Recently we have completed integrating the authentication of our administration web applications to UMPASS. This means that you can use the same login (UMPASS) for signing in more applications. UMPASS reduces the use of two different passwords “Oracle Password” and “PCLAN Password”. The problem of multiple passwords is common in enterprise environment and it exists for a long time, though there is a very simple solution “To share a single pair of username & password for all application systems”, yet it is a surprisingly difficult task to accomplish.

Our Challenges

  1. Complexity
  • Adapt around 80 web applications to UMPASS Single Sign On (SSO) service
  • Merge two sources of user accounts directories into one
  • Backward compatible with the core legacy applications which are using proprietary authentication methods
  1. Resilience
  • Consider how ‘single point of failure’ on SSO service could bring down any access to all applications
  • Ensure high availability by clustering on every system tier
  1. Security & Privacy
  • Consider if a user leaves a browser unattended which is signed on to a particular system, it could leave any other applications, sharing that same sign on, be exposed to.
  • Handle Single Sign out mechanism to work with UMPASS SSO and implement warning mechanism to remind users to sign-out completely.

Benefits After Integration

  1. Improved User Experience
  • Users only require to sign-on once and access most applications without the need to re-authenticating.
  1. Increases Productivity
  • There is no need to recall different passwords for different applications and allow user to switch between systems without any further prompts for login, saves time and increases efficiency.
  1. Mitigates Security Risk
  • Thinking of new passwords for multiple systems can result in ‘password fatigue’ for many people. People tend to use ‘simple’ passwords if they have to remember several passwords. In SSO system, we can enforce more secured password requirements.
  1. Reduces Help Desk costs
  • As the SSO sign-on interface is centralized, IT teams can better manage and it makes it easier to support the users for possible sign-on issues.
  1. Support More User Types
  • SSO is also enabled for Alumni and Guest users after the integration.