OK, will do. The day Capita kills my family* and I go all Geeky Liam Neeson I shall implement SaSO and call it XYZMIS - perhaps I'll call the company 001A Better than Superman, batman and the hulk combined software development ltd?
* by dropping the latest SIMS release (with patches) on floppy discs on top of them - all 4 billion of them
As the author of this thread I'd like to thank you all for your input. I'm going to hold off with the SIMS single sign on for the time being.
Yesterday afternoon I went into an open ICT suite and found a senior head of dept had left themselves logged on to a computer, usb drive loaded with what ever data plugged in and her handbag open with purse and car keys ready to be taken. I'm losing the security fight all ends up by the looks of it.
When I find an open machine I set a screen saver and ask for password to unlock. Usually the text banner one with a message like "School Security Page".
Did 2 last week. Nobody has ever complained or even mentioned it. They either disable it quietly or more likely don't know how and are too embarrassed to ask.
Just got a call back from Capita; unfortunately it is not possible to have SIMS request the user for their AD username and password, its either SIMS logins, automatic AD, or choice. If need be we can put a change request in via SupportNet.
Good luck with that.
Anything you do will fail when things like this happen:
I think a domain wide locking policy after 10 mins should be mandatory. Or even 15 or 30 but just something as a backup.