In an enterprise, users (e.g., employees) typically may have access to one or more different systems and applications. Each of these systems and applications may utilize different access control policies and require different credentials (e.g., user names and passwords). This may require a user to manage many different credentials for the systems and applications they regularly use, leading to password fatigue, wasted time entering and reentering credentials, and additional IT resources to recover and/or reset lost credentials. Single sign-on (SSO) can provide a user with access to multiple systems and applications after an initial log-in. For example, when the user logs-in to their work computer, the user can then also have access to one or more other systems and applications.
Previous SSO solutions were desktop-based, including a desktop client executing locally on the user's computer that allowed the user to manage their credentials and provide other SSO services and administration. This required a desktop or laptop computer to execute the client and access the user's systems and applications. The locally executing client could monitor the user's activity to provide single sign-on services. However, users increasingly access web-based services using smart phones and tablets that may not be able to execute a full desktop SSO client. Additionally, these previous SSO systems typically could provide single-on for systems that utilize the same access control type, but did not integrate applications that use different access control types. As a result, SSO may provide single sign-on for several of the user's applications, but the user may still be required to log-in manually to other systems or applications.