Vendors Chase the Single Sign On Prize

In the world of authentication technology, single sign on (SSO) is considered the big prize at the end of a dark tunnel. Employees are happier when they don’t have oodles of user IDs and passwords to remember, and IT assets are, in the end, more secure. There are more than a dozen software vendors pushing enterprise SSO today, and many of them, such as industry leader Passlogix, have happy OS/400 customers.

Passlogix is a New York City-based developer of enterprise SSO solutions (as opposed to Web-based SSO). Over the last seven years, the company’s v-GO SSO product has attracted 200 customers, including some of the biggest Fortune 500 manufacturing, healthcare, and financial services companies, as well as governmental agencies.

Passlogix provides SSO to OS/400 applications via HLAPIs in 5250 emulators. The software features out-of-the-box support for most popular 5250 packages, including those from Attachmate, IBM, NetManage, WRQ, and Zephyr. The company also has quite of bit of experience connecting to major ERP packages, some of which use their own authentication methods, including those from SAP, J.D. Edwards, PeopleSoft, and Oracle. Twenty to 30 percent of the applications to which v-GO SSO provides access are running on AS/400 or iSeries servers, says Passlogix’s CEO, Marc Boroditsky.

With v-GO SSO, there’s a return on investment in six months or less, in most cases, Boroditsky says. “The ROI is dependent on the customer and how many applications they have and what kind of passwords,” he says. If, for example, a company lets employees use weak passwords that are rarely reset, the ROI would not be good; however, if a company requires strong alphanumeric passwords that must be reset every 90 days, “password resets go through the roof,” he says.

It’s at the help desk that companies can find the return on investment with SSO. Passlogix uses the $25-per-password-reset figure to compute ROI (although some analysts, such as Gartner, have computed higher reset costs). Assuming an average of four to eight password resets per person, per year, at $25 per pop, Passlogix says, v-GO SSO users can get ROI figures of 150 to 300 percent in the first year: basically a payback in six months. However, this figure can be clouded by the fact that it would require eliminating help desk positions to achieve payback, something many companies are not doing.

Other vendors offering OS/400-compatible SSO solutions include OpenConnect, which launched WebConnect SSO 6.3 last week; PassGo Technologies; and Protocom Development Systems. Passlogix also supplies its SSO technology to several other software companies (through OEM and reseller agreements), such as Entrust and Citrix.

TriAWorks is also developing tools to assist OS/400 and Windows shops with SSO implementations, using Enterprise Identity Mapping, developed by IBM’s iSeries lab in Rochester, Minnesota. EIM is a framework for creating “associations” among the different user IDs that a person uses to access a variety of computer systems. TriAWorks’ Identity Manager for Single Sign-On makes it easier to populate an EIM domain with their user identities. (For more information about TriAWorks, see “TriAWorks Aims to Simplify Single Sign-On with EIM Utility.”)

Last month, Typex announced the pending release of a new product called BlueNotes EIM Administration, which, like TriAWorks’ Identity Manager for Single Sign-On, will provide a GUI administration console that allows an administrator to map his users’ identities from various systems or registries into IBM’s EIM repository. The software is expected to ship at the end of the month.

Giga Research analyst Steve Hunt took a look at the SSO market in a recent report called “Market Trends 2004: Enterprise Single Sign-On.” In that report, Hunt wonders why more companies haven’t taken advantage of SSO technology to alleviate–or at least address–the headache of password management. “Enterprise SSO works well and makes sense,” Hunt writes. “It is a secure, cost-effective tool for adding value to an organization. It would be wise for vendors to implement it today.”

Hunt pegs the market for SSO in North America and Europe at $30 million per year. He estimates that Passlogix gets $7 million of that business, more than any other vendor. “This vendor consistently earns high praise from its customers and has an excellent sales pipeline,” Hunt says of Passlogix.

Passlogix’s support for legacy client/server, mainframe, and OS/400 applications was brought into question a couple of years ago. Those systems are dinosaurs that will be replaced with Web services, so it’s a waste to support them, Boroditsky was told. But in the end, Boroditsky’s approach won out. “In reality those applications that keep running aren’t being repurposed,” he says. “Maybe the next application you’re buying is a Web service, but in many companies, critical applications are still running very reliably on platforms they’re not prepared to change.”