Enterprise Single Sign-On Manager
Application Level SSO Solution

In today’s complicated network environment, resources such as internal network applications, Internet applications and even operating systems can require several logins before users even begin to start working. This scenario creates a number of problems. The constant logging and re-logging in can add up to a substantial amount of downtime. Further, workers may become frustrated by the multiple prompts and can have trouble keeping track of their usernames and passwords. Enter the Enterprise SSO Manager, a revolutionary Single Sign-On solution with technology unmatched by similar products.

What Is It?

Enterprise SSO Manager (ESSOM) is a high-level enterprise solution that’s purpose-built for large networks in need of a scalable, reliable Single Sign-On solution. ESSOM gives users access to all their applications and resources from a single login. This method provides complete support of the application landscape and grants easy manipulation of both users and their access.

How Does It Work?

ESSOM operates as an extra layer of software which processes all the login dialogues for the end user. With this method, users only need to remember one username and password, thus eliminating subsequent login requirements.
The concept is based on a proven and successful building-block technology created by Tools4ever. The advantage of this system is that new applications can be added to a list of existing ESSOM applications faster and with more flexibility. This structure also lets administrators extend and adjust current application templates.

What Can ESSOM Do For Me?

Using ESSOM in your organization offers multiple and immediate benefits, including:

Convenience: Some departments may require employee’s login to 15 applications or more. With ESSOM, a single login at the start of the work day gives users access to all their applications. ESSOM is easy and efficient.

Security: Multiple applications typically require multiple usernames and passwords. Often, this sensitive information ends up on sticky notes pasted to computer monitors, scraps of paper hidden under keyboards, etc. These crude workarounds nullify your organization’s costly and complex security policies. ESSOM strengthens your organization’s security by eliminating these all-too-common vulnerabilities. ESSOM also safeguards the integrity of users’ account info in the following areas:

Communication: Information exchanged between the ESSOM componentry is encrypted and no readable text is communicated between workstations and the central service.

Caching: For laptop users, all login info is encrypted and stored locally on the hard disk.

Database: The secure SSO database stores and encrypts all user credentials.

Logging: All user activity is logged to the central ESSOM directory. ESSOM has been designed so that sensitive information is exchanged and stored only when required.

DPAPI security: ESSOM’s encrypted algorithm is based on DPAPI security, though other algorithms can be applied to meet your company’s security standards. DPAPI’s highly regarded password-based protection system meets the strictest security guidelines while also allowing for easy recovery of data in the event of lost or forgotten passwords.

Compliance:ESSOM works on several levels to guarantee compliance, including:

Central access registration: ESSOM acts as a central gateway to all applications and allows for multiple compliance options. For example, our solution lets you deny access to specific users in one single SSO action, rather than denying access to every application in the network.

Integral reporting: ESSOM logs user account access as well as time of access in individual applications.

Access restriction: ESSOM performs several checks before logging into any application. ESSOM asks: can this application be accessed from this workstation and by this employee? Has the proper access card been inserted into the reader? Is the PIN code valid? Additionally, the same system link that grants access to buildings also ensures that certain employees can start only certain applications and in certain rooms.

Scalability: Research shows that 96.5% of ESSOM utilization occurs during the first 30 minutes of the work day. During that time, the ESSOM engine strains to supply data for all users and their respective applications. To streamline this process, our solution distributes login requests among several Microsoft Windows Services. Further, the license model allows for an unlimited number of instances of the ESSOM service in the network and supports up to 250,000 workstations.

Availability: As users increasingly depend on the SSO solution, availability becomes crucial. ESSOM guarantees that users will always be able to utilize the software. The following mechanisms illustrate how this is possible:

Replication: User account credentials are stored in a relational database. To guarantee safe storage of this data, ESSOM supports features such as database replication and placing the database on a cluster server.  

Multiple services: Powered by the Microsoft Windows Service, ESSOM allows multiple services to run and information is exchanged via a replicated database. Running on a user’s workstation, ESSOM will automatically select the most available service.

Local caching: Local caching is supported in an “offline” mode if a workstation can’t connect to the central ESSOM service. This feature is especially helpful for laptop users who don’t always connect to the company network, but still require ESSOM.

Integration: The central ESSOM engine can be easily integrated with external systems and applications, including:

Password Reset Applications: These include password synchronization or help-desk applications. If a password is reset for a certain user in a certain application, integration allows processing of this reset by ESSOM. As a result, the changes are transparent to the end user.

User Provisioning: ESSOM connects to many common user-provisioning applications such as UMRA, IDM3, ILM, Sun Identity Manager and more. This integration allows users to be recognized immediately in ESSOM.

Reporting: A SQL database stores all data related to users’ access of applications. The data model of ESSOM is published and can be accessed with reporting tools.

Customization: Some employees may access applications through more than one username. For example, system administrators may have both standard and admin accounts, or may need access to applications in different environments such as development, test or production. In these situations, ESSOM lets administrators select a specific username and/or environment when an application starts up. After the initial selection, ESSOM ensures the application starts in the right environment using the correct username/password. 

Delegation: Employees may sometimes require temporary access to another user’s applications – during vacations or sick leave, for example. This requires either changes to network security settings or an exchange of usernames and passwords. Both these approaches have a negative effect on security. Access rights often are not returned to their original settings and passwords typically remain unchanged when the original user returns. ESSOM solves this problem by granting temporary credentials to other users for specific applications during specific time periods. Additionally, absent employees can define which users and which applications can be accessed during their leave. Once the time period has ended, those credentials are automatically revoked.

Ready For More? Download The Trial!

We’re confident our ESSOM solution will reap great rewards at your organization. If the information provided above still doesn’t have you convinced, feel free to try out ESSOM with our trial download.

Though the trial version contains a limited set of templates, Tools4ever and Advanced Toolware has created a large library of templates that support many applications straight out of the box. In fact, in just a few short days, a Advanced Toolware consultant can deliver an ESSOM implementation of 1,500 end users and 20 applications. From there, system operators are free to make any desired template adjustments via the block-building system.

Download today or call 1-888-770-4242 for additional information.