Implementing enterprise single sign-on to strengthen security, conform to regulatory requirements, improve productivity and reduce costs

Implementing any security policy always involves some kind of compromise between the level of security and its business imperatives. This is one result of an increasingly decentralised approach to IT; with the proliferation of passwords complicating users' daily working procedures. Moreover, this approach leads to security breaches and significant costs, due to everything from an increased need for support to a declining productivity. Therefore, the question remains: how can you reduce this complexity?

Today, E-SSO (Enterprise Single Sign-On) provides a simple and pragmatic answer to this challenge. The aim is to simplify secure access to applications for users. The benefits include increased productivity and lower help desk costs, whilst security levels and compliance with current regulatory requirements are both strengthened.

Based on the experience of some of the world's largest companies and public sector organisations, Evidian can help organisations identify the most effective way to implement Enterprise SSO rapidly, which allows for an immediate impact throughout the whole business!

As the CIO at one of the world’s principal oil companies, TOTAL, comments: "Security principles are only worthwhile if they are applicable AND applied by the user. SSO has allowed us to enhance our security, at the same time as it has simplified the lives of our users.”

In order to achieve a company’s goal within the domain of access management, Evidian places the user at the heart of its security solution deployment. This makes Evidian’s Entreprise SSO the best of breed solution to obtain user adhesion while maintaining a pragmatic approach in the set-up of a modern system within the IT environment.

How SSO works
SSO is a solution that provides easy access to corporate resources using a single secure login. It works on the principle that a unified authentication and access control system allows each user to identify him or herself once – at the start of a work session – and then have total transparent access to all the applications they need, for as long as that work session lasts.
The main functions of SSO are to:

• Verify user identity and credentials using a primary authentication tool for which a level of security can be chosen according to need (password, token, smartcard, biometrics, etc.). SSO can be placed back-to-back with local authentication or an authentication server (Windows Kerberos / Active Directory, a dedicated server, etc.).
• Handle subsequent connections to each application transparently (logon), presenting the correct password to each application.
• Administer and audit (configuration, issuing and cancellation, changes made to passwords, accreditation, audit, etc.).

Evidian Entreprise SSO

Solving the mobile access problem

Part of the value of implementing E-SSO is removing the need for users to manage or even know their passwords for target applications; however this causes a major problem when users need to access a web application from a browser on a mobile device (i.e. PDA or Blackberry) with no SSO client installed.

With Evidian Mobile E-SSO, users may connect securely to their web applications from any external PDA or PC’s browser via a web portal. Evidian Mobile E-SSO enforces the security policy and decreases the cost of administration using the same repository.

Evidian and E-SSO

As an expert and pioneer in SSO and identity management, Evidian was the first software publisher in the world to successfully implement large-scale deployments of secure E-SSO from the end of the 1990s. This amounts for over 70,000 users at the French Health Care Governmental Organisation and 100,000 at T-Com among many others over the previous years. In 2002, Evidian launched the world's first 'plug-and-play' Web SSO solution built using gateway architecture. In 2005, Evidian launched Evidian Entreprise E-SSO an innovative distributed E-SSO. Evidian now offers the first complete third-generation E-SSO solution including: Strong authentication with smartcard, biometrics, certificate, RFID; Password Management; Self service Password Reset; Mobile Access through Browser and PDA; Central Audit and Report. Evidian Entreprise SSO solution combines security, productivity and rapid ROI.

The Gartner 2007 report: Evidian’s position

In September 2007, Gartner evaluated 14 vendors that provide E-SSO solutions for password management against many different criteria. Quadrant positions were based on each vendor’s ability to execute and completeness of vision.

Evidian has been positioned in the “leader quadrant” in the “Magic Quadrant for Enterprise Single Sign-On, 2007” report released by Gartner.

Hassan Maad, Evidian C.O.O. said: “We believe that our placing in Gartner’s ESSO leader quadrant is a great reward for our product development and sales efforts. The report identifies and underlines the fact that Evidian has the strongest presence and sales record – which I believe is a direct result of making our solutions easy to deploy, integrate and manage.  SSO delivers security where it’s most needed, and is a cornerstone of any corporate security strategy.

Advantages of the solution and business drivers

ESSO increases enterprise security by enforcing application password policy. It automatically creates and changes application passwords, reducing the need for users to write down their passwords. Additional benefits of increased user satisfaction and productivity, regulatory compliance, and reduced helpdesk costs (analysts estimate over 30% of helpdesk calls are for password resets) are experienced by organisations that have successfully implemented E-SSO.

Enterprise SSO
Evidian’s core SSO solution secures access to all types of corporate application – whether Windows, Citrix, Linux, Unix, web-based, Java, Lotus Notes, mainframe or ERP like SAP.  It combines multi-factor authentication with a plug-and-play SSO solution, replacing user passwords with digital signatures based on certificates, smart cards, USB keys or biometrics. Access is authorised according to existing security policies and enterprise directories.

Mobile E-SSO
With Evidian Mobile E-SSO, users may connect securely to their web applications from any external PDA or PC’s browser via a web portal. Mobile E-SSO enforces the security policy and decreases the cost of administration using the same repository.

Self service password reset and password management
Evidian Entreprise SSO includes a unique Self Service Password Reset solution to offer a secure emergency access, available even if no Windows session is opened, offline or online, at any time of the day, reducing help desk costs by eliminating most password and PIN reset calls.

Regulatory compliance
Evidian E-SSO is proposed with an integrated tools to enable in-depth reporting that conforms to regulatory requirements such as Sarbanes-Oxley, local financial security laws, Basel II and HIPAA.

Integration with identity management
Evidian E-SSO can be deployed on its own or integrated with the majority of identity management solutions. It is supported by Evidian's modular identity and access management (IAM) suite, which offers complementary functions including Web/J2EE access control, identity management and user provisioning.

Supported platforms
Evidian E-SSO is available for Windows XP, 2000, 2003 and Vista workstations. For thin clients, Evidian E-SSO is also available in the Windows Terminal Server and Citrix (MetaFrame, Presentation Server and NFuse) environments.