Multi-Factor Authentication for your Analytics Implementation Siamak Ziraknejad VP, Product Management 1
Agenda What is Multi-Factor Authentication & Why is it important The Usher Security Badge Badge Authentication Policy Provisioning Users A real world example Setting it up for your Analytics App Raise Security level with a click, Deploy World Wide 2
Multi-Factor Authentication What is it and Why it s important
Multi-Factor Authentication What is multi-factor authentication Multi-factor authentication is a characteristic of an authentication system or a token that uses more than one authentication factor. The three types of authentication factors are something you know, something you have, and something you are. NIST SP 800-63-2 4
Three Factors of Authentication Secret, Possession, Biometrics Something YOU KNOW Something YOU HAVE Something YOU ARE Password, PIN, Secret Questions Tokens, Keys, ID Badges Biometrics: Fingerprint, Voice, Behavior 5
Passwords are a Poor Security Factor Common Knowledge, now in realm of Comedy What is Your Password? - Jimmy Kimmel Live clip Top 5 passwords of 2015: 1. 2. 3. 4. 5. 123456 password 12345 12345678 qwerty SplashData 6
Why Multi-Factor Authentication The more factors, the more secure The strength of authentication systems is largely determined by the number of factors incorporated by the system. Implementations that use two factors are considered to be stronger than those that use only one factor; systems that incorporate all three factors are stronger than systems that only incorporate two of the factors. NIST SP 800-63-2 7
Weaknesses of Relying on Passwords & Tokens Poor Usability, Poor Security, Expensive Passwords: Poor Usability, Poor Security Tokens: Poor Usability, Expensive 46% Routinely+forget+their+passwords $$$ Expensive to Distribute 51% Reuse+passwords Difficult to Use 37% Write+passwords+down 9% Save+them+on+their+computer 25+ Avg.+number+of+personal+passwords+=+17 Avg.+number+of+business+passwords+=+8.5 8
Usher Security Mobile Based Multi-Factor Authentication
Usher Security Securely access any system with your smartphone Physical)badges Passwords Replace with Usher Digital Badge Hardware tokens Keys 10
Logical Authentication Methods Multiple Methods of Logical Access 1 2 3 Scan QR Push Notifications Proximity Usher Analytics 6th Floor Lobby USHER 11
Access Any Enterprise Resource One mobile app, many authentication options Access*Digital*Assets Interactive* 1018 Portals.&.Applications Enter.or.speak. onedtime.passcode Biometrics Tap.a.digital.key. Workstations VPNs Respond.to.push. notification Scan. QR.code Tap.NFC.tag Access*Physical*Assets Proximity4based Doors Bluetooth.reader Beacons Elevators Behavioral Gates Limit.by.location. (geodfencing) Limit.by.time window. (time.fencing) 12
Deployment Steps Deploying MFA for your Analytics Implementation Define Badge Policy Provision Users Enable Usher for your App 13
Configure the Digital Badge Design & Define Authentication Policy
Configure Your Badge Design your Badge Aesthetics and Authentication Policies Define Badge Policy Provision Users Enable Usher for your App Design Authentication Policy 15
Define Your Badge Fully customize the Badge Design 16
Configure Authentication Policy Require Fingerprint 17
Configure Authentication Policy Require App Passcode 18
Configure your Badge s Conditions Geo-fence, Time-fence, Device Conditions of MicroStrategy HQ 19
Configure Device Security Requirements Require Phone Number Enrollment and Verification (Available in 10.3) Body Copy Bullet 1 o Bullet 2 - Bullet 3 20
Provisioning Flexible, Powerful methods for provisioning Users & Devices
Powerful and Flexible Methods for User Provisioning Delivering Badges to your Users Define Badge Policy Provision Users Enable Usher for your App Email Ownership IDM Integration Phone Number Verification SDK 22
Securely Deliver the Usher Digital Badge Connect to your User Repository 23
Email Ownership Push Badges to Users via a Unique Link Email is Delivered Enforce Badge Policy Badge is Available 24
IDM Integration Connect your Badge to an Enterprise Identity Management System 25
Usher SDK Customize your User Provisioning with Usher SDK Usher Security Server Your Organization Backend SDK User Information Badge 26
Case Study Innovative Implementation of Usher
Success Story : Vendor Portal Password-less Access to a MicroStrategy Web Project Customer: Major Grocery Chain Analytics Project: Vendor Portal External facing MicroStrategy Web Project for thousands of Vendors Business Problem: Secure the Vendor Portal with means better than password Concerns that Vendors may be sharing UID/PWD Password Policy maintenance expensive 28
Solution: Usher Digital Badge Vendors were issued Digital Badges Why Usher Was Selected Elegant user-provisioning method Usher prevented un-authorized access by eliminating password-sharing Replaced the need for a captcha 29 Vendor Portal VENDOR BADGE
Usher for your Analytics App Turn On MFA on your Analytics App
Native Integration with MicroStrategy 1. Setup on Usher Instance 31
Native Integration with MicroStrategy 2. MicroStrategy Intelligence Server Setup 32
Mobile Authentication Ready to Use Your Project is Usherized in 2 simple steps 33
Multiple Access Methods Access Using Push or Scan 6th Floor Lobby USHER 34
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm 35
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigmbio-factor Verification Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigmbio-factor Verification Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Device Verification Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Device Verification Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Raise Security with a Click, Deploy Worldwide Upgrade to the modern security paradigm Bio-factor Verification Device Verification Location Restriction Time Restriction 36
Secure Access to Logical Applications Deploy Multi-Factor Authentication for Every Application in your Enterprise 37
Usher Analytics Comprehensive Security Reporting, Native ETL
Identity & Access Schema Campus Device Type Year Month of Year Facility User Device Week Day of Week Month Floor Space Date FACT ACCESS TRANSACTIONS Action Action Type Action Group Address User Application Unit City Group State Sub-domain Division Department Country Domain Network 39
Native ETL + Out of the box Reporting Objects Built-in Identity & Security Objects 93 Attributes 144 Metrics 70 Filters 25 Cubes 60 Reports and Dashboards 40
System Access Report 41
System Access Report 41
It s included in MicroStrategy 10 Enabling MFA for MicroStrategy Apps is available for free
Questions?
Thank you Siamak Ziraknejad sziraknejad@microstrategy.com