
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > What are the pre-requisites for implementing single sign-on (SSO) in an organization?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What are the pre-requisites for implementing single sign-on (SSO) in an organization?

EXPERT RESPONSE FROM: Joel Dubin

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 30 June 2008
What are the pre-requisites/necessary technology components required to implement single sign-on (SSO) in an organization?

EXPERT RESPONSE

There isn't a cookie cutter set of requirements or components for implementing single sign-on (SSO) in an organization. It depends predominantly on two things: the size of the organization and the risk levels of the different systems that would be enrolled in the SSO set up.

Besides that, SSO comes in different flavors and varieties such as a set of software modules or as a hardware appliance. Again, it all depends on the size and business needs of the organization.

As a general rule, however, every SSO implementation should have the following: an inventory of systems, a needs analysis and a deployment schedule.

Before setting up an SSO system, it's important to know what systems are in place, what type of authentication they require and what directory services they are using. One purpose of SSO is to knit together diverse systems. So, a good SSO system should be able to work with both Active Directory and LDAP, as well as handle the different types of authentication systems in the environment. The other thing to consider is whether the organization needs SSO strictly for network access or for Web access as well.

Next, conduct a needs analysis to determine which systems should have SSO access. Which systems are being accessed the most frequently by users? Are they a mix of Web applications or network systems? This will determine what technology components are necessary for SSO implementation.

Lastly, it's necessary to put a deployment schedule in place. Users have to get accustomed to the SSO system. A roll out should be in phases, so that if something goes wrong, or employees are having difficulty, it won't take down the entire access management infrastructure at once.

The key components of an SSO depend on whether it's a software or hardware implementation. For a software-based implementation, such as with IBM's Tivoli, dedicated servers are required to run the system. Also important are development resources to tweak and customize the packages to the organization's specific requirements.

For a hardware-based implementation, such as with Imprivata Inc.'s all-in-one appliance, the product must be compatible with the network architecture.

More information:

Learn more best practices for implementing SSO.
Interested in keeping up the IAM trends? Read this tip from a security expert.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	What are the options for a mechanical (not electrical) door security system on a server room door?
	What's the difference between access control mechanisms and identity management techniques?
	What courses can improve fundamental knowledge of infrastructure systems (Active Directory, LDAP, etc.)?
	What tools provide user provisioning and single sign-on for PeopleSoft- and Unix-based products?
	Should a new user have to confirm his or her email address before gaining access?
	Can home PCs provide a way for viruses and spyware to enter a corporate LAN?
	What should an enterprise look for in a password token, and in a vendor?
	Is it possible to write a batch file that allows user access to the local admin group for a short time?
	IAM best practices for employees with varying degrees of access to the same computer
	What are some good pre-boot biometric user authentication tools or strategies?

Enterprise Single Sign-On (SSO)

Enterprise single sign-on: Easing the authentication process

Exploring authentication methods: How to develop secure systems

What tools provide user provisioning and single sign-on for PeopleSoft- and Unix-based products?

Sun launches open source OpenSSO for identity management

Startup Symplified delivers SSO in the cloud

SaaS Offering Handles SSO

Kerberos security evolves for B2B, mobile tech

IBM acquires Encentuate for single sign-on software

Security360: Identity management market

Top 10 access-related controls for PCI compliance

Enterprise Single Sign-On (SSO) Research

Management Support for Information Security

IT security pros focus on internal threats during tough economy

IT security pros face challenge during economic crisis

What are some tips on protecting my security budget in a tight economy?

IT security not valued at many firms, study finds

How to get information security buy-in from the executive team

Initial virtualization costs could outweigh benefits

What's your advice for getting other business units to contribute to crafting an effective information security policy?

Will the new CERT security incident-response project benefit infosec pros?

CIO role could shift toward data quality, says IBM group

Results Chain for Information Security and Assurance

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

single sign-on (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy