Server-based Password Synchronization:

Highlighting the Self-service Password Reset Layer of the PortalGuard Platform

Managing Multiple Passwords

Understanding PortalGuard’s

• How PortalGuard can help you

• Understand password synch can be a midpoint between too many passwords and expensive SSO solutions

• Learn about PortalGuard’s Server-based Password Synch

• See the step-by-step Authentication Process

• Know the technical requirements

By the end of this tutorial you will be able to…

The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a

balance between security, auditing and compliance for your web, desktop and mobile applications.

• Single Sign-on

• Password Management

• Password Synchronization

• Self-service Password Reset

• Knowledge-based

• Two-factor Authentication

• Contextual Authentication

• Real-time Reports/Alerts

Usability Security

Before going into the details…

• Configurable by user, group or domain hierarchy

• Comprehensive solution supporting multiple directories

• Enables self-service password reset, recovery and account unlock

• Force user enrollment (optional)

• Active Directory Password Filter (optional)

• Cost effective and competitively priced

• Easy to implement

Enterprise SSO

Password Synch

• Server-based

• Single password, single interface

• Easier implementation

• Force enrollment

• No client-side software required

• Cost effective

• Flexible

• Self-service Password Reset

The process of password synchronization…

Correlates the passwords for multiple user accounts

Password Complexity Challenges

Rules differ from system to system causing a common hurdle to implementing password synch…

Step One: Identifying Password Complexity Rules

Step Two: Change Password Rules on Systems

Microsoft AD: no maximum password length or prevent specific characters

IBM System i: typically maximum length of 10 with special character limitations

WARNING:

Multiple Directories (including MS Active Directory, Novell eDirectory, IBM System i, LDAP v3-compliant, and custom SQL user tables )

Self-service Password Reset

Real-time synch

Consistent set of password rules

Active Directory Password Filter

• Ability to link a user’s primary account to accounts on multiple systems/directories

• All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time

• Aligns password complexity rules to reduce barriers to password propagation

• Requirement to link accounts is policy driven which can be specific to the user, group or domain hierarchy

• Account linking can be enforced or made optional • Supports multiple user account repositories

Features:

• Password Synch - eliminate the need for users to remember different passwords

• Ease of Use - manage passwords from single consistent interface • Self-service - unlock accounts and reset passwords from one place • Seamless Integration - with existing logins using “sidecar” mode • Lower Costs - reduce password-related calls and required IT support • Increased Productivity - and user adoption for new services/websites

HOW IT WORKS

How to link an account….

Step 1: the user logs into a Windows workstation or an existing internal website. PortalGuard is notified of the logon and checks its policies to see if the user:

• Is required to link to an account in another directory, and

• If they have yet to do

so

Step 2: Once the user provides the correct password, the secondary account password will be immediately synched with the primary if necessary

How to link an account….

The user has forgotten their password and clicks “Forgot Password?” link on the Windows logon screen or website logon page

Step 1:

Step 2:

The user chooses to reset their forgotten password and proves their identity by correctly answering a series of challenge Q&A or entering an OTP

The user enters a new password that satisfies all linked account systems. The PortalGuard server resets all linked accounts to use this password and unlocks the accounts as well.

Step 3:

Immediate feedback is given to the user that the password reset was successful on all linked accounts.

Step 4:

Configurable through the PortalGuard Configuration Utility:

• Password Synchronization • Password Policies:

• Minimum Length • Maximum Length • Minimum:

• Lowercase characters • Uppercase characters • Numeric characters • Non-alphanumeric

characters • Enforce AD Complexity • Password Rule Grouping • Password Strength Meter

• Password History

• Dictionary Words

• Regular Expressions

TECHNICAL REQUIREMENTS PortalGuard Desktop – for Windows workstations

Sidecar Mode – enforce account linking on existing website

AD Password Filter – enforce custom password policy for native Ctrl+Alt+Del Windows password changes

A MSI is used to install PortalGuard on IIS 6 or 7.x.

This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only.

• IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later

• Microsoft Active Directory – Windows 2000 AD domain or later • Novell eDirectory 8.7 or later • IBM System i - V5R2 or later • Any LDAP v3-compliant directory • Custom SQL user tables • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2 • Windows Terminal Services on Win2003 • Remote Desktop Services on Win2008

THANK YOU For more information visit PortalGuard.com or Contact Us