Soffid provides a desktop tool that enables the user to enjoy single sign on experience without having to modify applications. This tool, in combination with Soffid identity management, is installed on the user’s computer and is able to inject the credentials as requested by applications.
The tool supports single sign on Windows and Ubuntu Linux operating systems and can inject credentials on native Windows applications, Java applications, commonly used web browsers (Firefox, Chrome and Explorer) and HLLAPI compatible terminal emulators. In all cases, the tool is designed to be safe and effective with minimal resource consumption.
The definition of user interfaces to manage and the actions necessary to inject credentials is being made from the management console by system administrator.
Additionally, the tool provides a series of value-added features such as:
- Session management. At all times, operators and managers can learn Soffid sessions you have open a user as well as the history of open and closed sessions.
- Local administrator accounts are eliminated delas machines. Soffid allows local administrator tasks to users based on the permissions assigned from the console, without having to know the local administrator password (Windows) or root (Linux)
- Allows login to the computer using cryptographic cards, including electronic ID, no need for a pre-provisioning of certificates.
In order to enable this functionality, Soffid need to store user password in the database. It’s being done by encrypting them with an RSA public key. The privakte key is protected in synchronization servers file system, so that a hypothetical theft or unauthorized access to the database does not represent a loss of password confidentiality risk.