Making identity easy
As the number of Enterprise apps that require separate login credentials grow, managing multiple identities has become a major concern for IT departments. In large organizations a significant proportion of time is lost not only by employees looking for credentials, but also by the help desk who manage those credentials. IT departments are always looking for ways to simplify password management, and one option to rationalize the number of logins is with single sign-on.
New login options
In the latest version of Timemaster you now have three options to log in to Timemaster;
- through your Timemaster login
- through your Windows account in addition to your Timemaster login
- or through your Windows account
Through the Windows only option, organizations that deploy Timemaster on premise can achieve single sign-on to Timemaster using their Active Directory (AD).
Setting it up is pretty straightforward. No additional software is required, just a bit of configuration.
Firstly, you need to edit the authentication options for the Timemaster web app in order to use Windows authentication. Then you need to link each Timemaster user to their Windows accounts within Timemaster. These are one-off steps that are simple to complete and, should you change your mind and ever want to go back, can even be configured as reversible.
We’ve outlined these steps in the Timemaster web installation guide here.
No extra rights
Your Timemaster login groups and corresponding access rights remain in force and are unchanged with either option. You don’t have to worry about setting up any Timemaster permissions again during the process. Everything is preserved just as it was with Timemaster logins; it’s just that the access can now be controlled by the user’s Windows account.
Staff leaving employment or moving on are automatically denied access to Timemaster once their Windows accounts are suspended. New staff created in Timemaster can be linked to their Windows account by simply looking up their details in AD. Login policy is now also set and managed in one place, your own AD, if you’re using the Windows only login option.
Staff who leave their desktop unlocked and walk away will now be protected by the same controls and policies IT have setup for the desktop. In most cases, the Windows default timeout locks your desktop after a few minutes of inactivity, but this could be shorter – your AD, your choice.
When staff unlock Windows and return to Timemaster in their browser, they’ll be automatically redirected to their homepage without the need for a further login.
Single sign-on achieved
Your staff can forget they ever had a separate Timemaster login. Now they only have to contact IT to reset their Windows password. Once they are back into Windows, they are back into Timemaster.
Why not set it up today?