Modernizing Authentication — What It Takes to Transform Secure Access
Passlogix has introduced a new version of its single sign-on (SSO) system that now works with multiple Lightweight Directory Access Protocol (LDAP) directories and virtually any type of authentication system. The product also now supports various work modes, including disconnected and roaming among different computers on a network.
Passlogix' v-GO SSO 3.0, like its predecessor versions, also uses technology more commonly found in intrusion detection systems (IDS) to enable users to log on to most any enterprise application, without requiring complex integration. The technology essentially recognizes the patterns, or signatures, that indicate an end user is attempting to log on to an application, much like an IDS recognizes the signatures that indicate a network attack.
Marc Boroditsky, CEO of Passlogix, says most SSO products fail because of the integration issue. An enterprise with more than 10,000 users typically has a huge number of homegrown applications, he says. It is difficult to integrate them with other SSO products because they lack APIs or documentation that would help in an integration effort. Additionally, many SSO products won't work with externally hosted applications, such as those from an application service provider.
"The only way to get to the nirvana of reducing help desk costs is to get all of your applications on board," Boroditsky says.
Version 3.0 of v-GO helps in that effort by working with any LDAP directory, he says. User credentials, which indicate what access rights each user holds, are stored in the directory. A user logs on once and is authenticated by v-GO. From there, v-GO recognizes each future logon attempt, to any application. If the user is authorized, v-GO forwards to the application the appropriate logon script - such as a username and password - in the form the application expects to see.
The key is that users don't have to write any sort of connectors or scripts between the SSO product and their applications, Boroditsky says. Rather, v-GO detects the correct logon formats for each application on its own.
"Our sales people have fun going into customers who have been burned by other vendors; [the customers] couldn't get a pilot to work with even a handful of applications," he says. "We have v-GO working with a majority of applications within minutes. It starts to detect the logon events automatically."
In Version 3.0, Passlogix has integrated v-GO specifically with the iPlanet Directory Server, with support for Novell's eDirectory/NDS coming this quarter and Microsoft's Active Directory by early fourth quarter.
The new version also now supports virtually any form of authentication mechanism, including smart cards and biometrics, Boroditsky says. This is used only to start the initial session with v-GO. To date, the company has announced integration with BioNetrix authentication products.
v-GO also supports public key infrastructure-based authentication, with products from Entrust and RSA Security.
Additionally, Version 3.0 of the product now offers the ability to work in various modes, including disconnected mode. This is possible because a user's credentials are cached on the desktop or laptop, giving him or her the ability to authenticate even before they are connected to the network.
Being able to work in disconnected mode is key for users, such as sales representatives, who routinely connect from outside the enterprise. Without it, users would need to sign on to their laptops as well as their dialer programs and the corporate virtual private network before they could access any applications. "That's three sign-ons before getting to the corporate network," Boroditsky says. "And a server-based approach could not have satisfied the logons for the VPN and dialer."
The caching capability enables the user to authenticate to v-GO locally, after which v-GO handles all remaining logon requirements. The feature also enables users to roam from one machine to another, each time bringing their credentials with them, he notes.
v-GO SSO 3.0 is available now for $69.95 per user, or less in volume purchases.