Novell SecureLogin 7 and Securing Sensitive Authentication Information

 

Single sign-on, or SSO, is a type of access control for software systems to use to authenticate users’ credentials when accessing secure systems. SSO helps reduce password phishing and password fatigue by allowing the users to only enter their password once. This extra form of authentication also supports conventional authentication like Windows Credentials, and allows a company using SSO to reduce the costs of IT help desk calls regarding forgotten passwords. There are many vendors out in the marketplace for Single Sign-on software, but one that is exceptional and easy to integrate into most Windows based systems is Novell SecureLogin 7.

Novell SecureLogin 7 supports eDirectory, Active Directory, ADAM Directory, and other LDAP v3 directories, and also has a web wizard to enable SSO for websites. All SSO data can be backed up and restored using Novell SecureLogin making it much easier to maintain and secure user credentials.  Many companies today are using smart-card access for door entry as well as computer access to help with security of important information. SecureLogin also offers support for smart-cards, biometric software, and integrates well with Card Management Systems.

Novell SecureLogin provides the highest standard of security and protection by using Triple DES (Data Encryption Standard) and AES (Advanced Encryption Standard) algorithms for the encryption of sensitive user data. The software can even capture an audit trail of SSO activity in Novell Sentinel so the events can be viewed through Windows Event Viewer. Also, implementation of SSO no longer requires administrators to learn complex scripting languages to implement SSO functionality, with SecureLogin, the wizard will automatically generate the scripting for them. This will decrease the amount of time it normally takes to enable a mixed-infrastructure from weeks to mere days.

A favorite success story for Novell SecureLogin involves a medical group based out of central Florida. In this success story, which can be read here, the medical group deployed Novell SecureLogin and Novell Modular Authentication Service to help safeguard electronic medical records and help with lowering cost of support. They also integrated SSO with a fingerprint biometric solution to ensure maximum protection of the records being stored in their databases. Securing and maintaining sensitive information about patients and medical histories is important to any medical company, so having authentication software in place can help with strengthening security over access to records. Not only did integrating SSO help with maintaining security for the medical group, but it also helped with reducing their IT costs and improving employee productivity.

Attachmate acquired Novell in 2011. Since its acquisition, the Novell brand has had its products split distributed into four different companies. The identity, security and compliance products from Novell are now under the NetIQ brand name. Action Identity references these products as "NetIQ" products in place of its former name, "Novell." The products that are rebranded include Novell Compliance Management Platform, Novell Privileged User Manager, Novell Sentinel, Novell Secure Login, Novell Access Manager (Novell iChain) and Novell Identity Manager.

 

Action Identity will continue to be a preferred, Platinum Identity, Security and Compliance partner with Novell Identity Management products, even as they fall under the NetIQ brand name. NetIQ will continue to develop and provide excellent support around the Novell suite of identity, security and compliance products. Action Identity is here to answer any questions you have about NetIQ/Novell. We are able to support and offer services for existing Novell customers as well as guide those new and prospective NetIQ customers.

 

Look forward to more blogs in the future on the ease of integration of Novell SecureLogin as well as more success stories from companies utilizing Single Sign-on for their businesses. The security policies for systems, applications, and websites can be easily and quickly enforced with products like Novell SecureLogin.  

I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and Novell SecureLogin, visit our website. To contact us directly, please click here. We look forward to hearing from you.

Interested in learning more? Check out these entries: 

Novell Secure Login: A Premier Single Sign On Solution 

Novell Cloud Security Systems 

More Novell blog posts

The Necessity of Identity Management

Over the past couple months we have posted an influx of blogs, articles, videos, and reviews all discussing various facets of Identity Management. However we recognize that a simplistic overview of the essentials of Identity Management seems to be absent, and its intrinsic value is one that should not be missed due to confusion. It’s because of this need that we feel compelled to write this week’s blog post on the necessity of Identity Management, and break it down to its core values.

Identity Management is a powerful tool that can consolidate even the largest corporation.  With the rising amount of credentials that employees need to maintain, it is becoming increasingly difficult to keep track of user accounts for each application within an organization.  Studies have shown that employees (both past and present) pose a great threat to an organization; even more so if they leave on bad terms.  Several questions then arise:  What applications did this user have access to; how many user accounts did the user own; how is this data maintained; and lastly, who is responsible for removing or disabling the accounts?  For organizations without a central solution for dealing with a user’s application accounts, the time it takes to identify and remove these accounts can vary greatly, often leaving a window of vulnerability open.

That’s where Identity Management solutions come into play.  With Identity Management, administrators within an organization can control access to resources with the click of a button.

In a simple example, an organization has two resources where users exist:  The first is a directory service and the second is a database.  The directory service is used to authenticate users against machines they work on; it also grants them certain permissions based on their group membership within the directory.  The database is a billing system where users simply exist, but administrators can view and manipulate data regarding payments for employees.  Each of these resources requires their own user account for authentication, meaning the credentials can vary between the directory service and the billing database.  If a user joins this organization, who determines the username and password associated with the applications?  How are these two resources connected?  In our simple example, it is easy to maintain a list of users and their accounts by hand.  Now, throw in a mailing system, two terminal emulation applications, software for marketing, a help-desk solution, et cetera.  The list goes on as a company expands, and as this company grows, maintaining that list, which originally consisted of two applications, grows increasingly difficult.

