What are the current authentication methods in use on your network?
Do your customers really know what types of authentication they are using on their network? Most customer understand that their users are required to enter a username and password to access the organization's information resources, but they seldom stop to consider the backend functions. For example, are they utilizing the simple, widespread username/password combination? Is it based on a Microsoft Active Directory platform? How about a Unix authentication solution? Are they required to use a random key generated on a token?
There are dozens of ways authentication could be configured in your customer's network -- without knowing exactly what they have, you really have no information upon which to base potential upgrades or configuration tweaks.