Overview#

Consistent Sign On utilizes Password Synchronization methodologies so the user only has one userID and one password to remember.

The advantages and disadvantages also must include those for Password Synchronization methodologies as password synchronization is used to make CSO possible.

In the typical is implemented to several applications across the organization to provide CSO. The credentials are in LDAP servers where the applications utilize the LDAP server to authenticate the user for access to the protected resource.

Advantages CSO technology addresses some common support problems:

• Users tend to forget their passwords. With Consistent Sign-On, they only actively use one password, so are less likely to forget it.

Dissadvantages Unfortunately, this technology also has some deployment and security problems:

• Users don't like to enter their Credentials multiple times.
• The “Keys to the Kingdom” threat where if a user’s password is discovered, all applications and platforms used for CSO maybe susceptible.
• If the user forgets their credentials then they can not use any application implementing those same credentials.
• Typically offers no assistance with Privileged Account Management

Server or Client Implementations#

CSO is typically implemented in one of two methods.

Server based CSO #

The user changes his password and the password is replicated to all other systems participating in CSO.

Client Based CSO#

Often called Credential Management Store, this methodology utilizes a secure storage area where credentials are kept for all or most of a users applications. The user authenticates to the credential store and a client-side agent then supplies the credentials to the individual applications or platforms.

This solution requires a client-side agent, or service manages credentials on behalf of the user. When access is required to a specific system, the front-end agent, or service then passes the appropriate credential through to gain the required access.

The client-side agent may also manage password changes such that they are consistent, according to a chosen policy, across systems.

More Information#

There might be more information for this subject on one of the following:

• CredentialManagementStore
• IDM The User Dilemma
• Overview Of Password Concepts
• Password Management Methodologies
• Password Synchronization
• Policy Enforcement Point
• Reduced Sign-On