We have multiple websites for our customers to use in a SaaS environment. We currently have a product that allows us to password protect access to the webpages. It provides access to a single website or multiple websites depending on customer needs. It enforces strong passwords and password retention policies. It has the ability to set up roles and access rights (time of day, things like this). Essentially a website security Gateway. Once they authenticate, they have access to everything on that site. If they choose to access another site, they log back into the gateway and select another site that they have access too. Once they have logged in, they get a list of resources (sites) that they can access.
The one thing it does not do, is allow the user to reset their passwords. This is a manual process that has to be completed by an administrator. Many of our customers require 24 hour access and not having the ability to reset a forgotten password continues to be a problem for us.