Can SecureLogin use the equivalent of an SSO appliance instead of leveraging services and storage of the corporate Directory?

  • Document ID:7940823
  • Creation Date:19-Aug-2009
  • Modified Date:30-Jan-2014
    • Micro Focus Products:
      SecureLogin

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Environment

SecureLogin
SecureLogin SSO

Situation

Question

Can SecureLogin use the equivalent of an SSO appliance instead of leveraging services and storage of the corporate Directory?

Answer

Yes, SecureLogin can support ""appliance mode"" but ActivIdentity encourage organizations that are implementing SSO to think outside the box to make sure they don’t rush into a point solution that will not evolve as your organization’s IT infrastructure and requirements change.

An appliance approach is not suitable for most organizations for a number of reasons including total cost of ownership, SSO data replication, redundancy, service location, resilience, and future proofing the solution.

A common misconception is that ""as long as the vendor sells Single Sign-on, we are pretty much getting the same thing irrespective of which product we purchase.""

This statement could not be further from the truth. Products vary significantly in many aspects including their fundamental approach to solving password management issues, features, management, application integration, smart card and strong authentication support, flexibility and power.

ActivIdentity encourages organizations that are evaluating Single Sign-on to look past fancy marketing messages and to look under the hood at the technical capabilities and thoroughly evaluate products before deciding on the Single Sign-on solution to deploy.

In the past, organizations that have believed marketing hype without defining requirements and performing a thorough proof of concerpt have been let down and only realised they had purchased an inferior solution after they have deployed and users have forgotten all their usernames and passwords.

Once you have eliminated the need for users to remember and enter passwords, it may be too late to remove the implemented software so it is vital you take time to make an informed decision based on requirements (current and future such as user provisioning, strong authentication, new Directories, new applications etc.) and technology.

The first step when investigating SSO solutions is to gather information and evaluate software. While SecureLogin is easy to install and administer and SSO enables both in-house developed and off-the-shelf applications, many vendors make false claims about their software that are exposed during the evaluation stage.

If you believe the marketing hype without performing an evaluation of the technology you may be left with a ""solution"" that is unable to do what you expected, is difficult to manage and deploy, and is unable to grow as the requirements of your organization change.

For example, you may wish to implement smart cards or user provisioning and integrate them with SSO, or integrate other applications in future.

If you are looking at an appliance approach to SSO you should consider issues such as the following;

  • Costs associated with purchasing and managing extra hardware
  • How SSO data will be synchronized so it is globally available to a mobile work force (e.g. when a UK user flies to Hong Kong, they must have fast and reliable access to their SSO data, for example)
  • What happens if the appliance, or link to the appliance fails
  • How are services located and advertized?
  • Does an extra SSO profile have to be configured and managed?
  • Which applications can be SSO enabled?
  • High Availability, Resilience, SSO data replication (to make SSO data available anywhere in the world)
  • Future requirements and how the appliance can be integrated
  • Management and support of the appliance

Although ActivIdentity are able to deliver the equivalent of an SSO appliance (dedicated hardware for SSO) we believe it is not suitable for corporate deployment and our preferred strategy is to leverage the existing hardware, corporate Directory, service advertising and location, user profiles etc.

Contact your territory sales manager for more information.

"

Resolution

Answer

Yes, SecureLogin can support ""appliance mode"" but ActivIdentity encourage organizations that are implementing SSO to think outside the box to make sure they don’t rush into a point solution that will not evolve as your organization’s IT infrastructure and requirements change.

An appliance approach is not suitable for most organizations for a number of reasons including total cost of ownership, SSO data replication, redundancy, service location, resilience, and future proofing the solution.

A common misconception is that ""as long as the vendor sells Single Sign-on, we are pretty much getting the same thing irrespective of which product we purchase.""

This statement could not be further from the truth. Products vary significantly in many aspects including their fundamental approach to solving password management issues, features, management, application integration, smart card and strong authentication support, flexibility and power.

ActivIdentity encourages organizations that are evaluating Single Sign-on to look past fancy marketing messages and to look under the hood at the technical capabilities and thoroughly evaluate products before deciding on the Single Sign-on solution to deploy.

In the past, organizations that have believed marketing hype without defining requirements and performing a thorough proof of concerpt have been let down and only realised they had purchased an inferior solution after they have deployed and users have forgotten all their usernames and passwords.

Once you have eliminated the need for users to remember and enter passwords, it may be too late to remove the implemented software so it is vital you take time to make an informed decision based on requirements (current and future such as user provisioning, strong authentication, new Directories, new applications etc.) and technology.

The first step when investigating SSO solutions is to gather information and evaluate software. While SecureLogin is easy to install and administer and SSO enables both in-house developed and off-the-shelf applications, many vendors make false claims about their software that are exposed during the evaluation stage.

If you believe the marketing hype without performing an evaluation of the technology you may be left with a ""solution"" that is unable to do what you expected, is difficult to manage and deploy, and is unable to grow as the requirements of your organization change.

For example, you may wish to implement smart cards or user provisioning and integrate them with SSO, or integrate other applications in future.

If you are looking at an appliance approach to SSO you should consider issues such as the following;

  • Costs associated with purchasing and managing extra hardware
  • How SSO data will be synchronized so it is globally available to a mobile work force (e.g. when a UK user flies to Hong Kong, they must have fast and reliable access to their SSO data, for example)
  • What happens if the appliance, or link to the appliance fails
  • How are services located and advertized?
  • Does an extra SSO profile have to be configured and managed?
  • Which applications can be SSO enabled?
  • High Availability, Resilience, SSO data replication (to make SSO data available anywhere in the world)
  • Future requirements and how the appliance can be integrated
  • Management and support of the appliance

Although ActivIdentity are able to deliver the equivalent of an SSO appliance (dedicated hardware for SSO) we believe it is not suitable for corporate deployment and our preferred strategy is to leverage the existing hardware, corporate Directory, service advertising and location, user profiles etc.

Contact your territory sales manager for more information.