To ease the login burden when users access cloud-based applications, an increasing number of organizations are looking towards investing in enterprise single sign-on. These clients are either looking towards point solutions or extensions to existing access technologies such as SSL VPN appliances or software alternatives like Microsoft AD FS. Talking about Microsoft, standards-based technologies such SAML or Microsoft AD FS that is based on SAML2, has made it straightforward to use single sign-on for browser based cloud and web apps. Even AD-centric companies can use federated identity solutions, allowing a user to log-on to external third-party cloud applications authenticated with your local AD account.
This works fine for web based applications. But when it comes to desktop or client/server applications, IT departments face challenges as these typically require a client based single sign-on solution. In this case, a single sign-on client is installed on the local machine and “caches” the user name and password of the users as he or she access applications. Clients require management and installation on each desktop in the company and often falls short when it comes to many of the tablet, mobile and non-windows technologies used.
Similarly, when it comes to user self service password reset, web-based solutions for Active Directory is uncomplicated, but challenges may occur in connection with many enterprise applications that do not use AD for access and in addition, a client is typically required no the local PC.
The Omada Password management solution for system-wide synchronization and reset is based on the combined experience from implementing self-service password synchronization and – reset across complex platforms. This solution is ideally suited to deliver above experience without using any local single sign-on clients. We call this “simple sign-on”. It enables synchronization of passwords across all connected applications, so the user only has one password to remember. Essentially, when a user changes the password – due to a scheduled Active Directory password expiration process or a forgotten password – the Omada solution synchronizes this password to all connected applications on the “back-end” enabling the user to log-on to all applications using the same password credentials. This back-end synchronization offers a more uncomplicated approach than implementing more traditional enterprise single sign-on.
In addition, it supports best of both worlds: With the Omada simple sign-on configuration, customers can leverage the benefits of single and federated single sign-on based on SAML2 and augment the solution with Omada’s password synchronization simple sign-on concept.
Our customers are increasingly combining this approach with password reset. In the Omada configuration, once a user has reset their password either via a four eye principle (an Omada packaged workflow that allows a manager to reset an employees’ password automatically once the employee has been validated) or via out-of-band verification, or challenge question based, the new password will automatically synchronize to all connected systems. A simple approach with no client hassle.
To learn more, contact us here.