Key Features

Security

E-SSOM handles all user account details securely.
Communication: All information exchanged between the various E-SSOM components is encrypted.
Local storage: When using a laptop, depending on the configuration, all log-in details are encrypted and stored locally on the hard drive.<>br Database: A copy of every username and password is stored in the central database. These details are encrypted.
Logging: All end-user activities are logged in the central E-SSOM database. E-SSOM is developed in such a way that all confidential information is exchanged and stored securely.
DPAPI Security: The coded algorithms in E-SSOM are based on DPAPI Security, but other algorithms can be applied to meet your organization’s security standards. The highly acclaimed DPAPI password security system complies with the strictest security rules. It also offers the possibility of retrieving data in the case of lost or forgotten passwords.

Scalability

We often observe a peak in the use of an SSO application in the mornings as employees begin their working day. Research shows that in 96.5 per cent of cases, E-SSOM is used during the first 30 minutes of the working day. During this time, the central E-SSOM engine must be capable of supplying all the details for the end-users and their applications. To streamline this process, the log-in request is distributed to a variety of Microsoft Windows Services. Our license model permits an unlimited number of E-SSOM service requests in the network and supports up to 250,000 workstations.

High availability

End-users will be dependent on the SSA solution to an increasing degree. The software’s availability is thus crucial. E-SSOM guarantees that end-users are always able to use the software through a variety of mechanisms. These mechanisms are:
Replication: User account details can be stored in a relational database. Standard applications for secure storage are applied. E-SSOM supports locating the database on a cluster server and/or database replication.
Multiple services: The central E-SSOM engine is a Microsoft Windows service. E-SSOM has fault-tolerant implementation. Information on the rights of the end-user is exchanged via a replicable database. On the end-user’s side, E-SSOM automatically selects an available service.
Local storage: Local storage is supported if a workstation cannot establish a connection to the central E-SSOM service. The local workstation then utilizes an offline mode.

Two-factor authentication

Two-factor authentication (TFA or 2FA) involves using two independent resources to confirm a person’s identify. E-SSOM can provide additional security for the SSO login based on a user pass-card with a PIN code. Read more on two-factor authentication.

Fast User Switching

This feature allows users to logon to and logoff from public computers quickly. When users log on using Fast User Switching, applications that they require can be automatically started and logged on to. When users log off, E-SSOM can log off from the applications and/or close them.
The login procedures can be simplified by combining Fast User Switching with a user badge. In this way, users can obtain access to applications by inserting their pass. They can log out by removing their pass, so that the computer becomes available for the next user.

Follow-Me

An addition to Fast User Switching is the Follow-Me principle, which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. This results in considerable time savings, particularly in the case of specialists who make their rounds along departments and need to have access to their data via various computers.

Integration with other solutions

The central E-SSOM engine supports integration with external systems and applications. E-SSOM has both a COM object interface and contains support for an open standard SPML (Service Provisioning Markup Language). SPML is based on SOAP/XML messages and E-SSOM supports web services. E-SSOM can be integrated with applications for password resetting and user provisioning.
Password reset: When an application requests the entry of a new password after a period of time, E-SSOM itself can generate and store a new password. E-SSOM can also allow the end-user to fill in a new password manually.
User Provisioning: When a new employee begins work, user accounts and passwords must be created in a variety of systems and applications. E-SSOM can create a link with a number of applications for automated User Provisioning, such as UMRA, IDM3, ILM and Sun Identity Manager. The end-user thus has direct access to the application landscape and doesn’t have to do anything himself.

Multiple user accounts per employee

Some end-users have access to an application through a variety of accounts and usernames, for instance system administrators. For example they have a ‘normal’ account and an ‘admin’ account. This system administrator probably has access to a number of environments for development, testing or production. In such cases E-SSOM shows an extra window when the application is launched. Here the administrator selects a specific username and/or environment. E-SSOM then ensures that the application is launched in the correct environment with the correct username/password combination.

Delegating applications

During a vacation or sick leave, it may be necessary to grant another user temporary access to one or more applications. This requires network modification to ensure that the temporary user acquires the correct rights. This also entails risksas it is often forgotten to revoke the temporary rights again. E-SSOM offers the ability to delegate specific rights of the absent employee to another end-user for a specific period. Once the configured period has passed, the rights of the temporary employee are automatically revoked.