1 / 15

TAM E-SSO

TAM E-SSO. Tivoli Access Manager for Enterprise Single Sign-On. Presentation Overview. Overview of TAM E-SSO Single Sign On Architecture SSO Demo Self Service Password Reset Architecture Benefits of TAM E-SSO What’s involved in a TAM ESSO project? Lesson Learned. TAM ESSO Products:

aracely-trey
Download Presentation

TAM E-SSO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAM E-SSO Tivoli Access Manager for Enterprise Single Sign-On

  2. Presentation Overview • Overview of TAM E-SSO • Single Sign On Architecture • SSO Demo • Self Service Password Reset Architecture • Benefits of TAM E-SSO • What’s involved in a TAM ESSO project? • Lesson Learned

  3. TAM ESSO Products: TAM ESSO – Base Product DPR Adapter – Windows based Self-Service Password Reset Provisioning Adapter – Integration with TIM Authentication Adapter – Flexible Authentication Kiosk Adapter – Secure Access to Terminals and Session Management TAMESSO: Technology Overview

  4. TAM for E-SSO TAM for E-SSO Credential Wallet Console Agent Directory/ DB Application Templates User Account ESSO Architecture Windows Web sites Sign-On Mainframes User Application Sign-On User’s Desktop = Powered by

  5. Single Sign-On Demo

  6. TAM E-SSO (Benefits) • Simplifies the end user experience by eliminating the need to remember and manage usernames and passwords. • Increases user productivity by not having to spend time on authentication. • Reduces help desk costs by lowering the number of password reset calls. • Deploys without requiring modification to target systems, platforms or applications - delivers quick time to value! • Advances identity management, compliance and authentication initiatives.

  7. TAM E-SSO (Technology) • Logon and password change support for almost all Windows, Web, Java and Host-based applications. • Single secure primary authentication based on Windows logon, smart card, biometric, LDAP, PKI, etc. • Automatic password generation and password policy support. • All user work modes including connected, disconnected, multi-machine and kiosk. • Leverages any enterprise directory or database as a central repository for user and administrative data. • Record level credential sync and admin in directory, file share or database. • Credentials encrypted at all times with selectable encryption (3DES, AES etc.), only specific credential decrypted on the fly.

  8. TAM E-SSO (Core) Components MetaFrame and/or Desktop Deployed Administration Console SSO Agent • Enterprise Application Configurations. • SSO Client Settings. • SSO Client First Time Use Settings. • Responds to login events. • Web, Windows or Legacy applications. • Acts as a proxy for application authentication Directoryor File share Push Pull/Sync

  9. TAM E-SSO: Desktop Password Reset Adapter (DPRA)

  10. TAMESSO: Desktop Password Reset Adapter Resets the Windows Domain Password Only. • Key Feature:Does NOT require access to a separate logged on computer. • Reset • Integrated where the Windows Password is needed most and often forgotten. • Increases likelihood of access and use. • Enrolment • Providing access on kiosks or from other machines when needed. • Can be integrated with other Web self serve mechanisms such as TAM.

  11. Desktop Password Reset Adapter Architecture Reset Desktop Password Reset Server (IIS) Enrol Windows Logon Audit, Reporting Domain Admin Console

  12. DPRA Project – What’s Involved? • Provisioning/Configuring IIS Server(s) • Active Directory Schema update/Creating ACLs • Packaging/Installing Password Reset Client to desktops (Group Policy/SMS) • Defining security questions • System testing/UAT testing. Performance testing. • User communications

  13. E-SSO (Core) Project – What’s Involved? • Active Directory Schema update/ACL creation • ESSO client configuration and packaging • Package deployment to desktops/laptops/citrix • Creation of application templates/publication into AD • System testing/UAT testing • Pilot • User communications • System Testing/UAT testing • AT Westpac 7 applications were integrated into SSO in the initial rollout(3 windows, 4 web applications). More applications will be integrated over time. • Application template development – 5-10 minutes; testing; talk to app owners, delployment; user communications

  14. Lesson Learned Password Reset (DPRA) • Multiple active directory domains require multiple Password Reset Servers • ACL updates to allow service account to update passwords – not well documented. • Security Questions – not easy to come to an agreement on. • Help desk call approx $100 per call; 150 pwd reset calls per day (30,000 users)

  15. Lessons Learned E-SSO (Core) • Multiple Active Directory domain issues • Performance impacts/sociability with other applications • Behavior of applications (login/logout) • User communications very important • Executive sponsorship important to drive change through organisation • Customization of E-SSO interface limited in current version

More Related