Password Self-service solution for AS400

40 pts.
Tags:
AS/400
AS/400 passwords
Password management
SAP
Security in 2010
Single sign-on
Synchronization
We have AS400, Active Directory, a bit SAP to. This means that some of our users have more than 5 passwords to remember – which they of course can’t. As a result we have many calls to the HelpDesk for support. We have looked at Single Sign On solutions, but we find them rather complicated. We would like to find a more simple solution, where the users only have to use one password, and we want to be able to install and administrate in a rather simple fashion. We have been looking at some solutions - but usually they do not cover AS400. Any expirience anyone? Answers will be greatly appriciated /Frank

Software/Hardware used:
AD as400
ASKED: October 1, 2010  10:48 AM
UPDATED: October 8, 2010  11:24 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Just ti line up my solution for this:
1. SSO is way to costly to implement and to maintaine
2. The single password approach will give us fewer calls from all the systems we use- and a 24X7 support for users when they forget their password.

We will go with the solution from FastPassCorp thier FastPass Password Manager. They will implementent it in one day fixed price – Got 2 references that I called – looks promising.

Dustin

Hi

I know you said you found SSO to be complicated but I think you will find it is the only way to get all of your applications and systems working together We use Impritiva Onesign and that works really well, no impact on the infrastructure and includes a self service module so your Helpdesk load will reduce anyway. It does work with AS400 (just checked that on the Website.)

SAP will integrate with AD for single sign on.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    I would suspect that if solutions simpler than SSO existed that covered multiple platforms, especially including Active Directory, they would have been in wide use by now. I haven't heard of any. Of course, if you severely restrict the the types of characters that can be used in passwords and you ensure that all user identifiers are the same on all platforms, then it can be relatively simple. But that kind of means that you'd significantly drop the degree of security in your network. Tom
    125,585 pointsBadges:
    report
  • Amvit
    Hi there, Had the exact same problem 6 month ago. We implemented a solution from http://www.fastpasscorp.com/ called FastPass Password Manager, that was great - we have password synchronization now - that really was a relief for the ServiceDesk and for the users also. They did not require any new software on our AS400. They have connectors for other systems also. We built integration to other custom systems as well using a Generic connector - all was quite easy to get up and running. About the installation - we actually paid them for the installation - think it took them half a day! We tried to implement SSO we did spend month trying to implement it and it never really worked. I think that the "Single Password" approach was much easier - guess its like a 90% solution using 10% of the time :-) Well that was just my thoughts (as you can guess I was also part of the SSO process!) AM
    40 pointsBadges:
    report
  • FrankJo
    Hi Tom, Thank you for your answer. Regarding security - well i have seen users puting their passwords down in writing visible somewhere on their desk - thats just not OK. Some users just log into eg. SAP once every 3 month - reporting something - so they have either forgotten the password or writtin it down - DOOH. I havent investigated the characters really - I will check that part out. Frank
    40 pointsBadges:
    report
  • FrankJo
    Hi AMvit. Great answer - some questions.. As tom wrote what about different userids? That would be a pain to maintaine! Password Policies? (special characters?) Did you install somehting on all clients to "get" that password or does it fetch the passwords on the AD servers or? You wrote about the as400 that no software was required - how about SAP? Frank
    40 pointsBadges:
    report
  • Amvit
    Hi again, Regarding userids - well the tool has some ways to deal with this - creating a map of users - we did an initial map - then made a policy - so now every account will have the same id on SAP/AD - whatever system. Nothing to maintaine anomore - as the system can do a 1:1 guess automatically. About special characters, we really do not have any problems there, passwords lenghts wise this is tha same, no problems. We changed to policy on the other system to force a password change every 4 months - on AD we went from 6-3 month. The higher rate will give us better security. The solution has an Interceptor that needs to be installed on all the domain controllers on AD - they will forward all password changes/resets to FastPass and the systen will then pass it on from there. It actually has a Windows Client that shows up on the end-users login button - but we let our user weather use a colleague og their mobile phones to access the system. I dont know their integration integration to SAP. AM
    40 pointsBadges:
    report
  • TomLiotta
    They did not require any new software on our AS400. There are two possibilities if that's true. Either FastPass is a SSO solution or password changes on the AS/400 are not propagated into the FastPass server. But maybe I misunderstood the original question. Is the premise of the question that EIM/SSO is too complicated if you try to do it by yourself? Or is it that it's too complicated if you purchase a product that implements EIM/SSO? An implementing product should only take a day or less regardless for the vast majority of the work. Obviously, unless profile names match on all platforms, someone has to do the job of linking each 'joe.payroll' in the Windows AD with JPAYROLL on the AS/400 and maybe JOEP on a third platform though software can present the likely matches -- the number of linkages will make a difference. Tom
    125,585 pointsBadges:
    report
  • Amvit
    Hi, Yes Tom youre right, the FastPass solution only propagates password changes/reset from AD to the target systems - hence - no software needed on as400 or other targets for synchronization - also making the implementation easy and requirements quite low. EMI is a bit more complecated, theres a lot of changes on the iSeries platform. And about mapping users, well this is the same - unless the accountids are the same, then youre in for - at least an initial work getting the "connections" defined. AM
    40 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following