Oracle Enterprise Single Sign-On Suite is designed to give you quick and simple access to all your accounts that use passwords, while requiring you to remember only one—your Windows password. Whether you spend your entire workday at one workstation, travel to different sites, are one of several users who share a workstation (such as a kiosk), or use cards, tokens, or biometrics to log on to your system, your Windows password is all you will ever have to remember.
Additionally, your administrator can provide you with a pre-configured deployment of these components, which you can access from a server, and install on any workstation in your enterprise. This option allows you to update or roll back the configuration whenever necessary, all with a few mouse clicks.
Finally, if you forget your Windows password, Password Reset provides a simple solution that lets you reset your password quickly, without waiting for an administrator or your helpdesk to do it for you.
Following is an overview of the components that comprise Oracle Enterprise Single Sign-On Suite, with a brief description of their functions. See each component's section for complete information about using it.
The heart of the suite is the Logon Manager Agent. Within Logon Manager, you can view the accounts that your administrator has preconfigured for you. Depending on your administrator's preferences, you will also be able to:
Add, delete, and modify accounts.
Change certain settings, such as whether the Agent automatically recognizes an application and submits credentials.
Select or change the language of the interface.
Select or change your primary logon method.
You can also add applications on-the-fly, as you encounter them during your workday. Logon Manager recognizes a new application and captures your credentials as you enter them. If there is an application for which you never want to add a logon, you can disable it so that the Agent never responds to it again.
Additionally, if you use applications that require a password change at regular intervals, Logon Manager can change these passwords automatically when the application requests the change.
If you share a kiosk with several colleagues, Kiosk Manager protects your confidential information by locking the workstation and closing your open applications when your account has been inactive for a specified period of time. You can also lock sessions manually, and unlock them using either traditional credential entry, or a strong authenticator (such as a card or token) if you use one.
Anywhere is a convenient, portable solution that allows you to download a deployment package configured by your administrator, and install Logon Manager and other client programs to use immediately, wherever you are. There is nothing to configure; it installs exactly as you need it. You receive notifications when updates are available, at which time you simply download and install the new deployment.
Password Reset is a Web-based, standalone component of the suite. When you first enroll in Password Reset, you take an enrollment interview that your administrator sets up. You are presented with questions, and Password Reset stores your answers for use at a later date. If you forget your Windows password, you click a button to launch the reset quiz. During the quiz, you are given the opportunity to answer the same questions that you answered in the enrollment interview. When you answer enough questions correctly, Password Reset automatically presents a screen in which you can enter and confirm a new password. The process is quick, and you never have to wait for an administrator or helpdesk to get back to you.
Universal Authentication Manager enables enterprises to replace the use of native password logon to Microsoft Windows and Active Directory networks with stronger and easier to use authentication methods. The Universal Authentication Manager system also enhances enterprise security beyond traditional password authentication by providing two-factor authentication methods. Universal Authentication Manager enables users to rapidly and securely enroll credentials that will be used to identify and authenticate them.
At its core, Universal Authentication Manager offers a flexible, adaptable, and truly universal authentication solution, capable of integrating with a wide variety of authentication methods through its framework and APIs. Out-of-the-box, Universal Authentication Manager offers four built-in and configurable authentication methods: smart cards, passive proximity cards, biometric fingerprint, and a challenge questions quiz. Native Windows passwords are also supported.
With a similar interface to that of Logon Manager, Universal Authentication Manager offers the ease of use and enhanced security of the following authentication methods, out of the box:
Smart cards
Proximity cards
Fingerprints
Challenge questions
Universal Authentication Manager leverages Password Reset's challenge questions as an authentication method, supports native Windows passwords, and integrates with Logon Manager and a wide variety of authenticators that your administrator can configure. Using the Logon Methods tab, you can enroll and check the status of whichever authenticator(s) you are using.
To learn more about using each Oracle Enterprise Single Sign-On component, continue to the specific component's chapter.