STRONGER AUTHENTICATION for CA SiteMinder



Similar documents
ADDING STRONGER AUTHENTICATION for VPN Access Control

Adding Stronger Authentication to your Portal and Cloud Apps

Guide to Evaluating Multi-Factor Authentication Solutions

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Strong Authentication for Secure VPN Access

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

A brief on Two-Factor Authentication

RSA SecurID Two-factor Authentication

Microsoft Enterprise Mobility Suite

Proposal Document TitleDocument Version 1.0 TitleDocument

The increasing popularity of mobile devices is rapidly changing how and where we

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Cisco Mobile Collaboration Management Service

Ensuring the security of your mobile business intelligence

Two-Factor Authentication

Improving Online Security with Strong, Personalized User Authentication

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Identity & Access Management in the Cloud: Fewer passwords, more productivity

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Kony Mobile Application Management (MAM)

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

NCSU SSO. Case Study

Identity in the Cloud

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

A Symantec Connect Document. A Total Cost of Ownership Viewpoint

CoSign by ARX for PIV Cards

Two-Factor Authentication Evaluation Guide

expanding web single sign-on to cloud and mobile environments agility made possible

FileCloud Security FAQ

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

nexus Hybrid Access Gateway

Advanced Configuration Steps

How to reduce the cost and complexity of two factor authentication

Google Identity Services for work

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

PULSE SECURE FOR GOOGLE ANDROID

ProtectID. for Financial Services

Microsoft Enterprise Mobility Suite

SafeNet Authentication Service

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Top 5 Reasons to Choose User-Friendly Strong Authentication

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Security Architecture Whitepaper

An Overview of Samsung KNOX Active Directory and Group Policy Features

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Using Entrust certificates with VPN

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

When enterprise mobility strategies are discussed, security is usually one of the first topics

SECUREAUTH IDP AND OFFICE 365

Moving Beyond User Names & Passwords

Swivel Multi-factor Authentication

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Authentication Solutions Buyer's Guide

WHITE PAPER Usher Mobile Identity Platform

Symantec Mobile Management 7.1

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Copyright 2013, 3CX Ltd.

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

SharePlus Enterprise: Security White Paper

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

Connecting Users with Identity as a Service

White Paper. The Principles of Tokenless Two-Factor Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication

Welcome Guide for MP-1 Token for Microsoft Windows

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

BlackShield Authentication Service

Dell World Software User Forum 2013

Access All Your Files on All Your Devices

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Windows Phone 8.1 Mobile Device Management Overview

CA Single Sign-On Migration Guide

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Integrating Single Sign-on Across the Cloud By David Strom

ADAPTIVE USER AUTHENTICATION

Roadmap to Solving Enterprise Mobility

How To Make A Multi-Tenant Platform Secure And Secure

Mobile device and application management. Speaker Name Date

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Mobile Iron User Guide

Ondřej Výšek Sales Lead, Microsoft MVP.

Securing Corporate on Personal Mobile Devices

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Symantec Mobile Management 7.2

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Flexible Identity Federation

Ultra-strong authentication to protect network access and assets

Leveraging SAML for Federated Single Sign-on:

Using RD Gateway with Azure Multifactor Authentication

Transcription:

STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1

STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive solution for centralized authentication and authorization services, single-sign-on (SSO) between multiple network applications, and federation with other organizations. As a Web Access Manager (WAM), CA SiteMinder delivers secure online access to applications and data to employees, customers, and partners. PASSWORD SECURITY The Username/password combination is the most common way for users to authenticate to Web applications and portals protected by SiteMinder. Password databases are frequently stolen from IT sites and expose organizations to unprecedented security risks, regardless if passwords are encrypted or password strength policies are in place. Password maintenance and password frequency are also a source of user frustration and higher costs due to help desk calls or user delays to access protected resources. LEGACY 2-FACTOR SECURITY Any enterprise wishing to upgrade its SiteMinder users to stronger authentication faces deploying expensive hardware-based technologies: one-time password (OTP) tokens, smartcards, or USB drives. These technologies do not scale above several thousand users and incur a high total cost of ownership: Direct and indirect costs to administer and distribute physical tokens and hardware Updating, replacing and distributing lost or broken OTP and USB tokens Service desk support for users who lose security tokens Desktop configuration changes to install hardware drivers or client applications Maintenance and licensing of proprietary hardware servers These challenges are well known to those organizations operating legacy OTP or cardbased solutions. For new adopters of multifactor solutions doing nothing means exposing corporate or consumer assets, or starting a complex, expensive, multiyear project to provide multi-factor authentication services for their organization. Additionally, the use of software, SMS or mobile app based OTPs expose the risk of man-in-the-middle and phishing attacks, and in many cases, disclosure of users Personal Identifiable Information (PII). LoginTC addresses all of these shortcomings head-on. Adding Stronger Authentication for CA SiteMinder Access Control 2

