General discussion


SSO or Identity Management

By joe.matthews ·
Hello. I have a question and I have been doing a lot of reading on the Internet and I am still confused so I thought I would ask everyone. I work for a community college and we are looking at a way to make it easier for teachers, staff, and students to login to different systems. Right now they have different passwords for different systems. They have their AD password to login to the domain. Then they have a username and password to login to our informational system. This is a app from a third party that users SQL. So I am tasked with looking at solutions to ease the hassle of remembering multiple usernames and passwords. The third party company does not have AD intergration. Should I be looking at things for Single Sign On or Identity Management or are they both the same? We are also looking at implementing Sharepoint to create portals. Does this make it easier or harder? Are there products anyone recommends (cheap or open-source)? We have people that access network resources from on-campus of course but also off campus (OWA) and the student information system can be accessed from on campus or off. I am just confused on the difference between SSO and Idenitity Management and which would work for web apps accessed from off campus.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

SSO versus Identity Management

by robo_dev In reply to SSO or Identity Managemen ...

SSO is a solution that allows one sign on, obviously. For example, I've had (many years)of experience using ClearTrust in conjunction with RSA Secur-Id as a very secure SSO solution.

ClearTrust (now called RSA Access Manager) is a SSO solution that works very well with web apps, since it's a web-based solution, and it supports multiple types of authentication (AD, userid/password, SecurId, certificates) and also works with about any OS or web server you can think of.

So ClearTrust would allow you to use ActiveDirectory, or SQL, or LDAP to authenticate a ASP web app..of course the third-party would have to play a part.

The nice thing about SharePoint is that it can use multiple authentication types, including Windows authentication.

By design, Active Directory and Windows is kinda-sorta is a SSO solution, but most sane individuals know that with regard to security and web apps, AD has it's limits.

To confuse everybody, SSO is a subset of Identity Management (IdM), but there's a lot more to IdM than just SSO.

Most 'Identity Management' products are provisioning solutions.

So, for example there's a product that Oracle makes called 'Oracle Identity Manager' that allows one-step provisioning of users across multiple platforms and systems. Great product.

For OWA, the best and most secure solution is a reverse-proxy SSL appliance.

There's Whale's e-Gap Remote Access Appliance (now Whale is owned by Microsoft).

Cisco can do a SSL reverse proxy in their ASA appliances.

For less $$ you might be able to rig Apache and Squid to do something similar.

Related Discussions

Related Forums