Search code examples
integrationsingle-sign-onlegacy

Strategy for single sign on with legacy applications


I'm wondering what strategies people use for reduced sign on with legacy applications and how effective they have found them?

We have an ASP.Net based intranet and own a lot of the legacy applications, but not all. We also have BizTalk and are considering the use of it's SSO engine too.


Solution

  • A good compromise between effort/rework and the convenience of single sign on is to continue to maintain a list of users, privileges, roles etc in the legacy app. Make the changes necessary to automatically log the user into your application based on their user account (usually their Windows or network account).

    I'm currently running a couple of applications that use this method of sign on, and it makes them seem more integrated even though they aren't.

    Another advantage we've found is that it stops people from sharing passwords to legacy applications. They're much less likely to hand out an admin password that also gives others access to their email or payroll details!