Anyone Using a SSO (Single Sign-On) software?

  • Thread starter Thread starter Fred Yarbrough
  • Start date Start date
F

Fred Yarbrough

Our brilliant administration is asking me to look into what it would cost to
implement a single sign-on solution for our company. I expect it to be very
expensive if it can even be done. We currently have a NT 4.0 domain and are
in the process of migrating to a W2K3 AD domain. In addition to the Windows
world we have Unix, Oracle, and Linux. We also have numerous MIS
applications and systems that are independent of each other and would have
to be tied into the SSO solution. Is there anyone out there that has a SSO
system in place that integrates numerous non-related products?



Thanks,
Fred
 
Keith,
Thanks for the reply! Are you actually using this or do you know anyone
who is?

Thanks,
Fred
 
Keith,
Thanks for the reply! Are you actually using this or do you know anyone
who is?
Click to expand...
Yup. And you're right, it will be expensive for your situation.

Laura
 
Laura,
Can you give me some insight into this. I am new to SSO and would like
some basic info. There are many products out there for SSO and the price
varies greatly between them. I see where MIIS 2003 Enterprise cost $25K per
processor.

Thanks,
Fred
 
Laura,
Can you give me some insight into this. I am new to SSO and would like
some basic info. There are many products out there for SSO and the price
varies greatly between them. I see where MIIS 2003 Enterprise cost $25K per
processor.
Click to expand...
Are you looking for a product comparison, or for more information on
MIIS?

Laura
 
Laura,

In a nutshell I am looking for the TRUE Cons on implementing a SSO
system. Evidently, some executive here saw a demo on how great the Single
Sign-on system is and they want to know what it will take to do it. These
are the same people who gripe and moan because we want to spend a dollar to
upgrade a server. I know that the Pro's are that this system only requires
you to login once and then you have access to everything. Fine and dandy
for the end user as they can now remove the 3 yellow post-its and just have
one. Now us poor saps in the IT department have yet another cluster of
tangled systems to manage. I can foresee system incompatibilities, client
upgrades screwing up the SSO, VPN and RADIUS servers now being thrown in the
mix, Dial-up routers, UNIX, Windows 2003 Active Directory, Linux, Oracle,
all of our password protected extranet sites, workarounds galore, gobs of
money and time spent ......... Maybe I am wrong, but I just don't see the
SSO as a replacement for intelligence. Am I wrong here?

Thanks,
Fred
 
Laura,

In a nutshell I am looking for the TRUE Cons on implementing a SSO
system. Evidently, some executive here saw a demo on how great the Single
Sign-on system is and they want to know what it will take to do it. These
are the same people who gripe and moan because we want to spend a dollar to
upgrade a server. I know that the Pro's are that this system only requires
you to login once and then you have access to everything. Fine and dandy
for the end user as they can now remove the 3 yellow post-its and just have
one. Now us poor saps in the IT department have yet another cluster of
tangled systems to manage. I can foresee system incompatibilities, client
upgrades screwing up the SSO, VPN and RADIUS servers now being thrown in the
mix, Dial-up routers, UNIX, Windows 2003 Active Directory, Linux, Oracle,
all of our password protected extranet sites, workarounds galore, gobs of
money and time spent ......... Maybe I am wrong, but I just don't see the
SSO as a replacement for intelligence. Am I wrong here?
Click to expand...
Nope, you're pretty much right. :-) Okay, seriously, these systems can
definitely make things easier in the long run, but there are some
serious set-up and maintenance plans that you need to undertake in order
to use them effectively. There's work involved, no doubt about it.

Laura
 
Laura,
Thanks for letting me vent a little. BTW, I have seen your responses on
various MS newsgroups and you are very sharp!

Thanks,
Fred
 
Setting up a directory integration product IS difficult, but the reward is
great when it works.
I have seen scenarios where everything is automated once the integration
software is installed correctly. Once a new employee is tagged as employed
in Peoplesoft, phone numbers, passwords, ID-cards, keycards etc are
automatically created, all based on the profile set up for the type of
employee.
In those companies it is no longer an just an issue with database ownership
and responsability, who owns what data is also an issue.
One of the greater benefits is in password/account management. Once the
employee changes his/her password it changes everywhere, and once the person
is no longer employed, the accounts, cards etc are revoked/locked
everywhere. No more "ghost accounts" and a lot less helpdesk workload.

/Mats
 
Setting up a directory integration product IS difficult, but the reward is
great when it works.
I have seen scenarios where everything is automated once the integration
software is installed correctly. Once a new employee is tagged as employed
in Peoplesoft, phone numbers, passwords, ID-cards, keycards etc are
automatically created, all based on the profile set up for the type of
employee.
In those companies it is no longer an just an issue with database ownership
and responsability, who owns what data is also an issue.
One of the greater benefits is in password/account management. Once the
employee changes his/her password it changes everywhere, and once the person
is no longer employed, the accounts, cards etc are revoked/locked
everywhere. No more "ghost accounts" and a lot less helpdesk workload.
Click to expand...
Oh, Mats, you are such an optimist. ;-)

I agree, though. The products can and usually are amazing once they're
in place. They're just no mean undertaking.

Laura
 
Laura,
Thanks for letting me vent a little. BTW, I have seen your responses on
various MS newsgroups and you are very sharp!
Click to expand...
Aw, shucks, thanks! Can you repeat that for my boss? ;-)

Laura
 
I've tested this is on a small production network, using a variety of
UNIX-based systems, and it worked great. However, as I think some folks
have mentioned, implementing this in a large environment would be somewhat
of an undertaking. But, that's to be expected, if you've already made the
decision that you *need* this type of solution.

It was probably stated best in a previous post that mentioned the
significant rewards if done correctly.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Single Sign-On (SSO) with VB.Net 1.1 App 5
.NET Compatible SSO Solutions? 5
Single Sign On SSO (& Windows 2003 ADFS?) 1
Single Sign On 1
single sign on 1
Single Sign On? 7
Single sign-on 4
Single Sign On with 802.1x wireless authentication 5

Back
Top