Centralized Self-service Password Reset: From the Web and Windows Desktop



Similar documents
Server-based Password Synchronization: Managing Multiple Passwords

Contextual Authentication: A Multi-factor Approach

Leveraging SAML for Federated Single Sign-on:

Two-factor Authentication: A Tokenless Approach

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Leverage Active Directory with Kerberos to Eliminate HTTP Password

SELF SERVICE RESET PASSWORD MANAGEMENT ADMINISTRATOR'S GUIDE

AD Self-Service Suite for Active Directory

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

NETWRIX IDENTITY MANAGEMENT SUITE

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Symantec Endpoint Encryption Full Disk

Netwrix Auditor for Exchange

NetWrix USB Blocker. Version 3.6 Administrator Guide

In this topic we will cover the security functionality provided with SAP Business One.

AD Self-Service Suite for Active Directory and ADAM

SELF SERVICE RESET PASSWORD MANAGEMENT IMPLEMENTATION GUIDE

NetWrix Password Manager. Quick Start Guide

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Using Entrust certificates with VPN

Employee Active Directory Self-Service Quick Setup Guide

NetWrix Logon Reporter V 2.0

and the software then detects and automates all password-related events for the employee, including:

Chapter 1 Scenario 1: Acme Corporation

This Deployment Guide is intended for administrators in charge of planning, implementing and

Team Foundation Server 2013 Installation Guide

NetIQ Advanced Authentication Framework - Smartphone Applications

ManageEngine ADSelfService Plus. Evaluator s Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

When enterprise mobility strategies are discussed, security is usually one of the first topics

Windows Symantec Encryption Desktop (PGP) Install Guide. Symantec Encryption Desktop (PGP) Windows system requirements

FileCloud Security FAQ

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

PC-Duo Web Console Installation Guide

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

DriveLock and Windows 8

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

2X SecureRemoteDesktop. Version 1.1

Advanced Configuration Steps

Active Directory Self-Service FAQ

Kaseya IT Automation Framework

Introduction to Google Apps for Business Integration

(Installation through ADSelfService Plus web portal and Manual Installation)

2X ApplicationServer & LoadBalancer Manual

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Overview. Timeline Cloud Features and Technology

DriveLock and Windows 7

Mod 2: User Management

Netwrix Auditor for SQL Server

NSi Mobile Installation Guide. Version 6.2

NetWrix USB Blocker Version 3.6 Quick Start Guide

System Administration Training Guide. S100 Installation and Site Management

DIRECTORY PASSWORD V1.0 Quick Start Guide

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

IBM Aspera Add-in for Microsoft Outlook 1.3.2

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Desktop and Professional Editions

Self Service Portal and 2FA User Guide

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

2X ApplicationServer & LoadBalancer Manual

Using Microsoft Active Directory in the Domino World

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

Owner of the content within this article is Written by Marc Grote

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

IBM Security Access Manager for Enterprise Single Sign-On

Password Manager Windows Desktop Client

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

STRONGER AUTHENTICATION for CA SiteMinder

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Managing policies. Chapter 7

Single Sign-on :30:46 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Allianz Global Investors Remote Access Guide

Welcome Guide for MP-1 Token for Microsoft Windows

Windows Intune Walkthrough: Windows Phone 8 Management

Installation Guide for Pulse on Windows Server 2012

Lenovo Secure Cloud Access Access your files, applications and reports from any device.

IBM Tivoli Access Manager for Enterprise Single Sign-On

WhatsUp Log Management Installation and Migration Guide, including Getting Started Information. (Applies to v and later)

DIRECTORY PASSWORD V1.2 Quick Start Guide

Cloud Services MDM. ios User Guide

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

How to Use Remote Access Using Internet Explorer

How To Set Up Dataprotect

Installation and Administration Guide

The Role of Password Management in Achieving Compliance

Remote Access Password Tips

Sophos Mobile Control User guide for Android

What We Do: Simplify Enterprise Mobility

The 10 step communication plan

Single Sign-On Portal User Reference (Okta Cloud SSO)

PROPALMS TSE 6.0 March 2008

Privileged Access Management 15.3 Available Features

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

ADSelfService Plus: 3rd party Winlogon Client Software Support

Transcription:

Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.

