eTrust Single Sign-On
Permits the real-time termination of a user's session at any time.
SSO is supported from Windows workstations only.
Combines session management with comprehensive SSO functionality across many applications, including web-based and legacy ones.
eTrust Single Sign-On is for the enterprise market and has three components – Policy Server, workstation client, and Policy Manager.
Policy Server, which runs on IBM AIX, HP-UX, Sun Solaris, or Windows, uses a database and directory structure based on the LDAP protocol. This database maintains details of which applications each user is permitted to access. The Policy Server supports multiple authentication methods, and stores users' login credentials for each application in its encrypted database. These are transparently delivered as required to each application via the user's browser or client software. The Policy Server manages a user's password collection and presents the appropriate one to applications as required.
To access web-based resources, credentials are stored as security tokens in encrypted cookies within the user's browser on a session-by session basis to prevent copying of credentials and impersonation. For other resources, including legacy applications, a workstation client acts as a transparent intermediary in the login process.
The Policy Manager enables the administrator to manage users' access rights and control user authorizations.
Users with similar rights can be organized in groups.
There is also a Session Manager which can be accessed from any web browser and provides management of sessions in progress, enabling administrators to view active sessions and terminate them.
The One Time Password (OTP) functionality increases eTrust SSO password security for UNIX applications that transmit passwords in clear text. When you log onto a remote server, OTP connects to it and changes your password so that anyone who intercepted the clear text password cannot use it again to access the server.
Because eTrust SSO mimics keyboard and mouse input from the user, any logon method that uses mouse or keyboard input is also supported.