Hitachi ID Login Manager -- Automating Application Login
What is Hitachi ID Login Manager (formerly P-Synch/SSO)?
Login Manager is an enterprise single sign-on solution, designed to reduce the number of times that users must type their login ID and password to sign into applications. By leveraging password synchronization instead of password storage, Login Manager is more robust and has a lower total cost of ownership than previous approaches to single signon, which require application passwords to be stored for each user.
How does Login Manager work?
Login Manager automatically fills in application login IDs and passwords on behalf of users, streamlining the application sign-on process for users.
Login Manager works as follows:
- The Login Manager software is installed on each user workstation.
- When users sign into their workstations, Login Manager acquires their
network login ID and password from the Windows login process.
- Login Manager extracts additional login IDs, associated with
the same user, from the user's Active Directory or eDirectory
profile. These optional login IDs are the only persistent data
stored by Login Manager: passwords are never stored.
- Login Manager monitors the Windows desktop for newly launched
applications:
- It detects when a user types one of his known login IDs or hi
Windows password into an application dialog box, HTML form
or mainframe terminal session. When this happens, the location
of the matching input fields is stored on a local configuration file.
- Whenever Login Manager detects an application displaying a previously configured input prompt, it automatically fills in the appropriate login ID and the current Windows password.
- It detects when a user types one of his known login IDs or hi
Windows password into an application dialog box, HTML form
or mainframe terminal session. When this happens, the location
of the matching input fields is stored on a local configuration file.
The net impact of Login Manager on users is that they continue to sign into Windows with their network login ID and password. When applications prompt for a login ID which is known to belong to the same user, or for a password which is consolidated or synchronized with the user's primary login password, Login Manager fills in the user's information automatically, eliminating the need for the user to retype his ID or password.
Login Manager is easy to deploy, easy to configure, and allows users to continue to sign into their applications from devices that are not equipped with the Login Manager software:
- Login Manager is installed as a simple MSI package.
- Login Manager does not require any manual configuration:
- It automatically learns what applications use the same login ID or password as Windows.
- Login Manager does not require a schema extension to Active Directory.
- Login Manager relies on password synchronization, rather than
stored passwords.
- Users still know their own application passwords.
- Users can sign in from devices that do not have the SSO software installed, such as their home PCs or smart phones, by simply typing their own password.
How is Login Manager different than existing E-SSO applications?
The reduced sign-on process used by Login Manager has several advantages over traditional E-SSO techniques:
- There is no global directory or database with user credentials:
- There is no target for a would-be attacker.
- There is no single point of failure which could cause a widespread disruption to users who wish to sign into applications.
- There is no need to enroll users by having them provide their passwords.
- There are no manually written scripts:
- No manual configuration is required.
- No infrastructure is required to distribute script files to PCs.
- Continued access to applications:
- Users sometimes need to sign into application from devices other than their work PC.
- Since passwords are synchronized and users know their own password, they can still sign in, even without the SSO software.
- In contrast, with other E-SSO products, users may not know their own application passwords. This disrupts application access using a smart phone, home PC, Internet kiosk, etc.
These advantages significantly reduce the cost and risk associated with deploying and managing Login Manager.
Are there cases where Login Manager is not appropriate?
In order to achieve its benefits of low cost and high availability, Login Manager makes three important assumptions:
- The set of login IDs associated with a given user is known.
It may either be a single ID (i.e., the user's network login), or a short list.
Where users have different login IDs on different systems, Hitachi ID Password Manager (formerly P-Synch) can generate login ID aliases using a combination of automation and self-service enrollment and can write this data to the user's profile in Active Directory or eDirectory. Login Manager can retrieve this list of login IDs at login time.
- Passwords are consolidated or synchronized.
Since Login Manager does not store a user's passwords anywhere, it depends on a user's application passwords being the same as the user's primary network password.
- Users sign into their workstations with a password.
Since Login Manager acquires a user's primary network password from the Windows login process, that process must itself use a password.
Combining Login Manager with other authentication technologies, such as smart cards or one time password tokens, may require extra integration effort, so that Login Manager can retrieve the user's synchronized password from a different source.
Can I Evaluate Login Manager?
Yes. Use this link to request an evaluation.
Also, please download, print, sign and fax back this license agreement,
You will then receive the software at no charge, with a limited time license key. Hitachi ID Systems will assist with software installation, and customers are asked to provide product feedback.