I have heard SecureLogin can enforce Virtual Password Synchronization. What is it and how does it work?

  • Document ID:7940270
  • Creation Date:19-Aug-2009
  • Modified Date:17-Jan-2014
    • Micro Focus Products:
      SecureLogin

Environment

SecureLogin
SecureLogin SSO
All Versions


Situation

Question

I have heard SecureLogin can enforce Virtual Password Synchronization. What is it and how does it work?

Resolution

Answer

SecureLogin SSO allows different passwords for different systems and can even randomly generate them. Users only need to remember one password, but all the passwords to access applications are actually different. Because SecureLogin generates, remembers, and enters passwords, they can be complex and strong, even with unprintable characters. Users – the weak link – have been removed.

With SecureLogin installed by default, a user simply runs an application and SecureLogin seamlessly retrieves the user’s application credentials (e.g. username, password, database name) and authenticates in the background. The user is not prompted to enter any password at all. Some customers want to configure SecureLogin to prompt the user for the same passwords to all systems, even though the backend application passwords are all different.

SecureLogin Single Sign-on can be configured to perform “virtual password synchronizationâ€. The administrator can configure SecureLogin to request the network password before permitting logon to any or all SSO enabled applications.

The difference between standard SSO and SSO with virtual password synchronization is, with virtual password synchronization, the user is still prompted to logon to the application. They enter their network password before SSO will retrieve the stored credentials (which can be passwords that are all different and complex).

From a user’s point of view, they enter their network password to logon to the network, and they are also prompted to enter their network password when they run SSO enabled applications. In the background, SecureLogin verifies the network password is correct and if it is, the SSO agent retrieves the stored application logon credentials from the Directory (e.g. the actual eMail username and password) and enters them into the application logon prompt.

The user believes their passwords to all applications are synchronized, when in fact they are not. This approach provides a user friendly and extremely secure SSO solution because people don’t know their passwords to applications so they can’t write them down, share them, or access systems after they leave your organization.

SecureLogin can also enforceâ€virtual password synchronization†using a Master PIN instead of the Directory password.

It can also prompt users to re-verify using a biometric, smart card and PIN, or One Time Password (using a Token device).