PassLogix's v-Go SSO

Connecting to NWC Inc.'s Active Directory (AD) 2000 installation was a breeze. V-Go SSO works with many directories, including Novell's eDirectory, Sun's Java System Directory, LDAPv2- or LDAPv3-compliant servers, and many databases, including IBM DB2, Microsoft SQL Server and Oracle.

To test v-Go AM, I selected "Authentication Manager" as my primary desktop logon method. The v-Go AM agent pulled information stored in AD to determine how I was allowed to log in based on administrator-configurable parameters, such as location and AD groups.Comparing Notes

The v-GO administrative console let me configure authentication methods as "required" or "optional," and rank them to determine what kind of access would be granted for which authentication method. I then used the same numerical grade to restrict access to applications based on the user authentication method. For instance, I set up the system to give smart-card logins the highest grade, and to give Windows authentication a lower grade. I used the included browser tool to configure our NWC Inc. Web applications for SSO and required the highest authentication for user access. Users authenticating solely over Windows would be allowed to access e-mail, but nothing else. This setup is useful for limiting access for users who have forgotten their primary login or smart card without compromising your security. In my tests, v-Go AM correctly distinguished between the two authentication methods and restricted access as configured.

V-Go let me apply graded authentication policies to Windows applications, including America Online Instant Messenger, Citrix applications, Lotus Notes and SiebelSales, without requiring changes to the applications. Because the v-Go SSO and AM agents reside on each desktop, they mediate user-authentication requests and use the information stored in the directory or database to determine user access. V-Go also can import and use Web access controls from existing systems, such as Entrust GetAccess and Oblix NetPoint.

Overall, v-Go functioned as I expected--it's easy to deploy and use and it helps tighten down application access.Lori MacVittie is a Network Computing senior technology editor working in our Green Bay, Wis., labs. Write to her at [email protected].