The US Postal Service this summer plans to complete the installation of a single sign-on system that will support about 155,000 end users and more than 7000 applications and websites — one of the largest deployments of the user access technology done thus far.
The new system has already been rolled out to 147,000 users, and Bob Otto, chief technology officer at the USPS, says the 11-month rollout is due to be finished in August. The new system lets USPS workers log on to 1000 internal applications and 6000 external ones using only their Windows passwords, Otto says.
"If this isn't the largest [deployment] in number of users, it's way up there," says Jonathan Penn, an analyst at Forrester Research in Cambridge, Massachusetts "By far, it's the largest in terms of number of applications supported."
The system is built around single sign-on software developed by New York-based Passlogix, which will announce the deployment this week. Otto said the USPS turned to Passlogix's v-Go Single Sign-On (SSO) technology to solve its number one end-user problem: remembering passwords.
"An average end user had five to 10 different log-on IDs and passwords, and they wrote them down on little pieces of paper and stuck them under their mouse pads [or] under keyboards," Otto says. "They hid them everywhere because they couldn't remember them. That was a big security issue."
In addition, calls to the helpdesk by end users who had forgotten their passwords were costing the USPS millions of dollars per year in operating costs, according to Otto.
Now, v-Go SSO stores user IDs and passwords for applications in an encrypted format within Microsoft 's Active Directory software, says Wayne Grimes, manager of customer care operations in the USPS's IT department. When users boot up their PCs and start opening applications, the software automatically enters their IDs and passwords, he says.
Even with the rollout not yet completed, the helpdesk currently averages only about 10 password-related calls per day — most of which involve questions about using v-Go, Grimes says. That's a far cry from the "thousands and thousands" of calls help desk staffers used to get, he adds.
The USPS has been able to deploy the Passlogix software without modifying any applications, Otto says, noting that he assigned just one IT technician to work on the project full time and another part time.
Otto estimated that it would have cost $US15 million to $US25 million to modify the USPS's internal applications for a homegrown single sign-on approach. He declined to disclose what the USPS paid for v-Go SSO but said the deployment will cost less than $US200,000.
In the past, single sign-on software required IT managers to write scripts for the applications being supported, Penn said. That led many users to curb the scope of projects, he adds. But the rollout at the USPS "should really be a wake-up call to organisations that are struggling with password management," Penn says.