- Are user names the same across all systems? If yes, implementing is easy. If no, a translation table will need to be built up to make sure JDOE in system 1 is equal to John_Doe in system 2 and DOEJ in system 3 and so on.
- Are password complexity rules the same in all systems? If yes, implementing is easy. If no, the most complex password requirement now becomes the defacto standard. Special character restrictions can also become an issue.
- What happens if System B is unavailable when the synch occurs? A password storage vault and error handling need to implemented to insure a reset can occur when the system becomes available.
- While SSPRM addresses forgotten passwords, how do we handle capture password changes and synch them?
When the number of systems expands much beyond that, the recommendation would be to lean towards a Single Sign On (SSO) solution that eliminates all of the issues above. SSO can capture and cache all credentials for any number of systems making the synch unnecessary. All users need to remember is one set of credential; their AD username and password. SSO can handle password resets automatically for all systems and complexity rules are a non-issue as they are addressed at the application level.
For more information, please visit our website.
No comments:
Post a Comment