PortalGuard Centralized Self-service Password Reset: From the Web and Windows Desktop Table of Contents Summary... 2 The Basics... 2 PortalGuard Centralized Self-service Password Reset... 2 Features... 3 Benefits... 4 How it Works... 4 Enrollment... 4 Self-service Password Reset... 7 Configuration... 9 Deployment... 10 IIS Install... 11 System Requirements... 11 Supporting Videos... 12 Platform Layers... 12 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1

Summary For companies of all sizes, the task of supporting users can prove to be taxing on the IT staff, especially the Help Desk and Administrators. Most studies show the cost of password resets can range from $25 to $75 per incident and make up around 30 percent or more of Help Desk calls. This provides ample reason and demand for password reset and recovery tools which empower the user. By allowing users to self-service their own account and password management needs, organizations can effectively offer 24/7 access and maintain productivity. Shopping for a tool such as this can be challenging, so the first step is to understand your requirements by documenting your user access scenarios. For example, how will roaming users change their password remotely or how will a forgotten password be recovered on a laptop with an encrypted hard drive. Along with these requirements determining your budget and current Help Desk costs without a solution in place will allow you to forecast your ROI and further narrow down the vendor selection. Another point to consider is the evolution of self-service password reset and whether the vendors you are evaluating are keeping pace. Many tools you ll find are not compliant with most companies current security standards. The problem of forgotten passwords has been around since passwords were first used, but expanding access scenarios and advanced attacks are requiring more advanced solutions. For example, entry point solutions are now expected to go beyond simple password resets to accept multiple scenarios which may include disconnected users, auditing and leveraging devices such as mobile phones. Of course, true success of a self-service password management solution will be measured by the users satisfaction and an overall reduction in the frequency of their calls to the Help Desk for support. The Basics Self-service password reset is the process a user initiates to prove their identity with the end goal of resetting their password. Self-service password recovery is similar, but the end goal is obtaining the current password value without changing it. The user can be authenticated using various methods. Most tools use challenge question and answer as an acceptable means of authenticating the user. However, associated security threats including easily guessed answers or information readily available on their Facebook page raise valid concerns. A secure solution puts additional precautions in place. For example, not allowing the same answer for each question, requiring a minimum answer length, and requiring a larger subset of questions (e.g. 3 out of 6) to be answered. For increased security, two-factor authentication can be added to the password reset and/ or recovery to ensure only an authorized user is setting the password. PortalGuard Centralized Self-service Password Reset PortalGuard s self-service password reset is flexible and offers a complete solution which has evolved with industry demands. By providing the exact same interface for both Windows Desktop and Web-based self-service, the user s learning curve is minimized and overall user adoption is increased. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2

The available self-service actions that PortalGuard offers are password reset, password recovery, and account unlock. These actions can also be performed from mobile devices such as ipads and smartphones. PortalGuard integrates seamlessly with Microsoft Active Directory, Novell edirectory, any LDAP-compliant directories and custom SQL user repositories. PortalGuard also supports users who are offline or disconnected from the network, allowing them to perform a password recovery. In this case, the password is divided into mathematically-represented shares with each share being AES-256 encrypted by a separate challenge answer. All shares are then bulk encrypted with AES-256 using a separate key and stored locally on the user s machine. When the user attempts to recover their password, they will be asked to prove their identity by correctly answering a certain number of challenge questions. Once decrypted, the user is shown the password in clear text allowing them to continue working. For security purposes, if a disconnected user strikes out while attempting to authenticate, the encrypted recovery information is deleted from the local machine, so the user will be forced to reconnect to the network to perform the recovery. To authenticate the user during an online self-service action, PortalGuard leverages challenge questions and answers and/or two-factor authentication via a one-time password sent to a mobile phone or email address. Challenge answers are cryptographically hashed and stored on a central server to support roaming users and prevent the need to re-enroll on multiple machines. By providing auditing and reporting around user access, an Admin App for the mobile phone, and user verbal authentication through a Help Desk console, PortalGuard is a comprehensive self-service password reset solution. Features General: Provides password reset, recovery and account unlock Disconnected user support - including lock-out threshold for increased security Forced user enrollment (optional) Integrates with Active Directory, Novell edirectory, any LDAP-compliant directories and custom SQL user repositories Encrypted hard drive support - perform a password recovery thru PortalGuard on an alternate or mobile device (e.g. Symantec Endpoint Encryption) Supports multiple authentication methods - challenge questions and answers and twofactor authentication delivered via SMS or Email Email notifications of password resets to both the user and/or admin Lock-out thresholds for incorrect responses to authentication attempts Includes support for mobile browsers Challenge Questions & Answers: Centralized - challenge information stored on server Configurable number of mandatory/optional questions Allows import/pre-population of challenge answers Prevent repeat answers for multiple challenge questions Prevent answers from containing words from the question text Answers can be case sensitive Configurable minimum length for challenge answers Administrative: 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3

