Single Sign-on: Regulating access cards
By now, many organizations and employees are aware of the advantages of single sign-on (SSO) solutions because they only have to remember a single password rather than dozens of complex passwords.
In essence, because of the technology, IT departments receive fewer password reset calls, while the organization also can use the solutions to meet its auditing requirements.
Typically, after the number of passwords has been reduced to a single complex password, organizations often replace its remaining password, too. SSO makes this possible by replacing the remaining username and password with an access card and a PIN code. Any type of user card can be used for this; for example, an ID or library card. Users will be logged in automatically by placing their card against, or on, a card reader. The card’s unique ID is then linked to the holder’s username and password. This is referred to as self-service enrollment.
It’s a user-friendly service for employees, but many organizations do not want employees using random card types. Instead, they only want to use cards issued by the organization itself. Because of this, certain cards can be excluded from self-service enrollment, so that physical access cards are only allowed if they are used internally.
Enterprise single sign-on solutions offers the ability to only allow active cards. When a card is issued (when a new employee enters service), it is activated. By setting up a link with the key card system, it’s possible to only accept cards that are used actively within the organization. The main advantage is that the existing and mature facility management process will govern both physical and logical access. When employees leave service, their access cards will be revoked and/or disabled, after which the card is also disabled in the enterprise single sign-on. The result is effectively disabling access to the network and any applications.
Additionally, organizations might go a step further and only accept cards of employees who are physically present within the premises. Another option is to link access cards to the HR system. When the HR system indicates that an employee has left service, that user card will be disabled so that it can no longer be presented to obtain physical or logical access.
Single sign-on combined with a user cards offers a variety of options for integration with other systems, increase security and further protect organizational data.
Dean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » The cybersecurity angle: Why recent research and investment in quantum and IoT is key
- » Why the Internet of Things and DDoS attacks are a match made in heaven
- » Why the missing link for enterprise digital transformation is Zero Trust Security
- » Keeping an eye on the overlooked security threat hiding in your office
- » Tech, people and culture: The three pillars of business innovation and digital transformation