Products
Brief description
In most organizations today, users are often required to remember many IDs and passwords in order to perform their various job functions. AccessMatrix Universal Sign-On (USO) is a non-intrusive Enterprise Single Sign On (ESSO) solution that enables organizations to achieve single sign-on
to multiple applications and systems. When our Enterprise Single Sign On solution is deployed, organizations improve user productivity by simplifying access to all applications through a single authentication while enhancing security by integrating strong authentication mechanism and proven best security practices. Client/server, host-based, Java-based and web-based applications are supported without source code changes. Unlike other single sign on (SSO) products, manual client software installations are not required on the users' desktops.
Benefits
Sitemap | © 2009 Star Fort Security Solutions. All rights reserved.
How does AccessMatrix Universal Sign-On work?
AccessMatrix Universal Sign-On (USO) is a non-intrusive Enterprise Single Sign-On (SSO) solution. The solution leverage the robust, flexible and scalable AccessMatrix security infrastructure providing a comprehensive application security solution to meet the access control challenges of most organizations. USO was developed to support web, client-server, host based, java and thin client (Citrix/Microsoft Terminal Services) applications. With our unique approach for passing credentials into the target applications, USO supports the non-intrusive approach to SSO and it does not require any source code modification in order to achieve the SSO requirements.
Designed and built to support a large number of users, USO has many built-in features to address the deployment and implementation requirements for medium and large organizations. The USO server-based single sign-on technology simplifies the deployment and implementation challenges for large enterprises. Our unique solution has eliminated the need for manual software installation on client workstations and minimized the on-going desktop software maintenance requirements. USO also offers automatic software configuration and upgrade to address first time deployment and future software upgrade challenges without the need to have any administrator rights on the client OS. USO provides a self-service facility to enable users to manage their IDs and Passwords for the target applications themselves, which greatly simplifies the implementation efforts.
Designed and built to support a large number of users, USO has many built-in features to address the deployment and implementation requirements for medium and large organizations. The USO server-based single sign-on technology simplifies the deployment and implementation challenges for large enterprises. Our unique solution has eliminated the need for manual software installation on client workstations and minimized the on-going desktop software maintenance requirements. USO also offers automatic software configuration and upgrade to address first time deployment and future software upgrade challenges without the need to have any administrator rights on the client OS. USO provides a self-service facility to enable users to manage their IDs and Passwords for the target applications themselves, which greatly simplifies the implementation efforts.
USO Trainer
The USO Trainer is used to learn the login and password change sequence of each application. The trainer utility records screen identification attributes and security-related field mappings and enables the appropriate credential to be automatically passed on to the application at login time. It includes the default application level security policy for login behavior and password change. The trainer provides a testing option to test the login and password change sequence that is captured. The information learnt by the trainer is then exported to an application definition file. Administrators will be able to import the application definition file (ADF) into the AccessMatrix security server.
User perspective
The figure above shows the action sequence of AccessMatrix Universal Sign-On:
The figure above shows the action sequence of AccessMatrix Universal Sign-On:
|
1.
|
User performs a "primary" authentication to the AccessMatrix USO server using one of the assigned login methods based on the login policy which can be static ID & password, hardware tokens, biometrics etc. Also, the USO Login can also be integrated with the Window Desktop login i.e. after a user has successfully login to the desktop, the login to the AccessMatrix USO server will be done transparently based on the desktop login information.
|
|
2.
|
After the User has successfully login to the AccessMatrix USO server, it returns the login credential information and script or screen identification attributes of the target applications based on the application assignments.
|
|
3.
|
Then, when the user accesses a target application, the AccessMatrix USO Client software intercepts the standard login dialogue
|
|
4.
|
AccessMatrix USO replays the login credential to the application via the login dialogue to automate the login process.
|
AccessMatrix USO handles the change password sequence of the application either by prompting the user to provide the new password or automatically generating a new password as per the policy.
Authentication Methods
The users must be authenticated to AccessMatrix USO before the SSO feature is granted to access the target applications. AccessMatrix implements the standard PAM (Pluggable Authentication Method) framework to support various authentication mechanisms:
The users must be authenticated to AccessMatrix USO before the SSO feature is granted to access the target applications. AccessMatrix implements the standard PAM (Pluggable Authentication Method) framework to support various authentication mechanisms:
|
1.
|
Static passwords (e.g. default, Microsoft Active Directory, LDAP, etc.)
|
|
2.
|
Dynamic passwords (e.g. RSA Secure ID, ActivCard Token, iKey, USB Token,etc.)
|
|
3.
|
X.509 digital certificates
|
|
4.
|
Other authentication schemes (e.g. biometric devices)
|
With the PAM framework, AccessMatrix supports many industrial strength authentication mechanisms to address the authentication requirements of the organizations. New authentication methods can be easily integrated into the AccessMatrix with the PAM interface.