We were recently faced with an interesting objection from one of our prospects on a conference call about using SPGateway for Single Sign-On into an enterprise application. This prospect was asking about Oracle E-Business Suite (EBS), so we presented the solution and how it would integrate with their existing Identity Service provider by walking through the steps to prepare EBS for SSO.

These same preparation steps have been required for almost 20 years. One of the primary advantages of using SPGateway with a cloud identity service is in saving you months of time during this process as well as tens of thousands of dollars.

Meanwhile, one of the technical guys at the prospect tried to circumvent the need for SPGateway by saying he could accomplish the same result using a password vault and browser plugin — just synchronize the passwords between Active Directory, the Identity Service, and EBS.

The Difference

I wanted to take some time here to explain this approach and compare and contrast password vaults and a true SSO solution because it’s an important distinction.

Password vaults consist of a collection of login credentials stored in an encrypted database generally used for logging in to various web applications. There are two flavors or types: Personal and Enterprise.

A Personal vault is limited to a single person. Frankly, I believe everyone should be using a personal password vault on their phone and PCs for all of their accounts. As individuals, we must keep track of login information to multiple sites, and personal password vaults make it easy to have a secure means to enable the use of different, complex passwords for each application we use. For now, this is one of the best solutions for personal password management.

Enterprise vaults work similarly, with the exception that the passwords are not limited to a single user, but rather store information for many users and is managed by a centralized IT team. While these user’s passwords are being stored in the vault, it doesn’t enable true Single Sign-On.

Some of the downsides to these vaults is that they are often restricted to specific desktop browser versions; a frequent challenge we hear from our customers/prospects. This turns into a real problem when workforces begin moving to mobile devices. Additionally, true Single Sign-On only occurs when there are no passwords being passed around in the background and can be defined as when secured authentication tokens are passed instead. Password vaults don’t enable this secured authentication and therefore are subject to various risks, including compromised passwords on multiple layers (at the vault, in an application, or in transit). Other risks deal with the browsers, malware, and there’s also the fact that the browsers use plug-ins for this activity that are prone to breaking as well and lead to more help-desk calls.

Fortunately, there is a way to accomplish true Single Sign-On by leveraging SPGateway.

Some of the benefits of using our product include:

• Limiting the number of places where passwords can by compromised
• Reducing help desk calls for password resets
• Implementing consistent password policies
• Improving employee efficiency
• Compatibility across desktop and mobile devices

To learn more about the world’s first dynamic application tunnel and the benefits of incorporating it within your secure systems architecture, click here.