Help Desk Console - provide interface for Help Desk staff to easily perform account actions Verbal Authentication - allows Help Desk staff to authenticate a user calling in Administrator Dashboard - logging and reporting of user access activity Windows Desktop Support (shown below): Supports Windows versions XP, Vista, Windows 7, Microsoft Terminal Services and Remote Desktop Services Self-service directly from Ctrl+Alt+Del/Windows Logon screen - removes need to go to an alternate machine/kiosk or login with a guest account, maintained on each machine Windows 7 Desktop Support Windows XP Desktop Support Benefits Increased Usability - users are now empowered to self-service their own needs and maintain productivity Increased Security - provides two-factor authentication Centralized Solution - same user interface for both the web and Windows desktop No Kiosks - perform all self-service actions directly from the user s machine Reduced Costs - alleviate password-related Help Desk calls and demands on IT staff Configurable - to the user, group or application levels Seamless Integration - use sidecar mode to retrofit existing application login screens with the PortalGuard functionality, maintaining the current look and feel you have today How It Works The following steps show the enrollment and process of resetting a password using Portal- Guard s self-service functionality. The screenshots provided are showing the process being completed from a web browser. A user can also complete the process from the Windows desktop using the same steps and identical interface. Enrollment Once self-service password reset is made available, the user will be prompted to enroll their challenge questions and answers. PortalGuard provides flexibility around this process by allowing you to configure whether the enrollment will be forced or able to be postponed x number of times by the user. This increases the usability for users, giving them options around a process some may find obstructive. NOTE: If other authentication methods are enforced, such as two-factor authentication, then those enrollment actions will also be displayed, as configured by the admin. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4

Enrollment Process NOTE: The screenshots below illustrate the use of PortalGuard s sidecar functionality. It allows rapid integration of PortalGuard s self-service features into existing websites or user processes. Step 1: The user attempts to login to a company s existing portal as usual. Step 2: In this case, the user has not yet enrolled their challenge information so Portal- Guard automatically displays the enrollment screen in sidecar mode. This dialog shows that the administrator has configured the PortalGuard policy to allow the option of skipping enrollment temporarily. Doing so will close the PortalGuard dialog and continue the original login process. The user can enroll now by clicking Continue. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5

Step 3: The user is prompted to provide answers to the challenge questions. The number of both mandatory and optional questions the user is required to answer is configurable. PortalGuard also increases security by helping the user perform best practices when supplying answers, such as not repeating answers or avoiding using words which are included in the question text. Throughout the enrollment process the user is provided with helpful warning notices, such as the number of answers remaining, to ease the frustrations some may feel during this process. Step 4: The process is complete and the user is now enrolled. Clicking the link shown will close the PortalGuard dialog and continue the original login process. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6

Self-service Password Reset Process Step 1: The user attempts to login to a company s existing portal but has forgotten their password. The user then clicks the Forgot your password? link. Step 2: The user selects from Recovery Actions Available which self-service action they would like to perform. The user selects the Reset Forgotten Password radio button and clicks Continue. NOTE: The dialog shows the most common actions, an account unlock and password reset, but password recovery is also available. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7

Step 3: The user is then prompted to provide their enrolled answers to the enrolled challenge questions. PortalGuard provides users with helpful warning messages throughout this process. Once the user has supplied the required number of answers they click Continue. Step 4: The user s identity has been verified and they are able to set a new password. Added usability and security features such as the Show Password checkbox and virtual keyboard can be easily enabled or disabled. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8

Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Main Self-service options available to users Authentication types available for each self-service action Authentication Types Challenge Questions and Answers Enrollment - optional, required, disabled Recovery lockout limit Answer complexity including minimum length, case sensitivity, prevent answer repetition and prevent question words as answers Number of optional questions Number of mandatory questions 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9

Mobile Phone Enrollment - optional, required, disabled Phone number format Delivery format Email Enrollment - optional, required, disabled Domain blacklist Email display Email format including From, Subject and Body fields Notifications Type of self-service including account unlock, password reset and recovery Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required for performing selfservice from the Windows logon screen. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10

IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/web-based applications, only. PortalGuard can be installed directly on the following web servers: IBM WebSphere/WebSphere Portal v5.1 or higher Microsoft IIS 6.0 or higher Microsoft Windows SharePoint Services 3.0 or higher Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:.net 2.0 framework or later must be installed (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms: Microsoft Windows Server 2000 Microsoft Windows Server 2003 (32 or 64-bit) Microsoft Windows Server 2008 (32 or 64-bit) Microsoft Windows Server 2008 R2 NOTE: When run in "Sidecar" mode, PortalGuard can provide its functionality on any web server that uses a HTML login page. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 11

Supporting Videos Please view the following videos to watch a demo of PortalGuard s self-service offerings: Self-service Password Reset, Recovery & Account Unlock (Browser-based) Self-service Password Reset, Recovery & Account Unlock (Windows 7 Desktop) Disconnected Password Recovery Help Desk Console Platform Layers Beyond self-service password reset, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals: Contextual Authentication Tokenless Two-factor Authentication Real-time Reports / Alerts Knowledge-based Password Management Single Sign-on 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 12 ###

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information