Aegis Single Sign-On Appliance

Single Sign-On Solution

Many users struggle with identity access management as the number of usernames and passwords needed to access internal and external applications increases. Surveys show that 36% of users have six to 15 passwords, and another 18% have more than 15. All of these usernames and passwords lead to increased help desk expenses, lost user productivity, irritated users and security vulnerabilities.

With Aegis’ Single Sign On Software, organizations can centralize security and authentication policies for web applications across the organization in a repeatable, scalable manner. Our Single Sign On Solution reduces security risk, improves user experience, and increases productivity while decreasing the implementation costs traditionally associated with deploying SSO solutions from ‘scratch’. Aegis’ appliances leverage the best practices and knowledge gained from over 60 successful deployments, providing clients with an ‘out of the box’ solution for SSO login.

Aegis’s SSO Appliance Highlights
 

• Offers pre-built options to implement Single Sign-On to web-based applications, including those built on Apache HTTP, Tomcat, Microsoft IIS, Oracle/BEA, WebSphere, and Glassfish
• Integrates with existing authentication systems such as Microsoft Active Directory and LDAP, allowing the user to have a single login identifier that works across the enterprise
• Aegis’s SSO Appliance includes hardware and software that takes into account sizing, high availability (HA) and future scalability. The appliance requires minimal configuration to integrate with existing authentication services
• Our Single Sign On Solution is delivered on a best-in-class solution providing robust auditing, reporting, and enterprise-level functionality
• The SSO Appliance is scalable to hundreds of web applications, both internal and external to the organization’s network 
   

Detailed Functionality

The Appliance includes:

• Discovery of existing enterprise accounts
• Directory integration to existing Active Directory or LDAP directory
• Policy and rule configuration
• Authentication and authorization
• Session persistence
• Workflows to request access to the SSO-integrated applications
   

Existing Directory Integration

The Single Sign-On appliance is connected to an organization’s existing LDAP Directory or Microsoft Active Directory. The directory is used for all authentication and authorization (via groups). It is the single user name and password store used by all OpenSSO applications.

Policy and Rule Configuration

Policies and rules are configured against the existing directory to determine which users are allowed into each application. The policies are configured based on pre-existing attributes and/or group memberships.

Session Persistence

The SSO Appliance is configured to persist sessions to an OpenMQ message queue for high availability and system failover.

Request SSO Access

An identity management workflow is available to request access to additional groups, allowing users self-service and manager/owner approvals to gain access to SSO-integrated applications.

Conclusion

Aegis’s Single Sign-On Appliance offers the solution organizations need to solve unique access control challenges while providing a platform that scales to handle future Identity and Access Management needs such as password management, provisioning, federated identity and compliance.