Self-Service, Anywhere



Similar documents
Large Scale Password Management With Hitachi ID Password Manager

Hitachi ID Password Manager Frequently Asked Questions for Help Desk Managers

Hitachi ID Password Manager Telephony Integration

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Integrating Hitachi ID Suite with WebSSO Systems

From Password Reset to Authentication Management: the Evolution of Password Management Technology

Management of Hardware Passwords in Think PCs.

AD Self-Service Suite for Active Directory

Password Management Before User Provisioning

Provider OnLine. Log-In Guide

The Essentials of Enterprise Password Management. FastPass Password Manager V 3.4 Enterprise & Service Provider Editions

BitLocker To Go USB Flash Drive encryption User Guide

Two-Factor Authentication User FAQ s

Single Sign-On Portal User Reference (Okta Cloud SSO)

Monash Health Self Service

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

Mobile Iron User Guide

ADDING STRONGER AUTHENTICATION for VPN Access Control

Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin

How to Use Remote Access Using Internet Explorer

BitLocker to Go: Encryption for personal USB flash drives (Windows 7 and 8)

Regulatory Compliance Using Identity Management

Collaborate.ets.org Password Setup & Recovery Guide. Table of Contents

Business ebanking - User Sign On & Set Up

Service Offering: Outsourced IdM Administrator Service

PAHO Self-Service Password Management Quick Reference Guide December 2014

Directory and Messaging Services Enterprise Secure Mail Services

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Get Smart Card Ready. How to Recover Your Old (Expired) Certificates

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

1 Hitachi ID Password Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

BitLocker Encryption for non-tpm laptops

AirWatch for ios Devices

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Remote Access Password Tips

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

LSGMI REMOTE DESKTOP SERVICES.

Sophos Mobile Control User guide for Apple ios. Product version: 4

Remote Access: Internet Explorer

DriveLock and Windows 7

Using ipass Secure Anywhere. Secure Remote Access for Hallmark Independent Retailers

ScoMIS Encryption Service

When enterprise mobility strategies are discussed, security is usually one of the first topics

Internet Access Gateway Logon Instructions IAG Platform, XP

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

NETWRIX IDENTITY MANAGEMENT SUITE

TOP. Steps to Success. TOP 10 Best Practices. Password Management With a Plan.

Password Manager Windows Desktop Client

PrimeSecure Self-Service User Guide Revision 1.2

STRONGER AUTHENTICATION for CA SiteMinder

Spectrum Health Virtual Desktop (VDI) (available only to select users at this time)

Encryption as a Cloud Service provides the lowest TCO

Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2

BITLOCKER USER GUIDANCE

NASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)

AVG Business SSO Connecting to Active Directory

Using YSU Password Self-Service

ScoMIS Encryption Service

User Guide for CDC s SAMS Partner Portal. Document Version 1.0

Remote Access Using the USDA LincPass

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

NU SSO Account Activation Job Aid NU Employees

Self Service Portal and 2FA User Guide

Chapter 1 Scenario 1: Acme Corporation

Check Point FDE integration with Digipass Key devices

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

McAfee Endpoint Encryption (SafeBoot) User Documentation

Multi-Factor Authentication FAQs

ADSelfService Plus Client Software Installation Guide

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

Employee Active Directory Self-Service Quick Setup Guide

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Manual for Android 1.5

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Active Directory Self-Service FAQ

Trauma/Recon Sales. Step by step guide to using the Smith & Nephew User Gateway (SNUG) Global Remote Access

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

1 Hitachi ID Password Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Clientless SSL VPN Users

Secure Actions for Recipients

IBM Security Access Manager for Enterprise Single Sign-On Version User Guide IBM SC

Installing the Cisco AnyConnect YSU VPN Client Windows XP or later

Data Replication in Privileged Credential Vaults

M&T Web InfoPLU$ GETTING STARTED GUIDE

How do I enroll in the password portal?

Locking down a Hitachi ID Suite server

Windows Phone 8.1 in the Enterprise

OHIO BUSINESS GATEWAY USER ACCOUNT UPDATE GUIDE FOR PASSWORD RESET AND ACCOUNT SECURITY FUNCTIONALITY

Resco Mobile CRM Security

Provider Express Obtaining Login Access. Information for Network Providers

AirWatch for Android Devices

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Transcription:

2015 Hitachi ID Systems, Inc. All rights reserved.

Contents 1 Introduction 1 2 Mobile users warned of password expiry 2 3 Reset forgotten, cached password while away from the office 2 4 Unlock encrypted hard disk 3 5 Smart card PIN reset 4 6 Low cost multi-factor authentication using mobile phones 4 i

