Follow

What is Single Sign-On (Package Key)?

Single Sign-On is a feature designed where cookies/cache are stored in either the JavaScript of Adobe or the Web Viewer to enable readers, that have access to multiple documents, to switch from document to document without having to re-enter their credentials repeatedly provided that the same computer/device is used.

Here are the single sign-on options:

  1. True web portal single sign-on and pass-along identification
    • Requires Vitrium Security Enterprise server to be installed on site and on the same server or network as the EIP.
    • Requires an existing, secure web portal that user’s need to log into before they can access their documents.
    • Requires a custom software component that intercepts end user document download click events and protected documents on demand (and embeds the user’s web portal session id into the document) and then watermarks and delivers them to the User. If the User wants multiple documents, then the document scan can be zipped up after being protected.
    • Requires an EIP to receive the user’s web portal session id and then perform a lookup of this session id to verify validity.
    • Advantages:
      1. The most seamless user experience
      2. Offers true web portal single sign-on where users do not need to enter their credentials in the document since the document can be tired back to the user’s secure web session
  • Can be used to identify source of documents that are passed along because each document is watermarked with the original source (this is a true watermark, which can be semi-transparent and diagonal) and is always the same regardless of who the document is forwarded onto and who actually opens and unlocks the forwarded document).
  1. Can decide on whether the document can be printed or not depending on the user/situation
  2. If the web portal session id is not valid (for any number of reasons) then the document can fallback to regular unlock, where the user needs to manually enter their credentials.
  3. The user does not have to disable the Acrobat Global Security Policy setting (or make any Acrobat setting changes at all) for this to work in Acrobat 8 or later UNLESS computer limits are being enforced.
  • Disadvantages:
    1. More complicated setup due to custom interception component
    2. Need more computing resources to generate or uniqueify documents on demand.
  • Higher latency experienced by end user due to protection and watermarking on the fly but this can be minimized
  1. Almost single sign-on
  • Either installed Vitrium Security Enterprise server on the customer’s network (as above), at a third party location, or use of Vitrium’s SaaS offering of protectedpdf.com can be used (still needs to be Internet accessible though)
  • Requires either Vitrium’s full EIP or a custom EIP that recognizes a user’s previously used machine identifiers.
  • Advantages:
    1. Doesn’t require a secure web portal (user’s don’t need to login in order to download documents)
    2. All users can download the exact same document.  There is a small exception here: if some Users can print or copy/paste and others cannot, then 2 copies of each document should be pre-processed.
  • Much simpler.
    1. There is no need for a custom interception component.
    2. There is no need for any changes to the way the website currently works when users click on documents.  This is because Vitrium's secured documents are PDF documents.
  1. No need for the Vitrium Security Enterprise Server to be installed on the same network or server.
  2. Still receive complete audit trail since single sign-on still results in communicating back to the server
  • Disadvantages:
    1. Less seamless user experience.
    2. User has to authenticate himself the first time on each computer they use but, after this, they don’t need to authenticate themselves any more on that computer because the unique but random computer id is sent back and can be used whenever they open subsequent documents.
  • Every user/situation will get the same printing and text selection security settings
  1. The user has to disable the Acrobat Global Security Policy setting for this to work in Acrobat 8 or later.
  1. Offline document package single sign-on
    • Either installed Vitrium Security Enterprise server on the customer’s network (as above), at a third party location, or use of Vitrium’s SaaS offering of protectedpdf.com can be used (still needs to be Internet accessible though)
    • Each applicable document in Vitrium Security Enterprise Server is set to belong to a particular package.  This is done by selecting which documents is to be a part of a particular package and setting the document’s arbitrary package key to the same value as any other documents in the same package.
    • Compatible with starter kit EIP.
    • Advantages:
      1. The simplest.
        1. There is no need for a custom interception component.
        2. There is no need for any changes to the way the website currently works when users click on documents.
        3. It works with the EIP starter kit out of the box.
      2. No need for the Vitrium Security Enterprise Server to be installed on the same network or server.
  • The user has offline access to all of the documents in the package without needing to be online for the duration of the offline access.
  • Disadvantages:
    1. Less seamless user experience.
    2. Only the first unlock a document in a package of documents will result in server communication.  Therefore, the server (and EIP) will not have an audit trail of unlocking activity for any of the documents in the package for the remainder of the offline access period.
  • Every user/situation will get the same printing and text selection security settings
  1. The user has to disable the Acrobat Global Security Policy setting for this to work in Acrobat 8 or later.
  2. Currently, a secured document can only belong to one package.
  3. Only a few packages can be defined due to the small size of the Acrobat cookie space.  However, this is not a concern if users are expected to only receive just a few packages (even if many packages are defined at the server)

0 Comments

Please sign in to leave a comment.
Powered by Zendesk