Helping IT with single sign-on

Signing Off

Who are you, what do you want, and are you approved?

These banal questions – if answered – could save IT operations money and foster a better, more personalized user experience.

The solution lies in a combination of single sign-on authentication and widespread, behind-the-scenes authorization to applications, databases and computer systems.

A Meta Group Inc. study reveals that, on average, companies with annual revenue of more than US$500 million have “sometimes more than 75 applications, databases and systems that require authentication.”

For access to the accounting system, human resources system or group sales database, a company at least wants to know if you’re a current employee. And if the IT system has been built correctly, only authorized people are allowed in, meaning IT gatekeepers have multiplied with new applications.

This accounts for calls to the help desk.

Meta Group Analyst Chris Byrnes says 45 per cent of total help desk calls are for password reset assistance. Those users are attempting to identify themselves, but instead cost the company money in lost productivity and strain IT resources. With data from Meta Group, PricewaterhouseCoopers created an ROI calculator to show call centre savings from single sign-on.

This calculator should make it easier for CFOs to release money for single sign-on technology that links authorization to applications, databases and systems because the calculator shows the savings.

In conjunction with the calculator, BMC Software Inc. and Oblix Inc. have agreed to combine enterprise management tools with an identity-based security system to produce the kind of Web-based technology bolted to back-end applications that make it easy to navigate the “identify, authenticate and authorize” scenario.

But there’s another reason single sign-on will be accepted: Personal, role-based information for internal and external customers, suppliers and partners is in demand.

Jean-Pierre Lochman, technical director of Charles Schwab & Co. Inc.’s employee intranet, said next-generation Internet proposals include personalization features to deliver the right information to each user: hence the need to ID, authenticate and authorize.

Lochman said Schwab had a custom application to access a database but decided to switch to Oblix and Lightweight Directory Access Protocol (LDAP) because “we wanted a standard format to integrate single sign-on across all applications.”

Information can be synched: The address list from Microsoft Corp.’s Exchange Directory, the human resources database from PeopleSoft Inc. and the facilities database are available via Oblix and the LDAP directory. Schwab cut help desk calls from about 50,000 per day at its peak to about 30 to 40 per day.

That’s hardly banal.

Pimm Fox is Computerworld (U.S.)’s West Coast bureau chief. Contact him at