Sun Introduces Access-Management Software

• By Chris McConnell
• 12/12/2001

With a plethora of different departments, applications, and user roles, managing user’s access to systems can be heavy load for an enterprise IT department. To help, Sun Microsystems Inc. said yesterday it has released a new package of its iPlanet Directory Server designed to manage user identities and applications with a single sign-on.

iPlanet Directory Server, Access Management Edition 5.0 builds on the directory services of iPlanet Directory Server, to offer role-based single-sign-ons for enterprise applications and services. It allows enterprises to manage user identities based on their role within the organization and allows end users to set up their own identity-management information.

The automation, on both the server and end-user ends, can take much of the burden off the IT department. “It can lower overall IT infrastructure cost,” says John Barco, senior product marketing manager at Sun.

Because users can set up their own passwords and set up systems for retrieving forgotten passwords, it can reduce the load on help-desks by eliminating calls to reset forgotten passwords. And because it provides a single sign-on for multiple applications based on business rules, it obviates the need to manage access to applications on a per-user basis.

iPlanet Directory Server, Access Management Edition, consists of three parts to manage user identities. The directory server is a central repository of user data, such as contact info, passwords, and roles within the enterprise. The Web-access management component handles the logical components of creating a single sign-on and user authentication. The final component, user management, is the end-user interface for users to set up authentication information in the directory.

Administrators set up rules within the Web-access component using a graphical wizard-like interface. They answer questions to build roles and policies for applications in the environment. The policies decide what users can access what applications and what kind of credentials users need to sign on.

The Web-access component allows enterprises to set up various forms of authentication. For some users or enterprises, a simple password may be sufficient, but other enterprises with critical data can set up PKI services for multiple forms of authentication.

In addition, enterprises can set different authentication policies for different roles in the enterprises. An accountant may need a public key for logging on to payroll applications, while an editor can get away with a password for email. “It’s very flexible as far as the type of authentication,” Barco says.

The user-management component is a Web-based interface that allows end users to set up their own accounts. Like a consumer Web portal, users can set passwords and challenge phrases such as, “What is your mother’s maiden name?” in the event a password is lost.

Sun pitches the release of the identity management product as a step in realizing the goals of Liberty Alliance. Liberty Alliance is a consortium of vendors working to create an authentication and identity management system to allow users to access services at multiple enterprises.