Wikipedia defines identity management as “The management of individual identities, their authentication, authorisation, roles, and privileges within or across system and enterprise boundaries, with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.” Phew!
In a nutshell, this means a business needs to be able to authenticate and authorise a user according to the role they play in an organisation and then assign them the least amount of privileges to do their job.
Creating your multi-level SSO plan
The first step is planning for a SSO environment with employees, infrastructure and their commercial partners in mind. There are many benefits of SSO from a user’s perspective including:
- No need to manage large numbers of passwords
- A simple sign-up and login process
- Reduced exposure to the risks of data loss
The SSO delivery plan needs to outline all of the requirements for accessing resources including overall security and access control. Once the plan is outlined, the organisation needs to look at current resources, both staff and costs, and see what voids need to be filled.
Once you have selected a software solution, the IT team should run a small test on the solution to ensure they have a suitable product for implementation. Doing backups on the SSO server with off-line storage is a great idea in case the server gets hacked, then restoring your data should be relatively straightforward.
At the same time, creating multiple SSOs is a good thought in case one SSO goes down, causing a denial of service. The SSO administrator should be able to set a number of parameters on passwords including the lifetime of the password, the number of passwords a user can reuse and the maximum password length.
Some of the issues with implementing standard single-sign-on solutions include de-provisioning user accounts when a user leaves the company, considering the infrastructure where SSO will be implemented, and imagining SSO is an ‘all-in-one’ solution.
In the SSO world, there are many success stories out there, but expectation management is crucial to understanding that SSO ‘out of the box’ may not always be what it seems, and most SSO system require some if not extensive additional work to get them functioning to the satisfaction of most users.
Simpler SSO solutions for Cisco IPT Telephony Systems
ALM single sign-on (SSO) software from Cisco Select Partner RSconnect can be installed within 30 seconds, does not require any administrator or technical skills, and will work out of the box using your existing Cisco IPT phone’s Extension Mobility settings. ALM is also compatible with Cisco CUCM 7.x, 8.0 and 9.0.
ALM software is easy to use and improves the internal security policies within your company, and can also be added on top of your existing Microsoft Active Directory integration.
A fully functional evaluation version of ALM software is available for download, completely free of charge.
For more details contact RSconnect at firstname.lastname@example.org
Feature photo by Ken Fager