Hi, Is my understanding correct that even though FIM has the ability to synch passwords and provide self service portal capabilities, it is not exactly a Single Sign-on solution by itself. And in order to achieve a true 'SSO' label, it needs to integrate with something like Passlogix or similar? A bit of a grey area this I imagine...but could someone maybe elaborate please? Regards.

Hi S. Can you please explain a bit more about your scenario and youe environment and what you are trying to accomplish? SSO means a lot of things to a lot of people and it will be hard for anyone to give you an answer to your question. However, FIM is not an SSO client, an SSO server, an SSO application, or an SSO tool. So, I think your original guess was correct when you said "it is not exactly a Single Sign-on solution by iteslf." -Jeremy

Hello Kwan, You are on the right track. Generally speaking, the problem of managing passwords could be broken down into the following two areas: Back-end Password Synchronization: Replicating change in the password in an authoritative datastore to other enterprise datastores User experience: On-demand password entry on the logon screen for the application a user wants to use FIM does offer a solution for the first item. However, it doesn't handle the second area. It still leaves upto the user to provide the password to the application upon demand. It can help by synchronizing all these password thus making it easier on the user. Result: Instead of remembering, lets say 10 passwords for 10 application they only have to remember one password for all those applications. The following would be my recommedation to handle the second area: As much as possible, Kerberize the application/s so that the app can leverage user's windows kerberos credentials. Result: eliminates the need for password entry to provide true SSO For apps which cannot be kerberized, you may have to fall back on password manager's like Passlogix, Evidian SSO, Quest ESSO or other solutions in that space. Hope that helped you with a perspective. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Very nice summary and clear, thank you Jameel