Skip to main content

Single Sign-on Without a Password Wallet - Hitachi ID Password Manager

The Process

Hitachi ID Login Manager automatically fills in application login IDs and passwords on behalf of users, streamlining the application sign-on process for users.

Login Manager works as follows:

  • When users sign into their workstations, Login Manager acquires their network login ID and password from the Windows login process.

  • Login Manager may (optionally) acquire additional login IDs (but not passwords) from the user's Active Directory profile.

  • Login Manager monitors the Windows desktop for newly launched applications:

    • It detects when the user types one of his known login IDs or his Windows password into an application dialog box, HTML form or mainframe terminal session. When this happens, the location of the matching input fields is stored on a local configuration file.

    • Whenever Login Manager detects an application displaying a previously configured login screen, it automatically fills in the appropriate login ID and/or the current Windows password.

The net impact of Login Manager is that login prompts for applications with well-known IDs and passwords that authenticate to AD or are synchronized with AD are automatically filled in. This is done without:

  • Interfering with user access to applications from devices not equipped with the SSO software, such as their smart phones.
  • Having to deploy a secure location in which to store application credentials.
  • Writing scripts.

Login Manager is installed as a simple, self-contained MSI package. It does not require a schema extension to Active Directory.

Advantages

The reduced sign-on process used by Login Manager has several advantages over traditional E-SSO techniques:

  • There is no global directory or database with user credentials:
    • There is no target for a would-be attacker.
    • There is no single point of failure which could cause a widespread disruption to users who wish to sign into applications.
    • There is no need to enroll users by having them provide their passwords.

  • There are no manually written scripts:
    • No manual configuration is required.
    • No infrastructure is required to distribute script files to PCs.

  • Continued access to applications:
    • Users sometimes need to sign into application from devices other than their work PC.
    • Since passwords are synchronized and users know their own password, they can still sign in, even without the SSO software.
    • In contrast, with other E-SSO products, users may not know their own application passwords. This disrupts application access using a smart phone, home PC, Internet kiosk, etc.

These advantages significantly reduce the cost and risk associated with deploying and managing Login Manager.

Read More:

  • Included Connectors:
    Systems on which Password Manager can manage passwords.
  • Integrations:
    Integrations between Password Manager and other parts of an IT infrastructure.
  • Supported User Interfaces:
    Supported Password Manager user interfaces: web browser, workstation login prompt, mobile phone and telephone call.
  • Helping Locked Out Users:
    Enabling users who forgot their primary password or locked themselves out of their PC to access self-service.
  • Helping Mobile Users:
    Assisting mobile users who forgot their primary password (cached on their PC) while away from the corporate network.
  • Network architecture:
    How users, existing systems and applications and Password Manager servers interact on the network.
  • Scalability:
    How Password Manager can scale to manage passwords across millions of login IDs.
  • Mapping User IDs:
    How Password Manager maps user IDs on different systems back to their human users, both automatically and with human assistance.
  • Language Support:
    Languages supported by the Password Manager user interface.
  • Single Sign-on Without a Password Wallet:
    Hitachi ID Login Manager can automatically sign users into their applications without having to store IDs and passwords in a "password wallet."
  • Password Manager server requirements:
    Sizing, configuration and number of servers on which to deploy Password Manager.
page top page top