A Guide to Authentication Services in IBM Security Access Manager for Enterprise Single Sign-On

An IBM Redpaper publication

Published 16 February 2012

cover image

IBM Form #: REDP-4835-00
(38 pages)

More options

Rate and comment

Authors: Axel Buecker, Kenny Chow, Jenny Wong

Abstract

IBM® Security Access Manager for Enterprise Single Sign-On introduces a new level of security, authentication, and automation experience to business enterprise users on their desktop applications. On a day-to-day basis, the number of resources or applications that a business user accesses varies and is inevitably increasing. Applications that a user employs during normal daily activities might require a range of elements to authenticate or verify the user’s identity before granting access to corporate information. The classic authentication approach is the unique user name and password combination. Each desktop application might require its own unique set of user name and password credentials. The challenge that users are faced with is the need to remember each and every set of unique credentials for different applications. Access Manager for Enterprise Single Sign-On offers users an experience that eliminates the need to remember and manage multiple sets of user names and passwords. Through the ease of AccessProfiles, this solution is able to capture and manage credential information for a range of supported application types. Not only does this increase user efficiency by making daily activities more convenient, but, very importantly, it efficiently decreases costs for business organizations to address password management issues, supports the need to manage business risks, and ensures that sufficient security and regulatory compliance are in place.

Access Manager for Enterprise Single Sign-On offers efficient sign-on solutions and automation of workflow for existing applications as they are. No modifications are required to the existing targeted systems, platforms, or applications where the product is deployed. Consequently, the format of user name and password logon information can differ between applications. Access Manager for Enterprise Single Sign-On uses the concept of authentication services to represent and map to the different formats used. In some cases, AccessProfiles require specific engineering to accommodate complex application credential structures and authentication logic.

This IBM Redpaper™ publication explains the fundamentals of authentication services; how they can be deployed and associated with desktop applications; and highlights best practices regarding how authentication services should be utilized to achieve successful automation workflow and single sign-on.

Table of contents

Authentication services concepts
Building blocks of an AccessProfile
Enterprise and personal authentication service
Direct and indirect authentication services
Authentication service group and links
Server locators
Best practices and use-case scenarios
Code snippets for common tasks

Follow IBM Redbooks

Follow IBM Redbooks