With RSA Sign-On Manager 4.5, security giant RSA Security Inc. has re-entered the enterprise single-sign-on arena after a short hiatus.
Click here to read the full review of RSA Sign-On Manager 4.5.
2
With RSA Sign-On Manager 4.5, security giant RSA Security Inc. has re-entered the enterprise single-sign-on arena after a short hiatus.
Although two-factor-token maker RSA isnt a big fan of using only passwords for authentication, organizations can use just passwords with Sign-On Manager 4.5 if they prefer. Our tests showed that the RSA enterprise single-sign-on tool provides a host of cost-saving and security-improving conveniences to users and IT managers.
Sign-On Manager 4.5 started shipping last month and costs $49 per seat for the first 2,000 seats, with volume discounts available for larger purchases.
eWEEK Labs tests show Sign-On Manager 4.5 is a good fit for IT managers who are considering single-sign-on solutions for regulatory compliance, to improve user security and reduce help desk costs associated with resetting passwords.
One of the most important new features in Sign-On Manager 4.5 is IntelliAccess. IntelliAccess is a secure method of identification that recognizes users based on the responses to a set of previously answered questions. Although this technique isnt unique, RSA implements IntelliAccess in such a way that personally identifiable information is always encrypted.
This is one of the first password reset systems that we have felt comfortable enough with to input real answers to such personal questions as the names of teachers and parents and other highly valuable information (highly valuable from an identity point of view, that is).
We were able to vary the number of questions asked to enable emergency access to our Sign-On Manager 4.5 client systems from a low of three to a high of six. We could specify the number of correct answers required (for example, a user could get one answer wrong out of five total) for user verification.
The IntelliAccess self-service emergency access is the icing on the cost-reduction cake that IT managers could experience if they use Sign-On Manager 4.5. In other words, if users have only a single password to remember to gain access to all applications, the likelihood that theyll forget that single password drops significantly.
This observation is not to lessen the value of IntelliAccess. The reset module will likely drive password management costs to nearly zero after users have been properly trained in how to use the product.
Sign-On Manager 4.5 runs only on Windows 2000 Professional and Windows XP Professional, excluding Macintosh and Linux systems, along with all handhelds and mobile devices. The product does support access to Microsoft Corp.s Active Directory, Sun Microsystems Inc.s Sun Java System Directory Server and Novell Inc.s eDirectory.
Sign-On Manager 4.5 works with RSA SecurID Token for Windows Desktops and a host of additional RSA authentication and certificate management tools, based in part on technology RSA licenses from single-sign-on software publisher Passlogix Inc.
We tested with and without the additional RSA software and found that the product worked just fine on its own. Sign-On Manager 4.5 also works with many common certificate authorities, and, all told, IT managers should have little trouble integrating the product with infrastructure that is already installed.
Out of the box, Sign-On Manager 4.5 provides 31 single-sign-on templates for applications that are commonly found in the enterprise. As we found in our tests, and as reported in our case study of Hudson Advisors , creating templates turned out to be a simple task in Sign-On Manager 4.5. We used a utility supplied by RSA called the Application Learning Wizard, which, oddly enough, had to be downloaded to our management server. (We thought it should be included.) Then we simply added the application and let the wizard monitor credential input fields.
Some single-sign-on systems allow a user to create a master password, and the system then follows rules to create strong passwords on behalf of the user for all applications to which access is necessary. Sign-On Manager 4.5, on the other hand, enables users to create passwords to access applications, and users must create new passwords when the old ones expire.
Of course, Sign-On Manager 4.5 keeps track of the passwords and allowed us to mandate strong password generation policies. However, the product doesnt use a dictionary to prevent users from creating obvious passwords, nor does it store recently used passwords.
Many of these concerns vanish when RSAs two-factor authentication tokens are added to the mix, but we still think the product has room to grow when passwords alone are used to access applications.
Next page: Evaluation Shortlist: Related Products.
Page 3
Evaluation Shortlist
Citrix Systems Inc.s Citrix Password Manager Works with Windows-, Web- and host-based applications and can be used alone or with other access management tools (www.citrix.com)
CAs eTrust Single Sign-On Operates in a wide range of environments, reaching out to support kiosk applications (www3.ca.com/solutions/Product.aspx?ID=166)
Hewlett-Packard Co.s OpenView Select Identity A workhorse identity management platform that incorporates password management (www.managementsoftware.hp.com/ products/slctid/index.html)
IBMs Tivoli Access Manager for E-business 6.0 Tailored for Web-based applications (www-306.IBM.com/software/tivoli/)
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.