THE LOGINTC PLATFORM The LoginTC platform is a versatile solution which can add an additional layer of security to the online authentication process. The platform combines several components into an integrated, On-Premise or cloud-based identity and access management solution: LoginTC Messenger, the core notification service across the mobile networks LoginTC Admin, a virtual appliance that provides core functionality for administrators to manage users, domains, devices, and user sessions LoginTC Connector, a set of modules that integrate directly with various service provider end points (this guide focuses on the LoginTC SiteMinder connector) LoginTC App, a software application designed as a two-factor credential your users download and install on their mobile devices LoginTC Messenger LoginTC Messenger brokers mobile push notifications to LoginTC apps initiated by a user session. LoginTC Messenger leverages the respective push notifications networks of Apple Push Notification Service, Google Cloud Messaging, and BlackBerry Push Service. It is hosted in a level one PCI DSS compliant data center with audit reporting in accordance with SAS 70 Type II and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. LoginTC Admin LoginTC Admin is an On-Premise Virtual Appliance with a fully featured web based control panel used by administrators to manage and monitor their users, domains and devices, and to access audit information and reports. LoginTC Admin also requests notification services to LoginTC Messenger and interacts with LoginTC app to accept or deny the second-factor authentication process. Administrators access LoginTC Admin with their LoginTC two-factor authentication credential. LoginTC Platform LoginTC SiteMinder Connector The LoginTC SiteMinder Connector is a purpose-built authentication scheme which can be configured directly into an existing CA SiteMinder deployment. The module is installed and configured in your SiteMinder environment by the SiteMinder administrator. If required, you can deploy the LoginTC SiteMinder Connector in a load balanced and high availability environment. The LoginTC SiteMinder Connector is configured to integrate with LoginTC Admin in your IT infrastructure premises. Once activated with SiteMinder, it leverages your existing username/password first factor and adds a second factor layer in combination with the LoginTC app. Active Directory and LDAP integration tools are provided to administrators to leverage and synchronize existing user repositories. LoginTC App The LoginTC app is a credential store and authentication manager installed on your users smartphones or tablets. The app is available for ios, Android and BlackBerry Adding Stronger Authentication for CA SiteMinder Access Control 3

platforms. Powerful add-on features can be applied to the app user experience, such as delivering an organization or website pictogram, and dynamically generated content governed by the LoginTC Administrator. USER REGISTRATION Users add credentials to their mobile device by installing the LoginTC app and registering a new credential. Administrators issue SiteMinder domain specific Confirmation Codes (CC) to users. In turn users enter the CC in their LoginTC app, lock the credential with a PIN or passcode and are fully provisioned. The LoginTC administrator can configure the strength of the PIN or passcode mechanism required to unlock the token. Confirmation Codes can be provisioned in a variety of ways: selfservice, email, in person, etc. All credentials can be issued, revoked and re-created by the administrator. SITEMINDER AND LOGINTC TWO-FACTOR CA SiteMinder delivers powerful access management enforcement to multiple commercial platforms and business applications. Using SiteMinder agents, a SiteMinder administrator can protect the resources of Apache, IIS, JBoss, SharePoint, SAP, WebLogic, and WebSphere servers among others. LoginTC enables two-factor authentication services for all those web applications. The LoginTC SiteMinder Connector is designed for simple installation within complex deployments. It is added as a new native authentication scheme, meaning there is no custom code or APIs to develop. The SiteMinder administrator configures the connector completely within your Policy Server to protect a realm with multi-factor authentication. Adding Stronger Authentication for CA SiteMinder Access Control 4

