Capacity plan for insurance and financial institution
Messaging and portal consolidation for educational institution
Web SSO with double authentication for national university
Identity management for financial institution
 Home | About Us | Customers | Case Studies | Web SSO with double authentication for national university mail  del.icio.us  digg 
about us

Web SSO with double authentication for national university

 

Problem

 

A national university faced the problem of identity management and control for its various and complex communities of students, ex-alumni, and professors, who needed to access a number of growing internal web applications. The management of multiple resource dispersed identities was very expensive and complicated due to the fact that the user access, authorization, and authentication mechanisms were different for each application, which caused a complex, redundant, insecure, and expensive environment.

 

The business problems to be resolved were the following:

 

  • Provide a secure central access mechanism for the University’s communities (students, ex-alumni, professors).
  • Obtain a unique point of access under the SSO (single sign-on) concept to the multiple Web applications in the institution.
  • Increase the level of security through physical authentication devices.

 

Solution

 

Starting off with the security and academic mobility requirements of the institution, a solution was designed to allow access to the available resources in the university, restricting only to those users with privileges for them. This was obtained through the instrumentation of business rules in personalized authentication modules, as well as the incorporation of a digital certificate stored in a token assigned to users.

 

Applying the virtual private environment concept and reference frameworks of QoS Labs, several applications of the institution were integrated which allowed access to the university’s information resources from anywhere in the World (for example, researchers in France and Spain), as well as the ability to access all resources according to the privileges given by user profile and by authenticating only once in the system (single sign-on)

Today, the department who manages the solution is in a phase of delivering access tokens massively. This is a stage of 5,000 initial users, with a goal to take it to 350,000 users. Additionally, there are negotiations with other management units for the incorporation of more applications to the identity portal.

Technology and/or tools used

 

The solution used Sun Microsystems’ access management and portal software products, implementing the following components:

 

  • Sun Java System Directory Server
  • Sun Java System Access Manager
  • Sun Java System Portal Server