Authentication and Single sign-on (SSO)

The Electronic Fingerprint

In most cases one does not want to completely isolate a network. Often, various users require different access rights. In such cases, there are two main issues: firstly, making logging in with a false identity impossible. Furthermore it should be possible to give registered users varying levels of access to the network.

Another option besides the widely used secure authentication by way of user name and password is the so-called two-factor authentication. This type of authentication involves an additional element, a second factor, in order to secure access. On top of user name and password, this might take on the shape of a text message with a unique, briefly valid number. In this age of Phishing, Farming, and Man-in-the-middle attacks, not only banks and financial institutions, but also small and medium-sized enterprises are focusing on this technology to protect from intruders.

These complex, high security mechanisms do however have one drawback: they are unpleasant for the user. After all, which user wants to have to reenter his password every time he tries to access a web page or internal server? One solution to this issue is to implement single sign-on approach. The user logs into the system once and subsequently has access to all linked areas in accordance with his clearance. Due to the high level of flexibility in integration, one can equip both existing networks with SSO, but can also scale it to certain parts of the network or isolated systems.

The combination of these two methods allows secure authentication without causing additional work for the user.