The Pros and Cons of Active Directory Password Synchronisation

Many organisations have taken to synchronising users’ Active Directory passwords across all the systems which end users log onto. Unfortunately, password synchronisation does not solve the challenge of having multiple passwords, or enable single sign-on.

With password synchronisation, users are able to have a single password that provides access to multiple systems they use, but they still must log on every time to each system.

Free Trial: Auto-Login for Desk Phones

Advantages of Password Synchronisation

• End-users have just one password to remember, so passwords are forgotten less often. This reduces both help desk costs linked to forgotten passwords and associated loss of productivity
• Administrators can easily implement a consistent password policy across synchronised systems
• Password synchronisation is a viable solution – security policy disallows enterprise single sign-on
• Generally no user workstation modification is required to implement password synchronisation
• It is easier to extend to any given platform or application than enterprise single sign-on

Disadvantages of Password Synchronisation

• End users have just one password to remember, increasing the chance it could be compromised and allow unauthorised users to have access to systems to which the password is synchronised
• Users must continue to log on to each system individually, resulting in inefficiency
• Not all systems easily support bi-directional password synchronisation.
• Implementation can be complex; agents are usually required on all target systems.
• Password policies may not be compatible across all systems, which can lead to a ‘least secure’ policy (e.g. mainframe passwords are typically 8 characters maximum).
• No support for advanced or strong authentication (smart cards, tokens, one-time passwords)
• No directory or identity consolidation is enabled, so the number of directories is not reduced
• Synchronisation does not secure or audit administrative, privileged, or super-user identities

It is obviously logical to base any single sign-on effort around each employee’s user IDs and passwords that they use when they log on to their Windows desktop each day. Active Directory does enable true single sign-on, but only to Windows-based and Windows-hosted applications, so other systems like Cisco VoIP communications are not covered directly.

ALM Single Sign-on (SSO) for Active Directory and Cisco IP telephony systems

Extension Mobility is a key part of mobility requirements for the modern business within Cisco Unified Communications environments. 

The ALM Single Sign On (SSO) solution from Cisco Select Partner RSconnect secures your Cisco IP telephony, and is a must-have for companies using Cisco IP Telephony devices, Cisco Unified Communications (CUCM) and Cisco CallManager technology (CCM).

Most importantly, ALM software can be added on top of your existing Microsoft Active Directory integration, is easy to use and improves the internal security policies within your organisation

ALM single sign-on (SSO) software can be installed within 30 seconds, does not require any administrator or technical skills, and will work out of the box using your existing Cisco IPT phone’s Extension Mobility settings. ALM is also compatible with Cisco CUCM 7.x, 8.0 and 9.0.

ALM avoids the requirement to enter a Username and PIN at your IP phone device by installing a small Windows application in the PC System Tray

A fully functional evaluation version of ALM software is available for download, completely free of charge.

For more details on Cisco ip phone log in and active directory passwords contact RSconnect at info@rsconnect.net