RSA Sign-On Manager
Strengths: Flexibility, two-factor authentication options.
Weaknesses: Initial installation might be a little complex for some.
Verdict: A robust and proven enterprise level SSO solution.
The SecureID one-time password token is a methodology that is familiar to many and, while you might not particularly wish to use it when logging on to every required application, using it once in a session for single sign-on to many applications makes a lot of sense.
For those not familiar with these tokens, they display a unique number every 60 seconds that is used as a second factor in two-factor authentication.
To run Sign-On Manager, you must first establish the necessary infrastructure which, in this case, will include RSA’s Authentication Manager, its Sign-On Manager Server, and its Authentication Agent installed on the domain controller in order to accommodate the SecureID tokens within the Windows environment.
An Active Directory Application Mode data store is configured to house the Sign-On Manager specific attributes without unduly interfering with your existing active directory.
The expected facilities for configuring users and applications are all here, with useful wizards.
If two-factor authentication via SecureID tokens is to be used, users must be assigned to specific tokens – by importing available token data and assigning them a token from the pool.
For static passwords, relative strength characteristics can be set; while for roaming users, you can even set the number of allowable days for offline use and send the user an expiration reminder.
Self-serve password reset and other features can be configured to fine tune your environment to best match your organisational requirements. Indeed, it is unlikely that you will have any requirements which cannot be met, one way or another, by this product.
The product comes with plenty of brochures, manuals and guides, an attention to detail that reflects a professional attitude from RSA.
This is a serious, enterprise-level tool and, as such, deployment will need to be properly considered and planned. For those ready to do this, RSA Sign-On Manager provides a first-rate solution.