SiteMinder and LoginTC Authentication Flow LoginTC out-of-band Authentication Step LoginTC Authentication Flow 1 User attempts to access a website application protected by SiteMinder Web Agent 2 The SiteMinder Web Agent intercepts request and transfers authentication flow to SiteMinder Policy Server, which has been configured to use the LoginTC SiteMinder Connector for authentication 3 User is prompted for 1 st factor credential (username / password) to match against user store (MS AD or LDAP) 4 If 1 st factor authentication is correct, LoginTC SiteMinder Connector initiates 2 nd factor authentication with LoginTC Admin 5 LoginTC Admin sends out-of-band authentication request to user s smartphone or tablet via LoginTC Messenger 6 The user acknowledges notification and enters PIN or passcode to unlock SiteMinder domain token credential 7 LoginTC Admin confirms validity of user s token and 2FA success 8 LoginTC SiteMinder Connector confirms to SiteMinder Policy Server that user is valid 9 The SiteMinder Policy accepts user s session and redirects the user to website protected resources Adding Stronger Authentication for CA SiteMinder Access Control 5

BENEFITS OF USING LOGINTC Since the LoginTC app can be found in the most popular mobile marketplaces, it is easier and less expensive to deploy to your users, even to suppliers, partners, and contractors. That gives you complete flexibility for delivering the SiteMinder domain enrolment tokens via user self-service provisioning, user bulk operations, or using the LoginTC Admin with automated email delivery. Point-to-point communication between LoginTC Admin and LoginTC App help prevent phishing, password cracking, and Man-in-the-Middle attacks. A correct PIN or passcode challenge response grants your users access to SiteMinder-protected applications and data. Multiple incorrect PIN or passcode attempts render the credential inoperable, preventing fraudsters from accessing protected information with lost or stolen devices. There are multiple benefits of adding LoginTC to your SiteMinder deployment: Out-of-the-box integration: Enhancing authentication management capabilities is made easy to SiteMinder administrators while eliminating upfront capital investment and the typical time to acquire, deploy and implement new infrastructure User Experience: It s simple and smart; the LoginTC app efficiency, convenience and ease of use make it a practical and secure tool to your SiteMinder users Improved security: Protects against new Internet threats like Man-in-the-Middle that defeat One-Time Password (OTP) tokens Reduced risk: Multi-factor authentication reduces risk of identity theft and network access threats by enabling safe, secure remote access to data and applications from anywhere Improved compliance: Comply with regulatory policies or industry best practices for two-factor authentication for customers, employees, suppliers and partners Works worldwide: even without cell service, the LoginTC app can receive secure notifications via Wi-Fi access points Lower and reduced cost: With the LoginTC, there are no tokens or cards to lose, and less calls to the help desk. It provides the lowest cost of ownership of any multi-factor authentication technology on the market today Mobility working away from a traditional office setting or fixed location has become a common requirement for today s knowledge worker. With millions of smartphones and tablets in use in Canada and the US, the LoginTC provides the most affordable and secure 2FA that your organization can adopt. LoginTC delivers instant secure access to applications protected by SiteMinder to your mobile workers, either through a PC or in the mobile device itself. Adding Stronger Authentication for CA SiteMinder Access Control 6

DEPLOYING LOGINTC The LoginTC Admin solution includes a Virtual Appliance license that can be installed in your organization s virtualization environment. LoginTC Admin can be architected in load balance and high availability mode. If your organization hosts its IT infrastructure with a Cloud vendor, LoginTC Admin can also be deployed in a Private or Hybrid Cloud environment. LoginTC is developed by Cyphercor Inc., which develops and delivers enterprise mobile security solutions which enable two-factor authentication credentials. Cyphercor's mobile-based approach offers unprecedented capabilities to smartphone and tablet users and security conscious organizations. Cyphercor helps users and organizations meet or exceed their security and business goals by providing mobile solutions that: protect digital identities with encryption and safe transactions deliver free and easy to use apps to access cloud and business applications deploy and enable in minutes For more information, visit www.logintc.com or email sales@cyphercor.com Copyright 2013 Cyphercor Inc. All rights reserved. LoginTC and its families of related marks, images, and symbols are the exclusive properties of Cyphercor Inc. Adding Stronger Authentication for CA SiteMinder Access Control 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information