Works, but not without issues and impacts to the user experience
Rating: 4 out of 10
IncentivizedUse Cases and Deployment Scope
We use it to achieve single sign-on for other systems which aren't Active Directory federated. This allows IT users to avoid typing their passwords for different systems, since ESSO automatically types it for them when they go to the web page or thick client.
Pros
- Flexible to work with most web sites and thick clients
- Avoids users having to type their passwords repeatedly
- Fairly performant
Cons
- This tool is essentially a hack, making the user experience pretty weak. For example, we use it in an application which has a box to type your password. Every time you enter some data, ESSO steals the focus and types your password into the box, even if you aren't about to submit the form requiring the password.
- This tool creates a 2nd CN in the directory and this broke some of our applications which were only expecting a single CN per user in the directory. Why can't it use a traditional database instead?
- This tool caused performance issues with Putty. It would peg our CPUs at 100% if the user had Putty running. It took a very long time to resolve the issue.
Likelihood to Recommend
Good if you want a temporary solution to too many passwords.