Single Sign-on Everywhere
If your organization is deciding how broad of an initiative their single sign-on (SSO) project should be, it's noteworthy to keep in mind that if you're like a typical organization, your professionals have somewhere between 7 to 25 accounts that they access on average 15 times every day. And that is why having a comprehensive single sign-on solution is important. It's also the reason why so often piece meal projects with point vendors solution fall short of the complete user experience. While SSO projects increases productivity and security for your employees, it's becomes a fundamental requirement for your customers that you're looking to engage.
Delivering seamless access experience to customers require more than just single sign-on. It also requires letting them use their social credentials (such as Facebook, Twitter, Google, LinkedIn, etc.) because they're easy to remember. This means that once the user provides his credentials, most likely the one he remembers, single sign-on authenticates him so he can begin using the applications that trust that credential. With Access Manager® can setup multiple trusts to the level of user verification matches the type of risk of the application being accessed, this is also true with corporate controlled authentication. Meaning, that a highly verified credential can be used to SSO to sensitive applications that need a higher level of protection while require a step up for uses who may have been using a social credential.
What other benefits should you consider? Among other potential benefits, there can be a very real cost savings involved with minimizing passwords. It has been estimated that 40-50% of all help desk calls are for password resets. The more passwords a user must remember—the more likely they are to lose or forget them. The load on your in-house help desk or the number of calls to an outside help concern can be greatly reduced by using SSO.
Single Sign-on made simple
Using a variety of technologies, Access Manager has multiple ways to deliver single sign-on (SSO) for any intranet or cloud-based service. This means that regardless of the interface that your applications may or may not have, your users (employees, customers, et.) get quick, convenient access to them while you maintain your access control using the same processes that you've been using. Beyond enjoying the advantages of SSO, you have a choice on offering one click access to web apps through easy to setup icons contained in the mini portal, also easy to setup. Access Manager's built-in mini portal isn't designed to replace anything that you may already have in place, but rather to be an option for those that don't have one or to use as an option for however many apps you want. The portal is designed to be lightweight for administrators to turn on, configure, and maintain as well as intuitive to use by any type of user. Access Manager's quick access interface is a nice enhancement to the single sign-on experience.
Access Manager provides your organization three options to implementing single sign-on (SSO) across all your cloud and intranet based applications:
- Access Gateway—the ultimate in access management for both access control and rendering single sign-on, Access Manager's gateway is the best way to deliver a seamless user experience across multiple services and complex environments – internal, cloud based, both.
- Standards based federation—SAML, OAuth, OpenID Connect, WS-Trust, and WS-Federation; Access Manager supports these types of applications through pre-configured connector catalog or a toolkit from which you can configure your own trust between an authentication provider and a service provider.
- Single sign-on assistant—for the wide ocean of small or specialty apps that don't support any type of federation, the SSO assistant single sign-on users.
Single Sign-on through Federation
For federated single sign-on through federation, Access Manager lets you setup a trust relationship where is can be configured to function as identity provider or a service provider based on your needs. You'll also need to setup the type of type of federation (SAML, OAuth, OpenID Connect, WS-Trust or WS-Federation) as well use. If you're using SAML you have the option to choose one of the many pre-configured connectors. If the catalog doesn't have a preconfigured SAML connector for the service that you want single sign-on for, you can use the toolkit to setup your own.
Single Sign-on through the Assistant
For cloud based services that are too old, small or primitive to support federation, the Single Sign-on Assistant delivers an SSO experience. With minimal effort, users are prompted to download the browser plug-in that securely retrieves credentials once they've been recorded. Once the assistant is setup, whenever the user accesses the application, users experience SSO. The first place to look for ready built assistant connecters is the Access Manager Connector Catalog. If you're not able to find the connector you need there, you can record your own. Access Manager automatically prompts the user to install the connector the first time after which it retrieves and submits the user's credentials from Access Manager for an automatic login.
For example, a user Maria has an account for Evernote. Maria uses Evernote to take notes for her job in marketing. Instead of logging into Evernote with separate credentials each time she wants to use it, she would log into Evernote once and the Single Sign-on Assistant will save and replay her saved credential every time she accesses Evernote.
Both the Single Sign-on Assistant as well as the Access Gateway's Form Fill policies both automatically populate HTML forms. Form Fill policies scan each login page, accelerated through the Access Gateway, to see if the Form Fill policy can populate the credential information. Basic SSO provides connectors for the different applications. You configure the connector for the specific site. Basic SSO captures the users' credentials through a browser plugin or extension. It securely stores the users' credentials on the Identity Server, never using the Access Gateway.