Sun Introduces Access Management Software

Manage user identities and applications witha single sign-on

With a plethora of different departments, applications,and user roles, managing user’s access to systems can be heavy load for anenterprise IT department. To help, SunMicrosystems Inc. said yesterday it had released a new package of itsiPlanet Directory Server designed to manage user identities and applications witha single sign-on.

iPlanet Directory Server, Access Management Edition 5.0builds on the directory services of iPlanet Directory Server, to offerrole-based single-sign-ons for enterprise applications and services. It allowsenterprises to manage user identities based on their role within theorganization and allows end users to set up their own identity managementinformation.

The automation, on both the server and end-user ends,can take much of the burden off the IT department. “It can lower overall ITinfrastructure cost,” says John Barco, senior product marketing manager at Sun.

Because users can set up their own passwords and set upsystems for retrieving forgotten passwords, it can reduce the load onhelp-desks by eliminating calls to reset forgotten passwords. And because itprovides a single sign-on for multiple applications based on business rules, itobviates the need to manage access to applications on a per-user basis.

iPlanet Directory Server, Access Management Edition,consists of three parts to manage user identities. The directory server is acentral repository of user data, such as contact info, passwords, and roleswithin the enterprise. The Web-access management component handles the logical componentsof creating a single sign-on and user authentication. The final component, usermanagement, is the end-user interface for users to set up authenticationinformation in the directory.

Administrators set up rules within the Web-accesscomponent using a graphical wizard-like interface. They answer questions tobuild roles and policies for applications in the environment. The policiesdecide what users can access what applications and what kind of credentialsusers need to sign-on.

The Web-access component allows enterprises to set upvarious forms of authentication. For some users or enterprises, a simplepassword may be sufficient, but other enterprises with critical data can set upPKI services for multiple forms of authentication.

In addition, enterprises can set differentauthentication policies for different roles in the enterprises. An accountantmay need a public key for logging on to payroll applications, while an editorcan get away with a password for email. “It’s very flexible as far as the typeof authentication,” Barco says.

The user-management component is a Web-based interfacethat allows end users to set up their own accounts. Like a consumer Web portal,users can set passwords and challenge phrases such as, “What is your mother’smaiden name?” in the event a password is lost.

Sun pitches the release of the identity managementproduct as a step in realizing the goals of the Liberty Alliance. The LibertyAlliance is a consortium of vendors working to create an authentication andidentity management system to allow users to access services at multipleenterprises.

About the Author

Chris McConnell is Product and Technology Editor for Enterprise Systems.