Managed Services   >   eSSO

Enterprise Single Sign-On

An affordable, simple to implement, quick to deploy, and secure managed service for automating single sign-on (SSO) to enterprise applications. KeyTrust eSSO (enterprise Single Sign-On) delivers 100% of the functionality needed to effectively implement and manage SSO. Instead of users having to remember and enter individual login information for each application, eSSO handles all those tasks automatically.

Integration with KeyTrust TrustID offers the widest range of authentication methods, including: strong passwords, One Time Password (OTP) hardware tokens, grid cards, hardware ID, mobile phone-based Caller Line Identification (CLI), digital certificates (X.503), USB tokens and keyboard / fingerprint biometrics. eSSO addresses the enterprise password management challenge through a unique, innovative solution delivered in the form of a fully managed service.

Features & benefits of using Enterprise Single Sign-On in your company


Benefits to your business

Centralised SSO strengthens overall enterprise security.

Automatically remembers and manages all required passwords, so users do not have to perform multiple log-ins.

No user training requirements.

Operates transparently.

Lowers helpdesk costs.

No changes to external directories or applications.

Automatic Application Profile Generator (APG) eliminates software scripting.

Supports widest range of authentication methods.

Enterprise Single Sign-On features

Integrates with KeyTrust TrustID to provide Subscriber Management, Authentication Authorisation and security policies.

Application Programming Generator (APG) learns login and passwords used to access each application.

Automated user provisioning via connection and synchronisation with external LDAP directories.

Secure communication between eSSO Agents and eSSO / TrustID service components is used to transfer Credentials.

eSSO Agents are extendable via Extendable Objects.

Command Line or console applications Excludes MS Windows 98® and MS NT4®.

Citrix-published applications of any supported type above.

MS Terminal Services® applications.

Synchronizing Directories

eSSO can periodically synchronize via TrustID with external client LDAP directories. Synchronisation can be selectively restricted to groups or even to individuals. eSSO exactly mirrors the user data stored in external directory systems.

User Self Service Password Management

User Self Service Password Management is a module within the KeyTrust TrustID service that provides a facility for users to be able to reset their own passwords without help from KeyTrust or their organisation’s IT help desk.


Automated User Provisioning

A Web Service wizard enables our technical staff to provision users at high speed. For example a typical deployment for 2,500 users can be configured and installed in less than four hours.

How does it work?


Automation is the Secret of Our Quick Deployment

eSSO Application Profile Generator (APG) functions by automatically learning the login procedure for each application and packaging the the results into XML profile documents. This methodology works regardless of how the application is accessed for login. The APG enables Single Sign-On (SSO) with no custom scripting required on our part, no connectors for us to build, and no long and expensive custom integration projects for us to manage. To ensure maximum service flexibility, credentials and policy settings are tied to each user, not to their computer systems.

Subscriber Credentials

Instead of manual authentication to individual programs, individual subscribers’ credentials are delivered by the service to multiple applications within a single user session. Access rights are established for the full session duration, with length and policy applied on a per user basis. Our TrustID and eSSO services handle the storage and delivery of user authentication credentials, policy and XML profiles. Communication between eSSO Agents and the eSSO Management System are always secure. User authentication credentials are protected in a highly secure digital vault during all communication sessions and they cannot be copied or stolen and do not leave the perimeter of the network. Any application that runs in a supported MS Windows environment can be SSO enabled. Users launch an SSO-enabled application the same way they normally do, including:

  • Clicking on a desktop icon
  • Selecting it from a MS Windows® start menu
  • Running from an operating system command line

eSSO Agents actively monitor user activity to determine user attempts to launch applications and compare these launch attempts to a list of registered applications.

Supports Single Sign-On to Almost Any Application

Works via any of the following scenarios:

  • Locally

  • From a server

  • Via Citrix® or MS Terminal Services®

  • All Win32 applications

  • Client/Server

  • MS Visual Basic, C++, custom controls

  • Legacy and Host Applications
  • Terminal emulators, Command line, Telnet, SSH

  • Web-based Applications (Web Services)

  • Thin Computing

  • MS Terminal Services, Citrix

  • Web-to-Host sessions

  • Host-based mainframe applications

Interested in getting a tailored quote for this service?

We understand that different sized companies use applications on a variety of scales, which we create tailor made quotes to fit your business. This ensures fair plans that do not cost an arm and a leg. If you are interested in getting a quote for this service please send us an email or give us a ring.


TELEPHONE: (03) 9629 3800 or  SEND US AN EMAIL

© 2016 Copyright KeyTrust: All rights reserved.