book

Enterprise Single Sign-On Design Guide Using IBM Security Access Manager for Enterprise Single Sign-On 8.2

by Axel Buecker, Nilesh Patel, Dirk Rahnenfuehrer, Joris Van Herzele

September 2012

Intermediate to advanced

494 pages

9h 37m

English

IBM Redbooks

Read now

Unlock full access

Front cover
Notices
Trademarks
Preface
The team that wrote this bookNow you can become a published author, too!Comments welcomeStay connected to IBM Redbooks
Part 1 Architecture and design
Chapter 1. Business context
1.1 The single sign-on paradigm1.2 Enterprise single sign-on today1.2.1 Solving the password security paradox1.2.2 Managing passwords in a security-rich fashion1.2.3 Reducing help desk costs and improving employee productivity1.2.4 Demonstrating compliance through auditing and reporting1.2.5 Easy to deploy1.2.6 High performance1.2.7 Integrating with an enterprise identity management system1.2.8 Bringing single sign-on to kiosk machines and virtual desktops1.3 Considerations for deployment
Chapter 2. Single sign-on architecture and component design
2.1 Overview2.1.1 IBM Security Blueprint perspective2.2 Logical component architecture2.2.1 AccessAgent2.2.2 AccessAgent in server mode2.2.3 IMS Server2.2.4 IMS database2.2.5 AccessAdmin2.2.6 AccessStudio2.2.7 Provisioning API2.3 Additional components2.4 Physical component architecture2.4.1 IMS Server2.4.2 IMS database2.4.3 Organization directories2.4.4 AccessAgent2.5 IBM Security Access Manager for Enterprise Single Sign-On integration2.5.1 User provisioning products2.5.2 Compliance products2.5.3 Software provisioning products2.5.4 Web single sign-on2.5.5 User repositories2.5.6 Database servers2.5.7 Reporting tools2.5.8 Monitoring products2.5.9 Third-party readers2.5.10 Epic Electronic Health Records2.6 Conclusion
Chapter 3. Solution design and management
3.1 Business requirements3.1.1 Increasing security3.1.2 Reducing costs and improving productivity3.1.3 Addressing compliance3.2 Functional requirements3.2.1 Comparing the various session management models3.2.2 Operational security requirements3.2.3 High-availability design3.2.4 Multiple factor authentication3.3 Deployment strategies3.3.1 Plan for IMS Server scalability3.3.2 Deployment time estimation3.3.3 Initial deployment scenario3.3.4 Managing expectations3.3.5 Enabling single sign-on for applications3.4 Log collection and audit reporting3.4.1 Audit log collection3.4.2 Audit reporting3.5 Conclusion
Part 2 Customer environment
Chapter 4. Overview of scenario, requirements, and approach
4.1 Company overview4.1.1 Current IT infrastructure4.1.2 Security and usability issues within the current infrastructure4.2 Business vision4.3 Business requirements4.3.1 IBM Security Framework mapping to business requirements4.4 Functional requirements4.4.1 IBM Security Blueprint mapping to functional requirements4.5 Design approach4.6 Implementation approach4.7 Conclusion
Chapter 5. Base installation and configuration
5.1 Design considerations5.1.1 System requirements5.1.2 Deployment architecture5.2 Installing and configuring base components5.2.1 Creating administrative users5.2.2 Deploying the IMS Server Virtual Appliance5.2.3 Starting the Virtual Appliance5.2.4 Configuring the database server5.2.5 Initial IMS Server configuration5.2.6 Provisioning an IMS administrator and verifying the installation5.2.7 Configuring user and machine policy templates5.2.8 Deploying AccessAgent5.2.9 Interacting with AccessAgent5.2.10 Installing AccessStudio5.3 Configuring AccessProfile5.3.1 IBM Lotus Notes application5.3.2 SAP application5.4 Managing the deployed environment5.4.1 Managing policies5.4.2 Managing users5.4.3 Logging5.5 Conclusion

Chapter 6. Password self-services implementation
6.1 Business requirements6.2 Password self-service architecture6.3 Implementing password self-service6.3.1 Setting up the self-service questions6.3.2 Enabling the password self-service function6.3.3 User enrollment interview6.3.4 Executing a password reset6.4 Conclusion
Chapter 7. Strong authentication using RFID
7.1 Configuring machine and user policy templates7.1.1 Basic configuration by using the Setup assistant7.1.2 Configuring the personal workstation and RFID7.1.3 Configuring shared workstations, shared desktops, and RFID7.1.4 Configuring details for the user policy template7.2 Using RFID
Chapter 8. Roaming desktop implementation
8.1 Cardio healthcare requirements8.2 Overview of the roaming desktop features8.2.1 Component architecture overview8.2.2 Logging on manually to the VMware virtual desktop8.3 Cardio healthcare implementation8.3.1 Usage scenarios8.4 Conclusion
Chapter 9. Implementing operational requirements
9.1 Fixes9.1.1 Finding fix levels9.1.2 Obtaining fixes9.1.3 Receiving fix notifications9.2 Audit log maintenance9.3 Database maintenance9.4 Cached Wallet maintenance9.5 Backup and restore procedures9.5.1 WebSphere Application Server profile9.5.2 IMS database9.5.3 IMS Server configuration9.6 Tivoli Common Reporting9.7 Conclusion
Part 3 Appendixes
Appendix A. Renewing the Secure Sockets Layer certificate used by the IBM HTTP Server
Procedure to renew a certificate
Appendix B. Advanced profiling
BackgroundDocument complete event and the ObserverSignaturesAuto-learn AccessProfileHandling basic authenticationFrames and the web browser document objectDifferences between Firefox and Internet Explorer AccessProfilesCommon issuesUse caseConclusion
Appendix C. Configuring strong authentication
Configuring authentication to use smart cardsConfiguring authentication to use radio frequency identification cardsStrong authentication by using biometricsConfiguring authentication for Mobile ActiveCode as a one-time passwordConclusion
Related publications
IBM RedbooksOther publicationsOnline resourcesHow to get RedbooksHelp from IBM
Back cover

Overview

Everyone feels the pain of too many passwords to remember. Everyone can relate to the security exposure of weak passwords, chosen for convenience. And, everyone can relate to passwords placed in proximity to the workstation for a quick reminder. Unfortunately, that note can allow more than the intended user into the system and network. The average user today often has four or more passwords. And, security policies that focus on password complexity and password-change frequency can cause even more difficulty for users.

This IBM® Redbooks® publication introduces IBM Security Access Manager for Enterprise Single Sign-On 8.2, which provides single sign-on to many applications, without a lengthy and complex implementation effort. Whether you are deploying strong authentication, implementing an enterprise-wide identity management initiative, or simply focusing on the sign-on challenges of a specific group of users, this solution can deliver the efficiencies and security that come with a well-crafted and comprehensive single sign-on solution.

This book is a valuable resource for security officers, administrators, and architects who want to understand and implement an identity management solution in a medium-scale environment.

This book is an update to the existing SG24-7350-01.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Access Control, Authentication, and Public Key Infrastructure, 2nd Edition

Publisher Resources

ISBN: 0738437034Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills