Single Sign On

Imprivata® OneSign™ Single Sign On (SSO) uses breakthrough technology to help organizations benefit from increased user productivity and reduced password management costs by enabling single sign-on (SSO) to all your enterprise applications.

OneSign Single Sign On uses patent-pending technology to enable SSO without modifying applications. Companies benefit through centralized password administration, lower help-desk costs, increased user productivity and satisfaction, and ability to demonstrate compliance.

OneSign Single Sign On requires no modifications to existing applications and no user learning curves. With integrated support for multiple, strong authentication methods and centralized password policies, OneSign Single Sign On allows companies to implement levels of security that are appropriate for their environments.

OneSign Single Sign On is invaluable to IT departments managing a heterogeneous portfolio of applications. Because OneSign replaces multiple passwords and application logon events with a single, centrally-managed user logon, IT's burden is significantly reduced. There's no longer any need to compromise increased security for increased usability. Imprivata delivers both security and convenience within the fully integrated OneSign appliance.

Instead of custom scripting or Visual Basic code, OneSign Single Sign On uses the OneSign Application Profile Generator™ (APG) to "learn" the login behaviors of the target applications and generates the correct XML profile that is securely distributed to SSO users on a session basis. As new applications are added or existing applications changed, the APG is ready to make changes in minutes without any interruption or downtime.

Organizations can also use OneSign Single Sign On Extension Objects™ to integrate SSO with an unlimited set of critical business functions. OneSign Single Sign On events can trigger the execution of independent procedure code to enable powerful capabilities such as Roaming User Desktops, Personalized Drive-Mapping, or Automatic Password Synchronization.

OneSign's browser-based tools allow administrators to increase information security through straightforward password policy settings. Administrators can change password constraints (minimum/maximum length, reset intervals, auto resets), manage authentication challenges, and accommodate application-generated password reset requests automatically.

Features

Automate Application Password Changes
With OneSign Single Sign-On, administrators can implement a clear, straightforward password policy across all SSO-enabled applications based on users' primary authentication. For additional security measures, OneSign is able to cycle complex application passwords behind the scenes on the users' behalf. This allows organizations that require certain application passwords to be changed periodically to handle the changes automatically.

Self-Service Password Management
With this option, users can easily reset or be notified of their own network and application passwords without help desk intervention. Administrators can set identity verification thresholds for users, or groups of users, who are simply prompted to answer a set of random or administrator-created questions, and, once authenticated, OneSignSingle Sign-Ondelivers the service. This service can be accessed either by users on the network or via the Web.

Broad Support for Strong Authentication
OneSignSingle Sign-Onsupports major forms of authentication out of the box — without requiring any custom integration with device vendors. Authentication methods include password, strong password, finger biometric authentication or identification, active and passive proximity cards, smart cards, One-Time-Password tokens, USB tokens, and Kerberos authentication. Administrators decide which users should have which authentication modes, and whether they should upgrade their authentication options over time.

Application Profile Generator™ (APG):
Point-and-Click instead of expensive scripting
The OneSign Single Sign-On Application Profile Generator (APG) enables SSO and password change support for ALL enterprise applications — without writing logon scripts, building custom connectors or modifying existing code. APG's point-and-click paradigm automatically learns logon and password change behaviors for even the most challenging applications —including native Java clients, Telnet emulators, Web-to-host applications, frame-based Web applications and many more.

Monitoring and Reporting
The OneSign Intelligent Agent allows organizations to monitor, capture and log password-related user access events in a centralized database. Easy-to-use detailed reporting can strengthen security and enforce regulatory compliance across all applications. Now, for the first time, administrators can easily monitor access records for every user, application or workstation in one, central location —even revealing users that may be sharing credentials to confidential applications.

Provisioning Support
OneSign Single Sign-On provides provisioning support based on the industry standard Service Provisioning Markup Language (SPML). SPML-based provisioning support allows users - and their network and application credentials – to be automatically provisioned and de-provisioned in OneSign Single Sign-On, eliminating the need to ever issue passwords to your users. New users, applications, and password resets are automatically reflected in OneSign. Imprivata provisioning partners providing out-of-the-box OneSign provisioning connectors include Courion and Fischer International. Check with your OneSign representative for the most up to date list of OneSign provisioning partners and connectors.

