By Cameron Sturdevant  |  Posted 2006-01-09 Print this article Print

With RSA Sign-On Manager 4.5, security giant RSA Security Inc. has re-entered the enterprise single-sign-on arena after a short hiatus.

Although two-factor-token maker RSA isnt a big fan of using only passwords for authentication, organizations can use just passwords with Sign-On Manager 4.5 if they prefer. Our tests showed that the RSA enterprise single-sign-on tool provides a host of cost-saving and security-improving conveniences to users and IT managers.

Sign-On Manager 4.5 started shipping last month and costs $49 per seat for the first 2,000 seats, with volume discounts available for larger purchases.

eWEEK Labs tests show Sign-On Manager 4.5 is a good fit for IT managers who are considering single-sign-on solutions for regulatory compliance, to improve user security and reduce help desk costs associated with resetting passwords.

Click here to read about how one mortgage company is using RSA Sign-On Manager 4.5. One of the most important new features in Sign-On Manager 4.5 is IntelliAccess. IntelliAccess is a secure method of identification that recognizes users based on the responses to a set of previously answered questions. Although this technique isnt unique, RSA implements IntelliAccess in such a way that personally identifiable information is always encrypted.

This is one of the first password reset systems that we have felt comfortable enough with to input real answers to such personal questions as the names of teachers and parents and other highly valuable information (highly valuable from an identity point of view, that is).

We were able to vary the number of questions asked to enable emergency access to our Sign-On Manager 4.5 client systems from a low of three to a high of six. We could specify the number of correct answers required (for example, a user could get one answer wrong out of five total) for user verification.

The IntelliAccess self-service emergency access is the icing on the cost-reduction cake that IT managers could experience if they use Sign-On Manager 4.5. In other words, if users have only a single password to remember to gain access to all applications, the likelihood that theyll forget that single password drops significantly.

This observation is not to lessen the value of IntelliAccess. The reset module will likely drive password management costs to nearly zero after users have been properly trained in how to use the product.

Sign-On Manager 4.5 runs only on Windows 2000 Professional and Windows XP Professional, excluding Macintosh and Linux systems, along with all handhelds and mobile devices. The product does support access to Microsoft Corp.s Active Directory, Sun Microsystems Inc.s Sun Java System Directory Server and Novell Inc.s eDirectory.

Sign-On Manager 4.5 works with RSA SecurID Token for Windows Desktops and a host of additional RSA authentication and certificate management tools, based in part on technology RSA licenses from single-sign-on software publisher Passlogix Inc.

We tested with and without the additional RSA software and found that the product worked just fine on its own. Sign-On Manager 4.5 also works with many common certificate authorities, and, all told, IT managers should have little trouble integrating the product with infrastructure that is already installed.

Out of the box, Sign-On Manager 4.5 provides 31 single-sign-on templates for applications that are commonly found in the enterprise. As we found in our tests, and as reported in our case study of Hudson Advisors , creating templates turned out to be a simple task in Sign-On Manager 4.5. We used a utility supplied by RSA called the Application Learning Wizard, which, oddly enough, had to be downloaded to our management server. (We thought it should be included.) Then we simply added the application and let the wizard monitor credential input fields.

Some single-sign-on systems allow a user to create a master password, and the system then follows rules to create strong passwords on behalf of the user for all applications to which access is necessary. Sign-On Manager 4.5, on the other hand, enables users to create passwords to access applications, and users must create new passwords when the old ones expire.

Of course, Sign-On Manager 4.5 keeps track of the passwords and allowed us to mandate strong password generation policies. However, the product doesnt use a dictionary to prevent users from creating obvious passwords, nor does it store recently used passwords.

Many of these concerns vanish when RSAs two-factor authentication tokens are added to the mix, but we still think the product has room to grow when passwords alone are used to access applications.

Next page: Evaluation Shortlist: Related Products.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel