AccessMatrix™ Universal Sign-On (USO)
AccessMatrix Universal Sign-On (USO) is a non-intrusive Enterprise SSO solution that enables organizations to achieve single sign-on to multiple applications and systems. In most organizations today, users are often required to remember many IDs and passwords in order to perform their various job functions. By deploying our enterprise single sign-on solution, our clients will improve staff and customer satisfaction, resulting in improved productivity and reduced administration costs. Client/server, host-based, Java-based and web-based applications are supported without source code changes. Unlike other single sign-on products, manual client software installations are not required on the users' desktops.
HOW IT WORKS?
The USO solution is built on the AccessMatrix security server. By leveraging on the AccessMatrix security server as the single sign-on server, the user benefits from additional security services like administration, audit and application level authorization. USO's facilities for auto-installation, auto-configuration and self- service, greatly simplify deployment and reduce maintenance effort. The central security server stores the users' security- related properties for each application.
The USO Trainer is used to learn the login and password change sequence of each application. The trainer utility records screen identification attributes and security-related field mappings and enables the appropriate credential to be automatically passed on to the application at login time. It includes the default application level security policy for login behavior and password change. The trainer provides a testing option to test the login and password change sequence that is captured. The information learnt by the trainer is then exported to an application definition file. Administrators will be able to import the application definition information into the AccessMatrix security server.
The USO Agent serves as a gateway between the USO Client and the security server in the online single sign-on mode. It maintains secure connections to the security server. After successful authentication, the list of applications accessible by the user is sent to the USO Client.
The USO Client is a software component that is automatically downloaded to the user's desktop when the user logs in for the first time. The USO Client monitors the user's desktop to detect a login screen match and automatically logs in to the target application on behalf of the user. The user's login information can be stored in the Personal Security Environment (PSE) for offline access. The PSE is integrity protected and encrypted by the Personal Trust Device (PTD) such as a smart card using either 3DES or public key technology. USO is built on the AccessMatrix framework. USO inherits the salient features of AccessMatrix, in addition to its own features.
FEATURES AND BENEFITS
No Complex Software Integration
The application's login and password screens can be trained to achieve single sign-on. Application source code changes are not required. This approach greatly simplifies the integration of applications into the USO system.
USO's PSE (Personal Security Environment) on the user's desktop or a hardware token can be configured to store security credentials and application attributes. This unique feature enables users to have access to the USO single sign-on facility, even if they are not connected to the AccessMatrix security.
No Manual Software Installation on the Desktop
Quick deployment with no disruption to the user's desktop.
Easy Version Control
The latest version of the USO Client is automatically downloaded to the user workstation.
USO enables users to supply their user id and password to each USO - enabled application, when they login for the first time to each application.
All communications between components of USO are secured using SSL.
Password Change Flexibility
The Auto Password Change option enables administrators to generate new passwords based on the policy defined for each application. Manual Password Change prompts users for the new password and enables sign-on to applications, even when the security server is not available. The USO system can be configured to allow the user to reset the application password, when the password in the security database is out of sync with the target application.
The organization's portal can be easily integrated and secured with USO.
If the organization wants to deploy USO and UAM to achieve tight integration and more granular access control, the AccessMatrix security server in the USO implementation can be upgraded to the AccessMatrix security server of the Universal Access Management (UAM) product.