Automate Application Password Changes
With OneSign Single Sign-On, administrators can implement a clear, straightforward password policy across all SSO-enabled applications based on users' primary authentication. For additional security measures, OneSign is able to cycle complex application passwords behind the scenes on the users' behalf. This allows organizations that require certain application passwords to be changed periodically to handle the changes automatically.

Self-Service Password Management
With this option, users can easily reset or be notified of their own network and application passwords without help desk intervention. Administrators can set identity verification thresholds for users, or groups of users, who are simply prompted to answer a set of random or administrator-created questions, and, once authenticated, OneSignSingle Sign-Ondelivers the service. This service can be accessed either by users on the network or via the Web.

Broad Support for Strong Authentication
OneSignSingle Sign-Onsupports major forms of authentication out of the box — without requiring any custom integration with device vendors. Authentication methods include password, strong password, finger biometric authentication or identification, active and passive proximity cards, smart cards, One-Time-Password tokens, USB tokens, and Kerberos authentication. Administrators decide which users should have which authentication modes, and whether they should upgrade their authentication options over time.

Application Profile Generator™ (APG):
Point-and-Click instead of expensive scripting
The OneSign Single Sign-On Application Profile Generator (APG) enables SSO and password change support for ALL enterprise applications — without writing logon scripts, building custom connectors or modifying existing code.  APG's point-and-click paradigm automatically learns logon and password change behaviors for even the most challenging applications —including native Java clients, Telnet emulators, Web-to-host applications, frame-based Web applications and many more.

Monitoring and Reporting
The OneSign Intelligent Agent allows organizations to monitor, capture and log password-related user access events in a centralized database.  Easy-to-use detailed reporting can strengthen security and enforce regulatory compliance across all applications.  Now, for the first time, administrators can easily monitor access records for every user, application or workstation in one, central location —even revealing users that may be sharing credentials to confidential applications.

Provisioning Support
OneSign Single Sign-On provides provisioning support based on the industry standard Service Provisioning Markup Language (SPML). SPML-based provisioning support allows users - and their network and application credentials – to be automatically provisioned and de-provisioned in OneSign Single Sign-On, eliminating the need to ever issue passwords to your users. New users, applications, and password resets are automatically reflected in OneSign. Imprivata provisioning partners providing out-of-the-box OneSign provisioning connectors include Courion and Fischer International. Check with your OneSign representative for the most up to date list of OneSign provisioning partners and connectors.