Frequently asked questions
For more information, visit Usher.com info@ Toll Free (US ONLY): 888.656.4464 Direct Dial: 703.848.8710
1 What is Usher? Usher is a mobile identity platform designed to provide security for every business process and system access across an enterprise. It replaces traditional forms of enterprise identity such as IDs, passwords, and tokens, with mobile identity badges on a smartphone. Usher is based on four big ideas: Dematerializing traditional forms of identity into a mobile identity badge, stored on a smartphone Linking a mobile identity badge to its owner, ensuring that only the rightful owner can use it Extending the mobile identity to every business process and application, enabling users to use their mobile identity badge to perform the same functions they previously would using physical forms of identity Deploying mobile identity to thousands of users within your organization Why does MicroStrategy have Usher? Usher is founded on two disruptive technologies mobile software and cloud deployment. MicroStrategy was a visionary in bringing these technologies to the BI market through its industry leading Analytics Platform, and following the company s success, CEO Michael Saylor identified opportunities to extend these capabilities to new markets. Cybersecurity represents possibly the most important mission critical concern facing every enterprise, institution, or organization on the planet, and Usher provides a mobile identity solution. Usher is designed not only to deliver both security and convenience to end users, but it also leverages the MicroStrategy Analytics Platform to deliver unique and powerful intelligence insights regarding all identity activities. Q: What does Usher offer? Usher features a cloud or on-premises self-service web portal, enabling an administrator to create and manage thousands of badges in a matter of minutes. With Usher, end users can: Confirm identity in person Log onto applications Open entryways Validate identity over the phone Unlock workstations Once distributed and configured, Usher badges can be used for password-less authentication to SAML-based cloud and web apps, Windows and Mac workstations, and physical access systems. Usher badges also permit peer-to-peer identity verification, and deliver powerful identity analytics and ongoing network management support for a comprehensive offering.
2 What specific versions/configurations of target applications and systems are supported with Usher? Usher includes the following: Directory Gateways: Active Directory OpenLDAP Logical Gateways: Configure Usher with cloud, web, and mobile applications; workstations, and single sign-on (SSO) systems to eliminate passwords. SAML Configuration/Web SSO Salesforce.com Google Apps Microsoft Sharepoint Requires an Active Directory Federation Services server, with an SSL-certificate signed by a third party Exchange/OWA Requires an Active Directory Federation Services server, with an SSL-certificate signed by a third party. Wordpress Mobile web SSO Mobile app SSO Mac unlock with Bluetooth OS X 10.9.4 Bluetooth Low Energy 4.0 Requires previously established Active Directory Gateway Login for Windows 7, 8, 2008 Requires previously established Active Directory Gateway Physical Gateways: Configure Physical Access Control Systems (PACS) to eliminate physical keys and cards Lenel OnGuard v6.6.287 Paxton Server v4.28 or later These require an adapter that is a Windows-based web service that communicates with the PACS server using DataConduit Lenel and Paxton adapter requirements: Windows Server 2008 R2 operating system (64-bit) or later Microsoft Internet Information Services version 7.0 or later Microsoft.NET Framework version 4.0 (64-bit) or later MySQL 5.5 database, with 64-bit DSN system pointing to it, to log adapter activity and errors
3 S2 Netbox v4.4 Adapter requirements: Red Hat Linux (64-bit) operating system Apache Tomcat web server version 7.012 or later Netbox server installed and enabled for remote connection MySQL 5.5 database, with 64-bit DSN system pointing to it, to log adapter activity and errors Honeywell EBI vr430.1 What is the pricing for Usher? Usher generally follows a monthly per-user subscription license fee model. A standard, baseline charge applies, and additional charges depend on the breadth of features included in your deployment. For a detailed discussion of pricing specific to your environment, please contact sales@. What devices and mobile platforms does Usher support? Currently, Usher is supported for devices running ios 7 and above, and Android 4 and above. Bluetooth peer discovery, as well as access to buildings and Mac workstations is enabled for iphone version 4s, 5, 5s, 6, 6 Plus, and ipod 5. Android supports Bluetooth peer discovery only. How is Usher deployed? Usher is hosted in a cloud environment. Self-service deployments utilize this SOC 2 Type II compliant cloud environment to host the entire Usher architecture. For customers with a private cloud mandate, the entire Usher Platform can be installed behind the firewall for a full on-premises deployment. Contact sales@ for additional details. What happens if the phone is lost or stolen? In the mobile identity context, losing the phone is often associated with losing your wallet or keys. The traditional measure no longer apply, such as canceling cards, changing locks, losing productivity during visits to credentialing authorities, etc. In the case of Usher these credentials and keys are software based, and a single administrative action can revoke all Usher privileges for a specific user/phone instantly. This logs the user our of the phone and will not permit further login for the user on that device without explicit permission. Meanwhile, on a replacement smartphone, the user simply installs Usher from the app store and authenticates to instantly restore all of their badges and credentials.
