To setup sso, securing the primary login (e.g. to Active Directory) is required. Instead of entering a username and password, users can automatically log in by presenting a smart card to a reader and entering a PIN code. Combining a smart card and a PIN code ensures strong authentication because this two-factor authentication is based on something users own (the smart card) and something they know (the PIN code).
E-SSOM offers full integration with all common two-factor authentication readers, such as HID, UziPas, Mifare, Biometrie, Gridtoken, proximity-based devices and RFID readers.
E-SSOM offers native integration with the driver software of the (card) reader and links the smart card ID to the user credentials (username/password) in Active Directory. No additional software is required to create this link.
Additional E-SSOM Options:
- Auto Start: Once end-users have confirmed their identity using a smart card and PIN code, the required applications are loaded, and they will be logged in by the SSO solution automatically.
- Auto Close: If a workstation has been locked by a user, other users will not be able to log in. The applications for the user who locked the machine will be properly saved, while a Fast User Switch or Follow Me will take place to accommodate the new user.
- Self Service Registration: If a user presents an unknown smart card to the reader, E-SSOM will ask which username/password must be linked. It is not necessary to link and issue smart cards for this centrally. End-users can perform registration themselves, resulting in a drastic reduction in the central management burden for smart cards.
- PIN Code Memory: E-SSOM offers users the option to remember their PIN code for a defined period. This means users will only have to enter their PIN code once, e.g. at the start of their workday. Then they will only have to use the smart card and not the PIN code.
- Smart Card Behavior: E-SSOM allows administrators to determine exactly how smart cards must be handled. For instance, it is possible to configure the system such that smart cards must remain presented to the reader (contact less reader) during the time an employee is logged in. If the smart card is removed, so is the user access. Another option is to require this only during the initial login. It is also possible to have users present their smart cards to the reader for just a couple of seconds. As long as the reader supports these features, it is possible to configure this in E-SSOM.