Synchronize, don't store passwords:



Client software deployment.

Intrinsic to E-SSO (sorry).

Build/maintain database of application IDs/passwords.

Single, synchronized password.

Build/maintain application launching scripts.

Record user actions:

  • no scripting required.

SSO changes user passwords:

  • users don't know application passwords.
  • can no longer sign in from PDAs, kiosks, etc.

Users still know their passwords.

Password resets are expensive:

  • re-provision application passwords after reset
  • decrypt/re-encrypt application passwords.

Password resets are simple:

  • leverage synchronization process.