Single Sign-OnApril 15, 2007

Single Sign-OnApril 15, 2007
The term single sign-on(SSO) is thrown around so often during ERP implementations, especially Portal implementations. However, I’ve found that many don’t have a firm understanding of what it is and what it means. So I wanted to pause and take note of some of the misconceptions surrounding SSO in regards to PeopleSoft.
PeopleTools (the technology that underlies all PeopleSoft applications) delivers the ability to configure SSO between PeopleSoft applications. This does not require that the applications be on the same PeopleTools release nor does it require the Enterprise Portal application. The two requirements are that the PeopleSoft applications be configures to as trusted nodes to one and other, and that the User ID (a.k.a – OPRID, OperatorID) be the same.
PeopleSoft does have an API for third party SSO. However, it will take a bit of coding on the third party system to make this happen… sometimes this can prove to be a lot of work, that depends on the non-PeopleSoft system
Many 3rd Party SSO products are out in the market. Implementation of these products has proven costly; but in the right environment well worth it.
The SSO that PeopleSoft delivers via PeopleTools is web SSO. Desktop or windows login to PeopleSoft SSO is not out of the box, nor is it simple. It is possible, however, many question the increase in security risks associated with doing something like this. I’ve had previous clients that have spent considerable money and time implementing desktop to PeopleSoft SSO only to have to pull it from production after an IT audit flagged it as a security risk.
Use of an LDAP products such as Active Directory for PeopleSoft authenication is not SSO.