USPS pushes envelope on single sign-on technology

Linda Rosencrance (Computerworld)
01 June, 2004 09:00
Comments

The U.S. Postal Service this summer plans to complete the installation of a single sign-on system that will support about 155,000 end users and more than 7,000 applications and Web sites -- one of the largest deployments of the user access technology done thus far.

The new system has already been rolled out to 147,000 users, and Bob Otto, chief technology officer at the USPS, said last week that the 11-month rollout is due to be finished in August. The new system lets USPS workers log onto 1,000 internal applications and 6,000 external ones using only their Windows passwords, Otto said.

"If this isn't the largest (deployment) in number of users, it's way up there," said Jonathan Penn, an analyst at Forrester Research. "By far, it's the largest in terms of number of applications supported."

The system is built around single sign-on software developed by New York-based Passlogix, which will announce the deployment this week. Otto said the USPS turned to Passlogix's v-Go Single Sign-On (SSO) technology to solve its No. 1 end-user problem: remembering passwords.

Addressing Security

"An average end user had five to 10 different log-on IDs and passwords, and they wrote them down on little pieces of paper and stuck them under their mouse pads (or) under keyboards," Otto said. "They hid them everywhere because they couldn't remember them. That was a big security issue."

In addition, calls to the help desk by end users who had forgotten their passwords were costing the USPS millions of dollars per year in operating costs, according to Otto.

Now, v-Go SSO stores user IDs and passwords for applications in an encrypted format within Microsoft's Active Directory software, said Wayne Grimes, manager of customer care operations in the USPS's IT department. When users boot up their PCs and start opening applications, the software automatically enters their IDs and passwords, he said.

Even with the rollout not yet completed, the help desk currently averages only about 10 password-related calls per day -- most of which involve questions about using v-Go, Grimes said. That's a far cry from the "thousands and thousands" of calls help desk staffers used to get, he added.

The USPS has been able to deploy the Passlogix software without modifying any applications, Otto said, noting that he assigned just one IT technician to work on the project full time and another part time.

Otto estimated that it would have cost $15 million to $25 million to modify the USPS's internal applications for a homegrown single sign-on approach. He declined to disclose what the USPS paid for v-Go SSO but said the deployment will cost less than $200,000.

In the past, single sign-on software required IT managers to write scripts for the applications being supported, Penn said. That led many users to curb the scope of projects, he added. But the rollout at the USPS "should really be a wake-up call to organizations that are struggling with password management," Penn said.