With an Identity Management solution, the process of creating, maintaining, and removing accounts is completely centralized.  How is this accomplished?  An Identity Manager can connect to any resource within an organization using customized code, known as connectors.  These connectors allow the identity representing an employee from within the Identity Manager itself to be provisioned to target applications, connecting the IDM user object with the application user objects.  With an IDM (Identity Management) solution, administrators can standardize the naming of user accounts, based on the resource the user is being provisioned to.  For example, some applications may have a first initial/last name convention, while others have a first name/last name convention.  With an IDM, this customization can be supported while providing the necessary consolidation.

The process for provisioning varies drastically between resources, as each requires different information from the user in order to function properly, and the user-object within IDM is completely customizable to account this.

What if an account is created within an application, but not in the IDM?  The connectors can be configured to account for that.  Through the process known as reconciliation, IDM can actively scan for new accounts in an application and then add it to its own collective list of identities.  With both provisioning and reconciliation enabled, organizations can enjoy bidirectional synchronization from an Identity Management solution and its connected applications.  Organizations can also enforce unidirectional synchronization by disabling reconciliation or provisioning for certain applications, as they see fit.

One last feature, and probably one of its greatest features is the ability to allow users to request access to the connected resources.  By creating approval workflows, an organization can designate the IDM as their focal point for requesting access to resources.  Approval workflows can be enforced per resource to ensure that once a request is raised, designated approvers receive the information regarding the request and can approve or deny it accordingly.

An Identity Management solution is essential for companies that are experiencing problems with maintaining user accounts across applications.  It offers a single point of control that allows for the provisioning and de-provisioning of user accounts to or from any connected resource.  It also grants employees a central place to go to request access to these resources, allowing for designated individuals to approve or deny the request before access is granted.  The issues of granting a new user access to all of their necessary resources, and removing a user’s access from resources when they leave the organization, can all be solved by a click of the mouse through the central platform of Identity Management.

I hope you all have found this article helpful.  If you have any questions regarding Identity Management, feel free to leave your comments here. I’ll be happy to answer any questions you may have.

 

Action Identity is a premier provider of Identity and Access Management solutions, offering solutions from distinguished partners like Oracle, Novell, NetIQ, ForgeRock, and Symplified to name a few. To learn more about Identity Management and a tailored solution for your company, please visit Action Identity’s website. To contact us directly, please click here. 

 

 

Simiar Articles: 
What is IDM? 
Google Apps for Business & the Cloud
Much to do about Gmail, Password Management, and Your Smartphone
Read more...

Lessons Learned from Enterprise Identity Management Projects

I have been implementing and/or managing identity-related projects for over ten years now and I can say from experience that the biggest problem with any identity management project can be summed up in one word - EXPECTATIONS.

It does not matter whether you are tackling an identity project for compliance, security, or cost-reduction reasons you need to have proper expectations of what can be realistically accomplished within a reasonable timeframe and those expectations need to be shared among all team members and stakeholders.

Projects that fail to achieve a customer's expectations do so because those expectations were either not validated or were not shared between all parties involved. When expectations are set (typically in a statement of work), communicated (periodic reports), and then reset if necessary (change orders), then the customer is much happier with the project results.

Here are a few lessons I have learned over the years. While they have general applicability to major projects, in general, they are especially true of identity-related projects.

1) Projects MUST be implemented in bite-sized chunks.

Identity projects are enterprise-wide projects; you should create an project roadmap that consists of multiple "mini" projects that can demonstrate an immediate ROI. The joke is, "How do you eat an elephant? One bite at a time." To achieve success with identity projects, you should implement them one bite at a time and have demonstrable/measurable success after each bite.

2) The devil is in the data.

Using development/test data that is not representative of production data will kill you in the end and cause undue rework when going into production. Use data that is as close to production as possible.

3) Start with an analysis phase BEFORE scoping the entire project.

I HIGHLY recommend that the first project you undertake is an analysis. That will define the scope for which you can then get a better idea of how to divvy up the project into multiple bite size chunks and then determine how much (and how long) each chunk will take. This allows you to effectively budget both time and money for the project(s).

Note: If a vendor gives you a price for an identity implementation without this, then run the other way. They are trying to simply get their foot in the door without first understanding your environment. If they say that the analysis phase is part of the project pricing, then get ready for an extensive barrage of change orders to the project.

4) Get everyone involved.

Keep in mind that these are enterprise-wide projects that affect multiple business units within your company. The project team should contain representatives from each organization that is being "touched" by the solution. This includes HR, IT, Help Desk, Training, and above all, upper-level management (C-level).

(The following items apply if you are using external resources for project implementation.)

5) Find someone who has "been there and done that".

Ask for references and follow up on them. More and more companies say that they can implement identity-related projects just because they have taken the latest course from the vendor. This is not enough; if training alone could give you the skills to implement the product, then you would have done the project yourself. You need to find someone who knows where the pitfalls are before you hit them.

6) Let the experts lead.

Don't try to manage an identity management project unless you have done so before - more than once. I have been involved with customers who have great project managers that have no experience with identity projects - yet they want to take ownership of the project and manage the resources. This is a recipe for disaster. Let the people who have done the implementation lead the project and allow your project manager to gain the knowledge for future phases.

7) Help build the car, don't just take the keys.

Training takes place before, after, and during the project. Don't expect to simply take "the keys" from the vendor once the project has been completed. You need to have resources actively involved throughout the project in order to take ownership. Otherwise you not be able to support the product (or make changes to it) without assistance from the vendor. Ensure that you have your own team members actively engaged in the project - side by side with the external team. To do this, you have to ensure that they are not distracted by other work-related tasks.

Submitted By: Bill Nelson