A method and system for controlling access of a user to a secondary system. The user is logged on a user system. A primary system connects the user system to the secondary system. A first authentication information is received from the user system. After determining that the first authentication information conforms to protected primary authentication data included in the primary system, access of the user to the primary system is provided followed by generation of a user-specific key from the first authentication information. Second authentication information is derived from protected secondary authentication data included in the primary system, by use of the user-specific key in conjunction with the protected secondary authentication data. The second authentication information is provided to the secondary system to enable access of the user to the secondary system.