etoken Single Sign-On 3.0



Similar documents
etoken TMS (Token Management System) Frequently Asked Questions

Two-Factor Authentication

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Yale Software Library

DriveLock and Windows 7

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

DriveLock and Windows 8

etoken PKI Client Version 4.5 Reference Guide

Strong Authentication for Secure VPN Access

Chapter 1 Scenario 1: Acme Corporation

Two factor strong authentication. Complex solution for two factor strong authentication

SafeNet Authentication Client (Windows)

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

Check Point FDE integration with Digipass Key devices

McAfee Endpoint Encryption (SafeBoot) User Documentation

Enhancing Organizational Security Through the Use of Virtual Smart Cards

HP ProtectTools User Guide

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Remote Access Securing Your Employees Out of the Office

Choosing an SSO Solution Ten Smart Questions

Cybersecurity and Secure Authentication with SAP Single Sign-On

Smart TPM. User's Manual. Rev MD-STPM-1001R

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

etoken Single Sign-On

RSA SecurID Two-factor Authentication

Welcome Guide for MP-1 Token for Microsoft Windows

Kaspersky Lab s Full Disk Encryption Technology

BEST PRACTICES. Encryption.

ManageEngine Desktop Central Training

IBM Security Access Manager for Enterprise Single Sign-On Version User Guide IBM SC

Management of Hardware Passwords in Think PCs.

Authentication Solutions Buyer's Guide

ScoMIS Encryption Service

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Symantec Endpoint Encryption Full Disk

Cloud Attached Storage 5.0

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Lync SHIELD Product Suite

RSA Authentication Manager 7.1 Basic Exercises

DigitalPersona Pro Enterprise

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Innovative Secure Boot System (SBS) with a smartcard.

ALM - Key benefits. t: +31(0) f: +31(0) Oude Oeverstraat JZ Arnhem The Netherlands. ALM Key benefits 01/01/2014 1

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

A Guide to New Features in Propalms OneGate 4.0

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

TFS ApplicationControl White Paper

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SECUREAUTH IDP AND OFFICE 365

Introducing etoken. What is etoken?

Simplifying Security with Datakey Axis Single Sign-On. White Paper

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Multi-factor authentication

SafeGuard Enterprise User help. Product version: 6.1

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Technical White Paper. Two-Factor Authentication The Real Cost of Ownership

Leveraging SAML for Federated Single Sign-on:

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Endpoint Security Client for Mac

CRYPTAS it-security GmbH

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

How Endpoint Encryption Works

Two Factor Authentication and PKI Token (for Windows)

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

nexus Hybrid Access Gateway

SafeGuard Enterprise Web Helpdesk

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

FileCloud Security FAQ

Transcription:

etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to use strong authentication with SSO?...2 4. What is token-based SSO?...2 5. What are the benefits of token-based SSO solutions?...3 6. What is etoken Single Sign-on (SSO)?...3 7. Why should organizations choose etoken SSO?...3 8. Which applications does etoken SSO support?...3 9. Which credential storage options does etoken SSO provide?...3 10. How does etoken SSO work with target applications?...4 11. How does a user work with etoken SSO?...4 12. Does etoken SSO handle application password changes?...4 13. Does etoken SSO require software on the user desktop?...4 14. Does etoken SSO require any back-end software or hardware?...4 15. How can I install etoken SSO?...5 16. Does etoken SSO support strong authentication?...5 17. Which authentication tokens does etoken SSO support?...5 18. How can I manage my etoken SSO solution?...5 19. What do I do if I forget my etoken password?...5 20. What do I do if I lose my etoken device?...6 21. What if someone finds my etoken device with my personal credentials?...6 22. What other security solutions does etoken support?...6 www.aladdin.com/etoken

