ActivCard on Monday announced software that integrates multiple authentication techniques to simplify the process of providing secure, single sign-on access to enterprise systems and applications, as well as to Web sites and resources outside the control of IT.

ActivCard's Trinity software makes it simpler to provide multi-factor authentication, where users must have a smart card, token or use some form of biometric device along with a password or PIN. But the software also works with password-only systems, where it handles password management for multiple systems and applications.

Trinity consists of management server software used to enroll users and administer identity information, along with Windows client software that supports multi-factor authentication. A wizard-based toolkit to aid in application integration is also included, although no changes to existing applications are required.

When users log in to a system or application for the first time, Trinity will capture the information they enter into the login dialog box, says David McNeely, senior product marketing manager for ActivCard. On all future logins, Trinity fills in the dialog box on behalf of the user. The system can also apply to applications that are outside of the organization's direct control, such as third-party Web sites and business partner applications.

Trinity can be configured to store user credentials on a central server, the client PC or on a smart card, so the user can be authorized while disconnected from the network. Authentication can be enforced just once at the initial sign-on, or for each application.

Administrators can also configure Trinity to randomly assign maximum-length passwords to users and continuously change them, since users don't need to remember their passwords.

"Users don't even have to know what their passwords are," McNeely says.

A number of ActivCard customers use the system with biometrics and smart cards, McNeely says, often employing the same card used for secure building entry. Users authenticate by inserting their smart card into a reader that supports fingerprint biometrics, then touch the fingerprint pad -- thus providing two-factor authentication without ever touching a keyboard. That makes it feasible to allow authentication even down to the transaction level, which is important in fields such as health care where multiple doctors and other professionals may use the same PC.

Trinity is available in two versions. Trinity Sign-On, which supports only password-based authentication, costs $30 to $60 per user, depending on volume. Trinity Secure Sign-On, which supports fingerprint biometrics, tokens and smart cards, costs $50 to $90 per user.