A secure SSO with Active Directory for all your applications

Within a company, the value associated with Single Sign-On (SSO) is often limited to the convenience it offers the users, releasing them from the constraint of having to manage large numbers of identifiers and passwords.

However, SSO also offers very real gains in IT department productivity, and in the field of security policy.

For example, inside IT departments, it makes it possible to reduce the Help Desk workload by up to 30%. Analyses have shown that without SSO, 30% of calls to a Help desk concern a loss of identifier or a password problem.

In terms of security policy, SSO helps keep down the number of trivial passwords and passwords that are simply stuck on the computer screen with a Post-IT note.

In a Microsoft environment, Windows 2000 and Windows 2003 offer user management via the Active Directory console and SSO to all Microsoft applications based on Kerberos.

Windows 2000/2003 clients can connect transparently to Kerberos-based applications, such as Microsoft IIS, and to applications based on SSPI in Windows 2000 domains.

However, they cannot log in automatically to non-Kerberos applications such as IBM OS/390 emulators, SAP R/3 multi-logins, Lotus Notes, Apache applications, WebSphere and Unix or Linux applications.

This white paper explains how to implement a secure SSO using Active Directory and Kerberos primary authentication to grant access to all applications.