etoken Single Sign-On 3.0 Frequently Asked Questions 1. Why aren t passwords good enough? Passwords are not secure Passwords cannot provide sufficient security - Password cracking tools are widely available on the Internet Enforcement of password policies requiring long or complex passwords causes password overload. Users compromise their passwords by using common words or by writing them down in an insecure location Passwords are costly A typical organization needs to maintain at least 10 different passwords for different systems for each user, leading to loss of productivity of both users and the help desk in maintaining these passwords Studies have shown that a major portion of help desk calls are related to forgotten passwords, assigning a cost of approximately $25-$50 to each password reset 2. What are the benefits of single sign-on (SSO) solutions? Single sign-on solutions resolve password issues by storing users logon credentials for multiple applications, and automatically providing users with access to all their applications after they authenticate once to the SSO system. Following are the key benefits of SSO: Enhances security - Users can easily manage complex, unique passwords for their applications without engaging in risky practices, such as writing down their passwords Enhances user productivity Eliminates the need to remember and handle multiple passwords, and the hassle of forgotten passwords Provides major cost savings Significantly reduces password-related help desk calls 3. Why is it important to use strong authentication with SSO? The fact that SSO allows you to authenticate once and access multiple applications makes it especially critical that this initial authentication be secure. Relying on password authentication to your SSO solution exposes you to a much higher risk than that of having individual application passwords compromised, for whoever gets hold of this one password gets the key to the kingdom. Implementing strong authentication by requiring at least two factors (e.g. something you know a password, and something you have a token) to log on to the SSO solution significantly reduces the risk of unauthorized access to all your valuable business applications and data. 4. What is token-based SSO? Token-based SSO solutions use an authentication token, such as a physical smart card token or a virtual (software based) token, to store user logon credentials. These solutions include client software that recognizes target application logon screens when opened, and submits the user s credentials to the relevant applications.

5. What are the benefits of token-based SSO solutions? Token-based SSO solutions provide the following added benefits: Secure credential storage - User credentials are stored securely on a token Inherently integrated with strong authentication - Users need to have both their token and token password in order to use the SSO solution Portable - Users can carry their credentials with them on a portable token Offline operation - Users can enjoy the SSO functionality even without connectivity to the organization s network Easy to implement - Requiring no back-end integration with target applications, token-based SSO solutions are easy to deploy and maintain 6. What is etoken Single Sign-on (SSO)? etoken SSO is a comprehensive, secure, and easy-to-deploy token-based solution for using and managing user passwords in an organization. With etoken SSO, users can securely store their network and application logon credentials on their tokens and automatically gain access to those applications after authenticating once. Administrators can use etoken SSO to provision and manage passwords and password usage within the organization. 7. Why should organizations choose etoken SSO? Secure, portable credential storage - All the user passwords and credentials can be securely stored on-board the smart-card-based token, offering enhanced security, full portability, and smooth operation in offline mode Full management support - etoken SSO is fully supported with etoken TMS (see below), providing automatic backup and restore of credentials and etoken s unique solution for employees on the road who lost their tokens allowing users to always stay productive Easy to implement - Because the solution is token-based and does not require back-end integration, it is easy and fast to deploy Expandable solution - Customers implementing etoken SSO can easily and cost-effectively expand their authentication solution to include secure certificate-based VPN access, disk encryption and pre-boot authentication, digital signatures, and more, with the etoken product family and Aladdin etoken s over 150 solution partners 8. Which applications does etoken SSO support? etoken SSO works with: Network logon Desktop applications Web applications and accounts 9. Which credential storage options does etoken SSO provide? Smart card tokens - Organizations can deploy etoken SSO with any mix of etoken smart-card-based authentication tokens (see below). This approach provides maximum security and portability. Virtual token (software only solution) - For organizations that prefer to deploy etoken SSO as a software only solution, it is possible to use etoken Virtual, a secure software based token protected with AES 128-bit encryption, for credential storage on the PC. It is also possible to start with the software only solution and add etoken hardware devices at a later stage.

