Can single sign-on (SSO) provide authentication for remote logons?
If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A.
There are two ways to implement enterprise single sign-on (SSO) for remote logons. One is to use Citrix itself, which you already have, and the other is to set up an SSL VPN with another provider.
Citrix Password Manager lets users sign on whether they're already in the network and behind the corporate firewall, or whether they're off-site and remotely logging in from outside the firewall. The product uses the Citrix Presentation Server to manage passwords, and users can access their accounts with the Citrix Web Interface. Password Manager has been enhanced for SSO, too, and integrates with Active Directory.
Password Manager is fully automated, and users can set themselves up and reset passwords on their own without having to call the help desk.
Another approach for remote user authentication is an SSL VPN. An SSL VPN allows specific remote users to connect to particular internal applications, which is what you're trying to do here. This contrasts with a traditional IPsec VPN, which connects a workstation to a network.
As for combining SSO with an SSL VPN, Aventail Corp. now offers SSO access in its beefed- up ST2 platform. Aventail is a leading vendor in the SSL VPN market and integrates with Active Directory, LDAP and RADIUS, an authenticating server for remote users.
Another top player in the SSL VPN arena is Juniper Networks Inc. Juniper joined forces with RSA Security (which is now owned by EMC Corp.) to add SSO functionality to its SSL VPN offering. The RSA Federated Identity Manager handles the SSO side of the application and integrates into existing corporate directories.
The key point to remember with SSO is that it cuts both ways. With a single user ID and password for multiple applications, it provides real ease of use for your employees. That ease of use, however, extends equally to malicious users trying to get into your system. In one stroke, an entire network can be compromised.
Whichever SSO solution you choose, make sure it's secure, harden all SSO hardware and software and educate users in safe password handling practices.
- Set up endpoint security features on a Juniper SSL VPN.
- Learn more about VPNs in our Network Access Control Learning Guide.
Dig Deeper on Identity and access management
Related Q&A from Joel Dubin
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
What's the purpose of CAPTCHA technology and how does it work?
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Single sign-on best practices: How can enterprises get SSO right?
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading