Embed Size (px)
DESCRIPTION
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them
Citation preview
TM
SINGLE SIGN ON SYSTEM
Exceleron Evolutionary Access Management System for Telecommunication Industry
TM
SINGLE SIGN ON SYSTEM DEFINITION
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
TM
SINGLE SIGN ON SOLUTION OVERVIEW
• Improved Security through the reduced need for a
user to handle and remember multiple sets of
authentication information.
• Increased Ease of Use and better implementation of
security schemes
• Improved Response, by system administrators in
adding and removing users to the system or
modifying their access rights.
• Better Visibility into user activities
TM
SINGLE SIGN ON SOLUTION OVERVIEW
• Reduction in the time taken by users in sign-on
operations to individual domains, including
reducing the possibility of such sign-on operations
failing
• Better Administrative Policy Control by managing
password policies, workstation restrictions, lock-out
controls, and more, without having to perform
additional tasks in the cloud
TM
SINGLE SIGN ON SYSTEM DESIGN
TM
SINGLE SIGN ON SYSTEM OVERVIEW
• Single login server will be used to authenticate and
authorized users to access different
workstations/EMS/OMC/NMS
• User matrix with access rights and roles will be defined at
the single login server from administrative server, the
creation, deletion, and modification of user accounts shall
be supported
• SSO will initiate session with OMC both graphically (visually)
or through command line (telnet/ssh/rlogin) interface (as
applicable)
TM
SINGLE SIGN ON SYSTEM AUTHENTICATION
• Only one set of credentials will be required for user to login,
Single Sign On will internally perform automated username
and password mapping of OMC privileged accounts.
• That one set of credentials can be authenticated via
• LDAP
• through an internal database
• Through an external database (Oracle, SQL Server, DB2, Sybase)
• a combination of any of the above.
TM
SINGLE SIGN ON SYSTEM UI
• Robust Windows desktop application and light-weight web
application for command-line access to the monitored
servers
• For accessing the servers via GUI, a light sign-on utility will
run on the front end desktop machines to support multiple
sessions.
TM
SINGLE SIGN ON SYSTEM LOGGING
• All command-line interaction is logged in the SSO server for
security purposes.
• Customizable reporting available through Reporter Module
TM
SINGLE SIGN ON SYSTEM CUSTOMIZATIONS
• Higher level restrictions can be applied for the users logging
on using SSO.
• Example: Even if the connected server allows its logged in user
to run specific commands but these commands can be blocked
at the SSO layer
• A set of commands can be run automatically by just clicking
a button
• Example: The SSO automatically runs a command to get status
of all the ports, then restart down ports sequentially
TM
Thank You!
