Generally speaking, the problem of managing passwords could be broken down into the following two areas:
- Back-end Password Synchronization: Replicating change in the password in an authoritative datastore to other enterprise datastores
- User experience: On-demand password entry on the logon screen for the application a user wants to use
MIM/FIM does offer a solution for the first item. However, it doesn't handle the second area. It still leaves upto the user to provide the password to the application upon demand.
It can help by synchronization of all these password thus making it easier on the user. Result: Instead of remembering, lets say 10 passwords for 10 application they only have to remember one password for all those applications.
The following would be my recommedation to handle the second area:
- As much as possible, Kerberize the application/s so that the app can leverage user's windows kerberos credentials. Result: eliminates the need for password entry to provide true SSO
- For apps which cannot be kerberized, you may have to fall back on password manager's like Passlogix, Evidian SSO, Quest ESSO or other solutions in that space.