Review: Password Management: Grief Relief

Passlogix v-GO Single Sign-On and v-GO Authentication Manager

Passlogix's v-GO AM is an add-on to the v-GO SSO authentication and identity-management system. A Passlogix deployment typically consists of the v-GO SSO client-side agent; the v-GO SSO administrator console; v-GO AM, which enables Smart Card or Entrust authenticators to work with applications; and a directory or database where authentication policies and access control information is housed. We also installed the v-GO SSPR (Self-Service Password Reset) service, which uses IIS Web server to provide a Web interface for user enrollment, challenge questions, and general setup and admin tasks.

V-Go SSO functions from a user's computer by keeping an encrypted file of access credentials for each and every system that user has access to. Once we installed the software on our test desktops, it ran in the background, watching for events involving passwords. Basically, v-GO is a password vault that stores credentials to simulate an SSO experience. The software acts as a middleman in the access control and authentication routine by replacing the native network logon. We had no problems with the client in testing.

We could perform v-GO SSPR installation using a Windows wizard; a command line; or any MSI package, including Macrovision's InstallShield or Wise Solutions' Wise Package Studio. Note that this product is Windows-centric, with no support for Macintosh or Linux desktops or laptops. Once we authenticated to the network, the software intercepted subsequent logon calls to applications, devices and Web sites, then verified our credentials and served them to the requesting system without our needing to write any custom scripts. This functionality was particularly handy as we could provide password management for our Yahoo e-mail and AOL IM accounts.

The first step in configuration was choosing the primary method for logging into v-GO SSO and supplying credentials for the log-on method. If you cancel the setup wizard, it'll keep popping up each time you start v-GO SSO until you complete the wizard, so don't start unless you plan to finish the process. For testing, we selected "Authentication Manager" as our primary desktop logon method. The v-GO AM agent pulled information stored in AD to determine how and where we were permitted to log on based on admin-defined parameters such as location and AD groups.

Passlogix's v-GO shines when it comes to authenticating users based on authentication method, commonly referred to as graded authentication. As part of testing, Passlogix sent a GemPlus smartcard reader and associated hardware. We were able to apply graded authentication policies to Windows applications, like Yahoo e-mail, AOL IM and Lotus Notes, without requiring changes to the applications themselves. Nice--no coding and no changes to apps needed.

The v-GO admin console permits configuration of authentication methods as "required" or "optional." We could then rank methods to determine the kind of access granted for each. This same methodology is applied when restricting access to applications. We set up the system, for instance, to give our GemPlus smartcard reader the highest grade with access to Web applications. Windows authentication was defined with a lower authentication grade and allowed only e-mail access. V-Go successfully differentiated between the two logon methods and granted or denied access per the configured policy.

V-Go's approach might not appeal to all organizations-- requiring a client can be an issue because many companies don't want "one more thing" installed on the desktop that requires updating and possibly troubleshooting. V-Go also may be too pricey for some companies. But for those that can afford it and are not client-averse, this is a solid software package that provides easy automated provisioning plus good centralized policy control, application access and graded authentication. This product simply works as advertised.

v-GO Single Sign-On Platform 5 and v-GO Authentication Manager, $284,850 for 5,000 seats each of SSO, SSPR and AM. Passlogix, (866) 727-7564, (212) 825-9100. http://www.passlogix.com