Single Sign-On

Owned by Andy Trayler
Dec 14, 2022

In medium and large organizations, SSH authentication is accomplished via a Single Sign-On (SSO) mechanism. The Scan Engine supports this as follows:

  1. Click or tap here to enter text.The scanning server connects via SSH to an SSH Proxy using configured credentials of the SSH Proxy.
  2. The scanning server connects via SSH from SSH Proxy to the remote device to be scanned. The SSH Proxy manages the SSO key-based security required by the remote device.
  3. You can configure the command that should be issued to the SSH Proxy to the remote device from the Scan Engine UI. If required, a Command Username and Command Password can be associated with this command. The Command Username and Command Password can be configured in the UI.
  4. Once logged in to the remote device, the scanning server issues the scanning related commands on the remote device.
  5. The above then repeats for each remote device.


There are a number of potential constraints that need to be considered by the project team. Go through the list below to see if these constraints are applicable to your organization.

Constraint

 

Desktop Devices are turned off outside office hours.

 

Mobile devices are unavailable for extended periods of time (e.g. annual leave).

 

Dynamic IP addresses or IP leases are for short durations.

 

Different time zones (working hours).

 

IP address ranges rarely align with physical locations and overlap is common.

 

Third party desktop support.

 

Credentials are not centrally managed.

 

Limited bandwidth and latency from scanning server to remote offices.