is planning for a SSO environment with employees, infrastructure and their commercial partners in mind. There are many benefits of SSO from a user’s perspective including:

  • No need to manage large numbers of passwords
  • A simple sign-up and login process
  • Reduced exposure to the risks of data loss

The SSO delivery plan needs to outline all of the requirements for accessing resources including overall security and access control. Once the plan is outlined, the organisation needs to look at current resources, both staff and costs, and see what voids need to be filled.

Once you have selected a software solution, the IT team should run a small test on the solution to ensure they have a suitable product for implementation. Doing backups on the SSO server with off-line storage is a great idea in case the server gets hacked, then restoring your data should be relatively straightforward.

At the same time, creating multiple SSOs is a good thought in case one SSO goes down, causing a denial of service. The SSO administrator should be able to set a number of parameters on passwords including the lifetime of the password, the number of passwords a user can reuse and the maximum password length.

Some of the issues with implementing standard single-sign-on solutions include de-provisioning user accounts when a user leaves the company, considering the infrastructure where SSO will be implemented, and imagining SSO is an ‘all-in-one’ solution.

In the SSO world, there are many success stories out there, but expectation management is crucial to understanding that SSO ‘out of the box’ may not always be what it seems, and most SSO system require some if not extensive additional work to get them functioning to the satisfaction of most users.

Simpler SSO solutions for Cisco IPT Telephony Systems

ALM single sign-on (SSO) software from Cisco Select Partner RSconnect can be installed within 30 seconds, does not require any administrator or technical skills, and will work out of the box using your existing Cisco IPT phone’s Extension Mobility settings. ALM is also compatible with Cisco CUCM 7.x, 8.0 and 9.0.

ALM replaces the need for users to manually enter their Username and PIN Code, using a tiny Windows application that then appears in the Windows start menu of a user’s PC or laptop.

ALM software is easy to use and improves the internal security policies within your company, and can also be added on top of your existing Microsoft Active Directory integration.

A fully functional evaluation version of ALM software is available for download, completely free of charge.

For more details contact RSconnect at [email protected]

Feature photo by Ken Fager

3 thoughts on “Identity Management And Access Control In A Single Sign-On Environment

  • April 8, 2014 at 6:24 pm
    Permalink

    Oooops… This one feels a strong degree of advertising here.

    Reply
  • April 10, 2014 at 11:36 pm
    Permalink

    Ooooh we got more important things to do with the heartbleed going on.

    Reply
  • Pingback: Ba Mun

Leave a Reply