Post on 04-Jun-2015
description
Server-based Password Synchronization:
Highlighting the Self-service Password Reset Layer of the PortalGuard Platform
Managing Multiple Passwords
Understanding PortalGuard’s
• How PortalGuard can help you
• Understand password synch can be a midpoint between too many passwords and expensive SSO solutions
• Learn about PortalGuard’s Server-based Password Synch
• See the step-by-step Authentication Process
• Know the technical requirements
By the end of this tutorial you will be able to…
The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a
balance between security, auditing and compliance for your web, desktop and mobile applications.
• Single Sign-on
• Password Management
• Password Synchronization
• Self-service Password Reset
• Knowledge-based
• Two-factor Authentication
• Contextual Authentication
• Real-time Reports/Alerts
Usability Security
Before going into the details…
• Configurable by user, group or domain hierarchy
• Comprehensive solution supporting multiple directories
• Enables self-service password reset, recovery and account unlock
• Force user enrollment (optional)
• Active Directory Password Filter (optional)
• Cost effective and competitively priced
• Easy to implement
Enterprise SSO
Password Synch
• Server-based
• Single password, single interface
• Easier implementation
• Force enrollment
• No client-side software required
• Cost effective
• Flexible
• Self-service Password Reset
The process of password synchronization…
Correlates the passwords for multiple user accounts
Password Complexity Challenges
Rules differ from system to system causing a common hurdle to implementing password synch…
Step One: Identifying Password Complexity Rules
Step Two: Change Password Rules on Systems
Microsoft AD: no maximum password length or prevent specific characters
IBM System i: typically maximum length of 10 with special character limitations
WARNING:
Multiple Directories (including MS Active Directory, Novell eDirectory, IBM System i, LDAP v3-compliant, and custom SQL user tables )
Self-service Password Reset
Real-time synch
Consistent set of password rules
Active Directory Password Filter
• Ability to link a user’s primary account to accounts on multiple systems/directories
• All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time
• Aligns password complexity rules to reduce barriers to password propagation
• Requirement to link accounts is policy driven which can be specific to the user, group or domain hierarchy
• Account linking can be enforced or made optional • Supports multiple user account repositories
Features:
• Password Synch - eliminate the need for users to remember different passwords
• Ease of Use - manage passwords from single consistent interface • Self-service - unlock accounts and reset passwords from one place • Seamless Integration - with existing logins using “sidecar” mode • Lower Costs - reduce password-related calls and required IT support • Increased Productivity - and user adoption for new services/websites
HOW IT WORKS
How to link an account….
Step 1: the user logs into a Windows workstation or an existing internal website. PortalGuard is notified of the logon and checks its policies to see if the user:
• Is required to link to an account in another directory, and
• If they have yet to do
so
Step 2: Once the user provides the correct password, the secondary account password will be immediately synched with the primary if necessary
How to link an account….
The user has forgotten their password and clicks “Forgot Password?” link on the Windows logon screen or website logon page
Step 1:
Step 2:
The user chooses to reset their forgotten password and proves their identity by correctly answering a series of challenge Q&A or entering an OTP
The user enters a new password that satisfies all linked account systems. The PortalGuard server resets all linked accounts to use this password and unlocks the accounts as well.
Step 3:
Immediate feedback is given to the user that the password reset was successful on all linked accounts.
Step 4:
Configurable through the PortalGuard Configuration Utility:
• Password Synchronization • Password Policies:
• Minimum Length • Maximum Length • Minimum:
• Lowercase characters • Uppercase characters • Numeric characters • Non-alphanumeric
characters • Enforce AD Complexity • Password Rule Grouping • Password Strength Meter
• Password History
• Dictionary Words
• Regular Expressions
TECHNICAL REQUIREMENTS PortalGuard Desktop – for Windows workstations
Sidecar Mode – enforce account linking on existing website
AD Password Filter – enforce custom password policy for native Ctrl+Alt+Del Windows password changes
A MSI is used to install PortalGuard on IIS 6 or 7.x.
This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only.
• IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later
• Microsoft Active Directory – Windows 2000 AD domain or later • Novell eDirectory 8.7 or later • IBM System i - V5R2 or later • Any LDAP v3-compliant directory • Custom SQL user tables • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2 • Windows Terminal Services on Win2003 • Remote Desktop Services on Win2008
THANK YOU For more information visit PortalGuard.com or Contact Us