IBM has bought Encentuate and to add the company's single-sign-on technology to its Tivoli line of products.

The company said that Version 7.0 of its Tivoli Access Manager Enterprise Single Sign-On, which is expected to ship this autumn, will be the first IBM-branded incarnation of Encentuate Single Sign-on. The current version of Access Manager includes SSO technology that IBM uses via an OEM agreement with Passlogix. There is also an option to run the current version with Encentuate's software.

Encentuate also develops technology for strong authentication called iTag, and tools for secure remote access. Its suite of identity- and access-management technology includes the enterprise SSO tools, as well as session management, audit/compliance, and user provisioning.

"Considering IBM is interested in applications and application management for the enterprise, this is a good complement, a good fit," said Scott Crawford, an analyst with Enterprise Management Associates. "Encentuate has a good product set and penetration into some good verticals."

IBM said the Encentuate technology typically would be used for intranets, but that over time it would explore extranet support for such things as online services and federation of identities across corporate boundaries. "We will make sure there is integration with our federated single sign-on, as well as web single sign-on," said Joe Anthony, program director for security and compliance management in IBM's Tivoli Software division.

Anthony said he expectedto integrate Encentuate products with Tivoli Identity Manager, Tivoli Federated Identity Manager, Tivoli Compliance Insight Manager and Tivoli Security Operations Manager. He said the Standard version of the Tivoli Access Manager will include the core enterprise SSO along with self-service password-resetting and centralised logging. The Suite version will add strong authentication, user provisioning, shared workstation, session management, and auditing and workflow automation.