4 How does Usher work without Internet access? Usher currently offers a number of offline capabilities. For physical access, you can have a Bluetooth reader (either the UBeacon or ipad reader) at the door, which is connected to the network (hard-wired or Wi-Fi), and a disconnected Usher mobile client can unlock the door For logical access, a disconnected Usher mobile client can unlock a Mac workstation Peer-to-peer validation works when the validated user is offline, but the validator must be online How is Usher secure? Usher uses the most robust industry standards to incorporate the best practices in system security. The Usher server architecture is built on Public Key Infrastructure (PKI) to ensure that only authorized Usher users communicate with the Usher server, and only from authorized Usher client devices. The Usher server identifies a valid user by their client s unique X.509 certificate, which the Usher server generates and assigns when the user initially launches the Usher app. This public-private key cryptography workflow ensures that requests to the Usher server only come from legitimate Usherenabled devices. Furthermore, the Usher server provides an out-of-band (OOB) communication channel that uses 256-bit SSL protocol to prevent interception of sensitive data over public networks. User authentication occurs through this OOB channel, involving multiple factors (explained below) and employing TLS encryption for all traffic over the channel that does not allow phishing or interception of user credentials. AES-128 GCM encryption protects basic user data such as username and email. What security/data PII does Usher manage? Where does this data reside? Usher manages only basic user information including first name, last name, email address, company name and job titles. These fields are stored in the server and the mobile devices, and protected by AES- 128 GCM encryption. What factors of authentication does Usher offer? Usher is a true multi-factor authentication solution, leveraging the following security factors: Knowledge factor, or something you know passcode-protected app and/or device Inherence factor, or something you are integration with Touch ID Possession factor, or something you have the phone itself, with its unique cryptographic certificate used to communicate with the Usher server Does Usher slow down my phone? No, Usher is a light app that will not slow down your phone.
5 Does Usher drain my phone battery? Usher uses Bluetooth Low Energy (BLE) to communicate with other devices in order to achieve logical access, physical access, as well as peer-to-peer user discovery. BLE is designed to transmit small amounts of data over a low energy link, thus requiring low power. The amount of additional power required to support the Usher BLE communications is negligible. Does Usher take a lot of space/memory on my phone? Usher occupies very little space itself. Space occupation may increase if you enable pre-caching functionalities. Usher won t take a lot of memory either; memory usage of Usher is at the same level of popular apps, such as Facebook, WhatsApp, LinkedIn, etc. How does the registration/enrollment process work? Registration and enrollment work as follows: The network administrator adds a user to Usher via the user s email address Usher sends an email to the user with a unique badge link The user clicks the link on their mobile device, which opens the Usher app If this is the first time the Usher app is launched, the server assigns it an access token, the app generates a key pair and a certificate signing request (CSR) and sends the CSR to the server. The server returns an X.509 client certificate based on the CSR to the app, and associates this access token and certificate with the current user. From that point on, the app uses the X.509 certificate and access token in every request to the server Usher server returns the badge information to the Usher app, which displays it to the user What reports and analytics can Usher provide? Usher Intelligence is built on the MicroStrategy Analytics Platform backend, PRIME, and frontend Analytics Platform, empowering Usher administrators with a view into the health of their Usher network population and trending over time, allowing for in-depth resource and member analysis, and transaction record auditing. How do I get support for Usher? To reach Usher s 24/7-support hotline, please contact one of the numbers below: 1-844-777-6580 (US only) 1-703-637-6075
1850 Towers Crescent Plaza Tysons Corner, VA 22182 Copyright 2014. All Rights Reserved. COLL-1307 1114