Single Sign-on - Hitachi ID Password Manager
Hitachi ID Login Manager is a component of Hitachi ID Identity and Access Management Suite which is automatically enabled
for every Hitachi ID Password Manager licensee.
Login Manager, a module included with Password Manager, is an enterprise single
sign-on solution. It automatically signs users into applications where
the ID and/or password is the same as what the user typed to sign into
Login Manager leverages password synchronization instead of stored passwords.
This means that it does not require a wallet and that users can continue
to sign into their applications from devices other than their corporate
PC -- such as a smart phone or tablet -- for which a single sign-on client
may not be available.
Login Manager does not require scripting or
a credential vault, so has a much lower total cost of ownership (TCO)
than alternative single sign-on (E-SSO) products.
Login Manager automatically fills in application login IDs and passwords
on behalf of users, streamlining the application sign-on process for
Login Manager works as follows:
- When users sign into their workstations, Login Manager acquires their
network login ID and password from the Windows login process.
- Login Manager may (optionally) acquire additional login IDs (but not
passwords) from the user's Active Directory profile.
- Login Manager monitors the Windows desktop for newly launched
- It detects when the user types one of his known login IDs or his
Windows password into an application dialog box, HTML form
or mainframe terminal session. When this happens, the location
of the matching input fields is stored on a local configuration file.
- Whenever Login Manager detects an application displaying a
previously configured login screen, it automatically fills in
the appropriate login ID and/or the current Windows password.
The net impact of Login Manager is that login prompts for applications
with well-known IDs and passwords that authenticate to AD or
are synchronized with AD are automatically filled in. This is done
- Interfering with user access to applications from devices not
equipped with the SSO software, such as their smart phones.
- Having to deploy a secure location in which to store application
- Writing scripts.
Login Manager is installed as a simple, self-contained MSI package.
It does not require a schema extension to Active Directory.
The main benefit of Login Manager is reducing the number of times that
users must type their credentials. When users launch
applications that use the same credentials as the primary
Windows login and which Login Manager has seen before, it automatically
fills in login IDs and passwords.
Login Manager is built to leverage Password Manager, which has its own
benefits: stronger passwords, regular password changes,
robust authentication prior to password and PIN resets
and self-service resolution of login problems related to
smart cards, one time password tokens and full disk
Watch a Movie
Enterprise single sign-on without a password wallet
- A user signs into his Windows PC with a primary password.
- A user signs into an application with the same password.
- HiLM detects that the two passwords are the same.
- The user changes his Windows password.
- The HiPM detects the password change and sets the same password
on the application.
- The user signs out and reauthenticates to Windows.
- The user launches the same application.
- HiLM injects the current application credentials automatically.
- Single sign-on to both web and client-based applications.
- No manually developed application launching scripts.
- No password wallet to populate or maintain.
- Minimal software footprint on the Windows PC.
Login Manager: Enrollment and Login
- A new user signs into a series of applications.
- Login Manager notes that each application uses the same ID/password as the
primary Windows login.
- Login Manager "learns" to sign into each application automatically.
- Zero scripting required.
- Login Manager automatically detects login screens where it can automate logins.
- Single sign-on on the 2nd and all subsequent application logins.