1 Introduction Many organizations depend on self-service technologies in general and self-service password reset in particular to lower the cost of IT support by moving problem resolution out of the help desk and into the user community. Traditional self-service password reset solutions offer a web-based process where a user who has forgotten or locked out his password can identify himself, authenticate with something other than the lost or locked password for example, by answering a series of security questions and reset or unlock his password. Since users who forgot their primary Windows password cannot launch a web browser, two additional user interfaces are commonly deployed first, a GINA extension DLL (on Windows XP) or a Credential Provider (on Vista or Windows 7) allows users to access self-service from their PC s login screen. Second, an integrated voice response (IVR) system may allow users to reset or unlock their passwords using their telephone. These solutions have worked well for years, but two important market trends are making them inoperable: 1. Many organizations are deploying full disk encryption. This means that users may forget or lock out the password used to activate their PC, before an operating system even boots up. Self-service in this case depends on key recovery, not password reset. 2. Many organizations have an increasingly mobile and telecommuting workforce. Their users sign into their laptops using locally cached passwords. When the help desk resets a remote user s password, the change cannot propagate to the local cache, so the login problem is not resolved. These users have to physically visit an office and attach their PC to the corporate network before their login problem can be resolved. This document explains how Hitachi ID Password Manager addresses these important problems and enables modern organizations who have a mobile and/or remote workforce and who deploy full disk encryption can continue to realize the benefits of self-service password-reset, PIN reset and key recovery. To the best of Hitachi ID Systems knowledge, no other commercially available password management or identity management software is able to address these issues. 2015 Hitachi ID Systems, Inc. All rights reserved. 1

2 Mobile users warned of password expiry Mobile users are not notified by Windows when their passwords are about to expire. Users who infrequently connect their laptop to the office network, instead checking e-mail with a solution such as Outlook Web Access, suffer regular password expiry and require frequent password resets. Password Manager sends users e-mails warning of imminent password expiry. Users change passwords using a web browser. An ActiveX control refreshes the password on their laptop. Fewer login problems that cause a work interruption. Lower IT call volume and support cost. 3 Reset forgotten, cached password while away from the office Laptop users sometimes change their password before leaving the office and may forget the new password when they need to use it while not attached to the corporate network. Without a technical solution, the IT help desk cannot resolve these users problem until they return to the office. User laptops are rendered inoperable until they return to the office. A Password Manager client software component allows users who forgot their primary, cached Windows password and cannot sign into their PC to connect to the Internet over a WiFi hotspot or using an air-card. Users locked out out of their PC login screen can also establish a temporary Internet connection using their home Internet connection or a hotel Ethernet service. Once the user s laptop is on the Internet, Password Manager establishes a temporary VPN connection and launches a kiosk-mode (full screen, locked down) web browser. The user steps through a self-service password reset process and Password Manager uses an ActiveX component to reset the locally cached password to the same new value as was set on the network back at the office. Forgotten passwords are a major work disruption for mobile users, since they cannot be resolved until the user visits the office. Password Manager allows users to re-enable their laptop in minutes. 2015 Hitachi ID Systems, Inc. All rights reserved. 2

4 Unlock encrypted hard disk Organizations deploy full disk encryption (FDE) software to protect against data leakage in the event that a corporate laptop is lost or stolen. Users with FDE on their PCs normally have to type a password to unlock their hard disk, before they can boot up an operating system. This password is normally synchronized with the user s primary Windows password, so that the user only has to remember and type a single password at login. If a user forgets his hard disk encryption unlock password, the user will be unable to start their operating system or use their computer. This is a serious service disruption for the user and can contribute to significant support costs for the IT help desk. Most FDE packages include a key recovery process at the PC boot prompt. This normally involves a challenge/response process between the FDE software, the user, an IT support analyst and a key recovery server. Password Manager can front-end this process using an integrated telephony option, so that users can perform key recovery 24x7, from any location, using their telephone and without talking to a human help desk technician. Key recovery is an essential IT support service for organizations that have deployed FDE. Password Manager lowers the IT support cost of key recovery by moving the process to a self-service model. 2015 Hitachi ID Systems, Inc. All rights reserved. 3

5 Smart card PIN reset Organizations deploy smart cards to strengthen their authentication processes. Users typically sign into their PC by inserting their smart card into a reader and typing a PIN. If users forget their PIN or leave their smart card at home, they cannot sign into their PC. PIN reset is a complex support process since the new PIN has to be physically installed on the user s smart card. This means that IT support may trigger a physical visit to the help desk. Password Manager allows users to access a self-service web portal from anywhere, including from the locked out login screen of their laptop, even away from the office (even using WiFi, as described earlier). Once a user signs into the self-service portal, Password Manager can download an ActiveX component to the user s web browser, to communicate with the smart card and reset the forgotten PIN. Password Manager can also be used to assign a user a temporary login password (often a very long and random one) to be used in the event that a user left his smart card at home. While forgotten PINs are infrequent PINs are not usually set to expire when they do happen, they are extremely disruptive. Assigning temporary passwords is just as important for users who left their smart card at home, which happens quite often. 6 Low cost multi-factor authentication using mobile phones Hitachi ID Password Manager supports low-cost, multi-factor authentication into its own request portal, with user mobile phones acting as a secondary authentication factor (i.e., what you have ). This solution is implemented using two technologies included with Password Manager: 1. Managed user enrollment, used to invite users to enter their mobile telephone number and provider. 2. Authentication chains, used to define how users can sign into Password Manager itself. For example, end users who forgot their password might be asked to answer a series of security questions and then (if this was successful) to key in a randomly generated PIN that was sent to their mobile phone via an e-mail-to-sms gateway. Alternately, help desk staff and administrators might be required to sign into Password Manager using a combination of their Active Directory password and a random PIN, also delivered via SMS. 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com Date: 2011-04-28 File: /pub/wp/documents/ssa/self-service-anywhere-1.tex

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information