Almost no user is able to keep in mind all user IDs, passwords, PINs, etc. that he needs for the variety of applications. Often this fact results in using one single, easy to memorize - and therefore easy to guess - password for different applications or the user writes down all his access data which inflicts the overall security. One way to reduce the "flood" of user IDs is single sign on. After one single authentication single sign on allows the user to access and use all of the applications he is entitled to.
Advantages for the user
From the user's point of view usability is the main benefit of a single sign on solution. Several applications can be used with one single log-in. In addition, the flood of authentication media is reduced (one password/one PIN/one signature card for several applications).
Advantages for the provider
Having established of a single sign on solution, the provider is able to simplify the processes of managing access rights, to increase system security and to decrease costs. In addition the single sign on solution allows a real online product selling with automated workflows for business transactions which opens a huge cross selling potential.
Design
A central authentication module is the main key component of an ideal single sign on solution.
It has access to user data and authentication media (passwords, certificates, etc.). In addition it stores all user access rights for the different applications which allows to provide a personalised user front end (e.g. in a portal). With the described solution it is also easy to offer various authentication mechanisms (PIN, signature, etc.) for different applications. To achieve this, a consolidation of existing accesses must be done and the existing applications must be migrated to single sign on.
First of all, an analysis of the existing data, processes and technology and their dependencies is required in order to set up a single sign on solution. Registration and management processes have to be consolidated and harmonised.
 |
