For many network administrators, resetting expired, forgotten or compromised passwords is a routine activity. It is also a tedious, time-consuming process that complicates busy schedules, cuts into worker productivity and costs companies millions of dollars per year. Moreover, when performed using the native Active Directory tools, password management can become quite a demanding activity. Password resets are the second most common reason workers call help desks, accounting for about one in four help desk requests.
As network administrators know all too well, Active Directory is primarily used to store directory objects (like users and groups) and their attributes and relationships to one another. These objects are most commonly used to control access to various resources. For example, an Active Directory (AD) might contain a group which grants its members permission to log into a certain server, or to print to a specific printer, or even to perform administrative tasks on the directory itself. However, Active Directory also provides a useful configuration management service called Group Policy, which can be used to manage computers which connect to the domain in order to install packages, configure software and much more.
The challenge with Active Directory from a password management standpoint is the often arduous and time consuming tasks that consist of:
- Resetting multiple users’ account passwords;
- Configuring Settings that define how users must change passwords at their next logon;
- Setting up passwords that never expire;
- Enabling, disabling or deleting users if their passwords are expired;
- And prohibiting users from changing passwords set by the administrator.
Putting it Together with Hypersocket Single Sign-On
Hypersocket Solutions mitigates several of these AD challenges. Least-privileged access is at the heart of Hypersocket single sign-on’s security architecture, integrating with Active Directory, SQL and other user directories. The Hypersocket single sign-on role-based access control gives you the freedom to ensure the right users have access to the correct resources, giving you the power to build a remote access environment that’s in-tune with your organization’s security policy.
With Hypersocket, your admins can delegate access using permission-based controls, empowering your IT leaders to delegate all or parts of the system to any manager. With fine-grained control, Hypersocket provides your IT help staff with the ability assign management of all or specific resources, web, applications and filesystems. You can also explicitly define which users or groups can create, edit and delete resources.
Hypersocket single sign-on provides flexible, secure authentication before any user can single sign-on to their applications, secure access to all your applications and network – and all from one place. This functionality extends to providing our clients and users with the ability to configure multi-step, multi-factor authentication uniquely for each Active Directory, giving you complete end to end security.
Hypersocket provides the end users convenience too. We allow them to reorganize the way they would like to secure their accounts. This capability is accomplished by letting the end users set additional authentications to their accounts and authentication schemes can be configured by simply adding and dragging the schemes into place. If the server supports multiple different types of schemes for different access methods, Hypersocket single sign-on provides them the ability to choose the scheme type, as well. This gives total control over the user experience to the user, without compromising security and without working outside of policy.
Hypersocket single sign-on Part of a Greater Community
Information Technology is a powerful enabler of ease of use. Hypersocket single sign-on is part of a series of solutions built on the Hypersocket Framework (HSF), an open source project that enables rapid development of web-based JSON services with granular role-based access controls based on the principle of least privilege.
Become part of this thriving community, please evaluate, tweet and share this blog or any others you find helpful or interesting. And we’ll do our best to keep them coming for you!
This Blog was brought to you by Hypersocket and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today Lee runs Hypersocket Software, a leader in virtual private network technology.