EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda The challenge: Authenticator life-cycle management...
-
Upload
lizbeth-houston -
Category
Documents
-
view
225 -
download
2
Transcript of EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda The challenge: Authenticator life-cycle management...
eToken TMS 5.0 CA
June 09
eToken TMS 5.0 Agenda
The challenge: Authenticator life-cycle management eToken TMS (Token Management System) eToken TMS 5.0 – Release Highlights
Authentication Management ChallengeThe management of an authentication solution in an enterprise involves a number of interrelated elements:
UsersIdentities in the organization
Organizational policiesAccess rights for user groups; required security measures
Security devicesAuthentication devices provided to users
Security applicationsApplications to be used by each user (e.g. Network Logon, disk encryption)
1. New employee gets token upon arrival
2. Employee performs token self-enrollment
3. Employee starts working
Organizational Policies
TokenManagementSystem
ERP System
VPN
Network Logon
Life With a Management System
And There’s Much More…
Why Use a Token Management System?
Reduce administrative errors (potentially costly!!) by streamlining processes
Reduce workload of your IT staff with automated processes and user self-service tools
Control your authenticator inventory and usage
Enhance user productivity
Fully audit token usage for regulatory compliance
With a management system in place you can:
Make your authentication solution a reality!
eToken TMSToken Management System
TMS Framework View Robust system for deploying, managing and using authenticators TMS links users, organizational policies, security devices & security
applications
Authenticator assignment
Authenticator enrollment
Authenticator revocation/ disablement
Authenticator update
Password reset/change
Authenticator replacement
Authenticator Life-Cycle Management with TMS
TMS Management Components
The following web sites/services installed on the TMS server:
eToken TMS Management Center: TMS management site, used by administrator & helpdesk
eToken TMS Self Service Center: Self service site, used by corporate end users
eToken TMS Remote Service: Self service site for end users- for employees on the road in case of lost authenticators or forgotten passwords)
TPO Management Web Service: A web service - used by the TPO editor for configuring TMS settings
TMS Key Features (1) Supports all eToken devices and applications
Integrated with Microsoft Active Directory, Microsoft SQL Server and OpenLDAP
Web-based user self-service, help desk, and administration tools
Open architecture Supports security applications with configurable connectors Supports solutions including: network logon, VPN, web access, secure email,
data encryption, boot protection, SSO, certificate management, IdM… Robust SDK
Secure solution for employees on the road who lose/forget their authenticators
TMS Key Features (2) Supports scalable, distributed administration
Management of multiple domains from a single web-based interface
Role-based administration
Different user data encryption keys for different domains
Full auditing and reporting capabilities
Supports clustering, redundancy, scalability – based on Microsoft Windows Server 2003 and IAS
Centralized client software deployment
Supports multiple client platforms: Windows, Linux and Mac OS
TMS Key Differentiators in the Market
A single life-cycle management system for your entire solution
Full integration with Microsoft Active Directory Familiar and intuitive usage for administrators
Direct link with user data – no need to replicate
Fully integrated with AD user rules and policies
All user data are located and managed in one place
No proprietary server
Integration with multiple security applications + SDK Flexibility to support current & evolving requirements
Designed for enterprises & managed service providers
TMS Business Value: MSSPs Easily manage your customers’ solutions
Manage multiple customer domains from a single web-based interface
Allow local customer site management with web-based user and admin tools
Enable your customers to view reports online
Control activities with role-based administration
Permissions can be assigned per domains, OUs, groups, & tasks
Keep your customers’ data secure
Built-in user data encryption capabilities
Different encryption keys for diverse customer domains
High availability, non-stop service
TMS Business Value: Compliance
Excellent reporting tools
Set of built-in reports including: token usage, connected tokens, token inventory and status, attendance reports
Support for external reporting tools to generate other reports you may need
Full auditing capabilities
Complete event logs
Fully customizable email alerts to track any irregular or problematic usage right when it happens
Enhanced internal data controls and protection of individuals’ privacy
Complete control over each administrator’s abilities
Advanced user data encryption capabilities
eToken TMS 5.0 Highlights
eToken TMS 5.0 - Highlights Support for eToken PRO Anywhere
Support for eToken Virtual and MobilePASS (SoftOTP) products
Card printing support
Multi Forest Active Directory support
Novell eDirectory user store support
Simplified licensing mechanism - cross domain
Simplified installation and configuration (OTP*)
Updated platform support (Windows 2003 64 Bit)
Support for TMS 5.0 user token management in Linux & MAC TMS Self service & TMS remote
Expanded TMS API
MS CA Based Key Archival support
Improved logging and error handling capability
Enhanced technical documentation
Authenticator Management
eToken TMS enables full life cycle management
Including TMSservice - End-user portal
The End-user site enables tasks such as: Enroll a new authenticator
Update the content of an enrolled authenticator
Change/Reset eToken password
Disable/Enable an eToken
Replace a Lost/Damaged authenticator (including revocation)
Manage OTP authenticator including MobilePASS
Enroll eToken Virtual and eToken Virtual Temp
Post-Enrollment Self Management
After successful authenticator
enrollment, self-management
options are added to the
TMSService site.
Maintenance
Recovery
OTP Management
Soft tokens
eToken Virtual Deployment– Administrator Use Case
Administrator enrolls eToken Virtual for a specific user from the TMS Manage. The only supported use case is enrollment to a removable flash device:
eToken TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.
eToken TMS is installed and all the required connectors are configured to enable eToken Virtual usage.
Administrator plugs in the user portable device and starts the enrollment process from the TMS Manage web site.
eToken Virtual is created on the portable device, locked and set with the initial user password.
Notification is sent to the user with the eToken Virtual password.
User receives the device and can use it for the authentication.
19
eToken Virtual – User Enrollment Use Case
User accesses the TMS Service web site and enrolls eToken Virtual:
TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.
TMS is installed and all the required connectors are configured to enable eToken Virtual usage.
User enters TMS Service web site to enroll eToken Virtual.
eToken Virtual is created on the user computer, locked and set with the user password OR user can enroll the eToken Virtual to a portable drive, based on the TMS TPO settings, configured by the administrator.
User can use the eToken Virtual for the authentication.
20
NOTE: Admin Rights Required for eToken PKI Client Installation
MobilePASS – Enrollment and Usage eToken TMS and MobilePASS license are acquired by the
company to enable OTP using software authenticators.
Administrator enrolls MobilePASS authenticator for the user in the TMS Manage.
The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc..
The user installs the MobilePASS software.
The user enters the activation code and activates the software.
OTP is generated using the received PIN.
Using the OTP, the user logs on.
Additional software solutions using TMS: eToken Virtual Temp
Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator
For each authenticator, the user can enrol one temporary virtual authenticator.
eToken Rescue
Users who lose their authenticators can create an eToken Rescue authenticator(default expiration 1 month, max 3 months)
Controlled Availability Release
For new prospects who wish to deploy eToken TMS 5.0 CA
CA Process Salesperson provides details of prospect and fills CA form,
available from Technical Support
Reviewed and approved by Authentication product management prior to approval
Receives extensive support and ongoing feedback
For details, contact: Opher Dubrovsky [email protected]
Summary
eToken TMS and PKI Client make your authentication solution a reality!
Organization’s own user-repository utilized to handle full life-cycle token management
User administration of authentication devices is shifted from IT to HR and users
eToken solutions reduce identity and password management costs
eToken helps customers achieve regulatory compliance