Start-up takes sign-on tasks out of users' hands

Start-up software vendor Version 3 is putting a twist on single sign-on with software that lets companies ease end-user and network administrator access to applications and services and cut expensive, help desk calls for password resets.

The company's Simple Sign-On runs on top of Microsoft's Active Directory and taps into user and application data stored in the directory. Instead of users having to remember multiple passwords for the applications they access and enter those credentials into a logon screen, Simple Sign-On stores encrypted usernames and passwords, and provides end users with desktop or start menu icons that open applications.

When users want to access a network or Web-based application, they click on the icon. Simple Sign-On handles the logon in the background using an agent deployed on the desktop, and the user never sees the logon screen. The software supports automatic logon for terminal and mainframe sessions, and can be used to control administrator access to Windows servers, which means administrative passwords can be protected.

Users don't have to remember policies, such as requirements to change passwords every 30 days, and administrators can use more-complex passwords to protect access to applications. According to Meta Group, automating password administration can save a 10,000-user company $648,000 per year.

"We use this to ease our management burden and make life easier for our students," says Ray Midgett, assistant director of telecommunications for the Charlotte Mecklenburg Schools in Charlotte, N.C. "We have a lot of applications that require authentication, and the kids can't remember their usernames and passwords." Midgett says his staff had tried to write scripts to build shortcuts to the applications but it became a burden.

Midgett uses the Connection Management feature of Simple Sign-On to map printers and network drives for end users, a process that previously he did with logon scripts.

Simple Sign-On also has an application monitor that can automatically log out users whose machines sit idle for a certain amount of time, and includes controls to lockdown desktops to prevent access to features such as games. The software also can support the addition of a second form of authentication for application access, such as a smart card or biometrics device.

Simple Sign-On is managed through the standard Active Directory administrative console. The software includes a simple provisioning capability that permits creation of user accounts and includes a provisioning API so Simple Sign-On can plug into a full-blown provisioning application. Also included are logging and auditing tools to monitor application and content access.

Simple Sign-On, which competes with products from vendors such as Passlogix and Novell, costs $49 per seat.