OneSign Extension Objects:
Roaming Desktops, Drive-Mapping, and More
Organizations can now extend OneSign Single Sign-On events to automate or integrate with an unlimited set of critical business functions. This is done through the execution of procedure code that can be associated with any OneSign Intelligent Agent event.
Examples:

  • Roaming User Desktop Session Management across workstations;
  • Personalized drive-mapping desktop follows users during workstation switching;
  • Automated password synchronization across multiple workstations;
  • Event-based user messages executing a start-up command upon login

These procedures can consist of DOS command sequences, JavaScript, or VBScript scripts. Any pre-defined OneSign Intelligent Agent event can trigger one or more procedures.

Benefits

RADICALLY EASY

From the beginning, OneSign Single Sign-On was designed to make password management easy for IT and end users alike. Implementing and managing it is extremely fast and simple.

  • Application Profile Generator (APG) Our intelligent APG technology SSO-enables all enterprise applications – legacy, client/server, or web-based – out of the box. There is no custom scripting required, no connectors to build, and no long and expensive custom integration projects to manage.
  • Intuitive User Interface OneSign Single Sign-On's administrator console provides an intuitive, easy to navigate, Web-based interface. Making enterprise single sign-on easy to install, configure and deploy. In a matter of days, you can fully SSO-enable your organization.
  • OneSign Intelligent Agent The OneSign Intelligent Agent automatically handles updating for you by recognizing when new versions, application SSO profiles, or user security policies are added or changed. It's easy for users, too. They log on to their applications as always, and require no training or modifications to their desktop environment.

SIMPLY SMART

A hardened appliance built on patent-pending technology, OneSign is designed to be smart enough to do much of the work for you because we anticipated and automated the redundant tasks. The OneSign appliance is shipped in a redundant pair configuration, providing seamless failover. System back-up can be automatically run and transferred for storage each day without administrator effort. The system can be restored from a back-up file in minutes for disaster recovery.

  • Automated Password Policy
    OneSign Single Sign-On automates password policy implementation — creating unique, strong passwords behind the scenes to support compliance efforts. It performs password changes automatically on behalf of the users, ensuring stricter security. It eliminates security breaches associated with passwords written on sticky notes posted to monitors and keyboards. And, OneSign Single Sign-On decreases costly help desk calls associated with password reset calls.

  • OneSign Extension Objects
    Organizations can extend OneSign Single Sign-On events to launch an unlimited set of critical business functions using OneSign Extension Objects.

  • Support for Range of Strong Authentication Modalities
    With built-in support for various authentication methods such as passwords, ID tokens, active or passive proximity cards, smart cards and finger biometrics, OneSign Single Sign-On offers a smart and effective way to increase your security while leveraging the benefits and convenience of single sign-on.

  • Monitoring and Reporting
    Built-in monitoring provides an accounting of which users accessed which applications and when, including all password change activity. Detailed access logs and reports give organizations the ability to refine and strengthen security policies and enforce regulatory compliance across all applications.

UNIQUELY AFFORDABLE

OneSign Single Sign-On's low total cost of ownership, short implementation time and quick user adoption delivers instant help desk cost reduction —and with that, immediate financial return. Companies see decreased costs and increased staff productivity due to greatly reduced help desk and password reset calls.
  • Self-Contained Appliance
    As a self-contained appliance, OneSign Single Sign-On delivers all the functionality needed to effectively implement and manage single sign-on. There is nothing else to buy —no custom scripting or costly integration.

  • Low Installation and Ongoing Maintenance
    Changes to policy, applications or user profiles can be administered and transparently applied in a matter of minutes from the administrator’s console. Users remain productive, and ongoing day-to-day management is minimal.

Please contact us for more information.

Download the OneSign Single Sign-On fact sheet in PDF format.