SecureLogin As a Solution

The Security Problem

Most organizations experience a major security problem---an abundance of applications and systems that require individual user authentication. This problem is worsening as the number of Internet applications increases. As more companies switch to eBusiness solutions, their authentication requirements change. Businesses now have new requirements for high-end authentication.

Networking dependencies have also brought about new security requirements for authentication, with an increasing need to identify the end user. This requirement is becoming increasingly difficult to meet.

Because technology continues to advance at a rapid pace, remembering usernames and passwords is also becoming increasingly difficult. An organization can no longer reasonably expect its users to remember long lists of username and password combinations, while still adhering to company security policies.

How Single Sign-On Fixes This Problem

Single sign-on fixes this problem by eliminating the need for users to remember their usernames and passwords beyond their initial network login. Single sign-on stores the usernames and passwords that each user needs and then automatically enters them for the user when required.

Single sign-on solves the security problem of users having to remember their login credentials. Single sign-on also increases productivity because users no longer need to enter usernames and passwords. The computer does it for them. As a result, single sign-on greatly reduces the number of calls to help desks concerning forgotten passwords.

The SecureLogin Solution

Novell^® SecureLogin is comprised of multiple integrated security systems that provide authentication and single sign-on to networks and applications throughout an organization. The goal is to provide a single entry point to the corporate network and its resources for users, increase security, and improve compliance with corporate security policies.

The separate single sign-on modules (components) of SecureLogin are designed for generic Windows*, Internet, and terminal emulator applications. SecureLogin's unique modular design allows it to be compatible with most new applications.

Security is an important feature of SecureLogin. SecureLogin stores all user credentials encrypted in Novell eDirectory^TM and optionally caches details in an encrypted format on the local workstation. The only user who can unlock the encrypted data is the user that the details are stored for. For example, a network administrator with all rights is not able to see a user's password for Internet banking.

SecureLogin is easy to use. Wizards, corporate scripts, predefined applications, and eDirectory enable you to intuitively configure---from a central point---SecureLogin for use in the corporate network. SecureLogin also includes a workstation administration tool that allows users to view their single sign-on details and, if you permit them to, add new applications and Web sites for single sign-on.

SecureLogin employs two methods of fault tolerance. One method uses local encrypted caching to ensure that network downtime does not affect single sign-on performance. Even if the corporate network is down, caching enables application logins to continue uninterrupted. A second method allows for scripting to cater to different login conditions and errors during login.

Local encrypted caching also enables SecureLogin to maintain single sign-on integrity for all mobile and remote users, regardless of network connectivity. If you permit them to, mobile users can update their single sign-on credentials when disconnected from the network and then update eDirectory with these details when the users are next attached.

Because SecureLogin is an eDirectory-enabled product, users can roam wherever eDirectory is. They can

• Log in from anywhere and get the same capabilities as if they were at their own desks.
• Log in and log off quickly, because they only authenticate to eDirectory, not to Windows itself.
• Roam the enterprise, logging into several different machines during the day.
• Work on a notebook or laptop in a disconnected mode, because their login credentials are saved to a local, encrypted cache.
• Securely use a shared, kiosk-type workstation, where many people log in temporarily for quick work and then log out.

Single sign-on has the following goals:

• Automate the repetitive manual login processes so that logging in is seamless to the user.
• Lower overall maintenance costs.
• Provide a secure, easy-to-use, fault-tolerant environment for logging in to Windows, Web, and mainframe applications.

Requirements for an Effective Implementation

A successful single sign-on system must meet the following seven requirements. SecureLogin was designed with these requirements in mind.

• Meet the changing needs of large organizations.

  New software must be easily installed and configured for single sign-on.

• Easily accommodate mobile users.

  Remote and roaming users must be able to access their single sign-on credentials and update them if necessary.

• Provide ease of management, rapid deployment, and fault tolerance.

  The single sign-on system must run efficiently, be easy for users to operate, and be easy for you to control and maintain.

• Employ industry standards and open architecture.

  The single sign-on system must be compatible with most existing software.

• Be secure.

  The password storage and playback mechanism must not allow for stealing secrets. The usernames and passwords must be encrypted and stored in a secure database.

• Be cost effective.

  The single sign-on system must save money and reduce the cost of ownership.

• Be seamless to the user.

  The second time a user logs in to an application, the application should look the same as the first time. Subsequent attempts to open the application should involve no user interaction for authentication.