10. How does etoken SSO work with target applications? Through the use of templates. A template contains a set of rules and parameters relating to a target application. For etoken SSO to support a specific application, an SSO template for that application has to be stored on the user s computer. Administrators can localize and customize a particular template, including the languages and messages presented to the user through a web GUI. For the creation and maintenance of SSO templates, etoken provides a flexible and easy-to-use Template Manager utility for administrators. etoken SSO does not require any back-end integration with applications. 11. How does a user work with etoken SSO? First-time usage with an application: 1. Following the appropriate setup, a user simply launches her application as usual, with the etoken device plugged into the USB port (if etoken SSO is implemented as a software-only solution, the user needs to use a machine where her etoken Virtual is stored). 2. The etoken SSO client identifies this application and prompts the user to enter her application logon credentials (username, password, etc.) only for that one time. An etoken SSO profile is created for the specific application, stored on the token, and is ready to be used automatically the next time the user logs on to that application. Ongoing usage: 1. A user simply launches her application as usual, with her etoken device plugged into the USB port, or her etoken Virtual stored on the machine. 2. The etoken SSO client identifies this application and prompts the user to enter her etoken password. (Note: etoken SSO can be configured to have users prompted for the etoken password once, at each application logon, or on defined time intervals depending on the organization s security needs.) 3. The etoken SSO client pulls the relevant user credentials from the token, automatically fills them into the logon screen and automatically submits them (Note: automatic fill-in and automatic submit are optional and configurable features of etoken SSO.) 12. Does etoken SSO handle application password changes? Yes. Whenever an application prompts for a password change, etoken SSO can either generate a random password that conforms to the password policy that was created for the application, or allow the user to enter a new password herself. This is determined per application, so administrators can have full flexibility in deciding how passwords are handled within the organization. 13. Does etoken SSO require software on the user desktop? Yes. The etoken SSO Client needs to be installed. 14. Does etoken SSO require any back-end software or hardware? No. etoken SSO is a client based solution and does not require back-end resources. Optionally, etoken TMS can be installed in the organization s back-end infrastructure to take advantage of TMS token life-cycle management capabilities and management level support for the SSO solution.

15. How can I install etoken SSO? You can use several techniques to install etoken SSO on your users desktops. Microsoft GPO - Using the Microsoft Active Directory GPO you can automatically install and update any software on user desktops. Other software distribution solutions - Using other software distribution solutions such as SMS, you can automatically install and update any software on user desktops. Sending an email link - Administrators can send an email link to a network installation and ask the users to run the installation from there. Manual - Administrators can manually install software on user desktops. 16. Does etoken SSO support strong authentication? Yes. etoken SSO is inherently integrated with strong two-factor authentication. As user credentials are stored on-board the token, in order to use the SSO solution for access to applications the user needs to provide the token (something one has), and the token password (something one knows). 17. Which authentication tokens does etoken SSO support? etoken SSO works with all etoken smart card based devices, including: etoken PRO - Aladdin s world leading USB smartcard token etoken NG-OTP - Advanced hybrid USB and OTP token etoken NG-FLASH - 2-in-1 security and data storage token etoken PRO Smartcard - Aladdin s world leading token in card form 18. How can I manage my etoken SSO solution? etoken SSO is completely integrated with etoken Token Management System (TMS), providing full token life-cycle management, as well as automatic backup and restore of user credentials, integration with Identity Management systems, and a solution for employees who lose or forget their tokens while on the road (including those who require their token for network logon). 19. What do I do if I forget my etoken password? In the case of a forgotten password, etoken TMS enables users to reset the etoken password using the TMS self service web sites. The process is simple and intuitive, involves no help-desk calls, and minimizes password related costs. For organizations preferring the help desk approach, TMS also allows administrators to easily reset user token passwords using the TMS web-based administration tool. For organizations that do not deploy etoken TMS, it is possible for an administrator to reset a user s etoken password, if the token was initialized with an administrator password.

20. What do I do if I lose my etoken device? No worries! You can fully restore your etoken SSO credentials. etoken provides two forms of back-up: Enterprise backup and restore capabilities - With TMS, every user s credentials are automatically and securely backed-up on the network. If your token has been lost or damaged, your personal credentials can be restored to your new etoken device automatically through the new etoken enrollment process. User local backup and restore - Users can create a local backup file of all their credentials using the etoken SSO Client. The file is encrypted and password-protected. When needed, these credentials can be restored by inserting an etoken device and entering the password. 26/11/2007 Aladdin Knowledge Systems, Ltd. All rights reserved. Aladdin is a registered trademark and etoken is a trademark of Aladdin Knowledge Systems, Ltd. All other names are trademarks or registered trademarks of their respective owners. 21. What if someone finds my etoken device with my personal credentials? etoken is a highly secured smartcard-based device. To make sure that whoever finds the device will find it practically useless, etoken employs the following mechanisms: Strong etoken password - Information stored on-board the token is protected with a unique and strong password. You can define etoken password policy settings to ensure that your users choose strong etoken passwords. etoken lock mechanism - etoken has a lock mechanism that locks the token after a few failed attempts to access it (typing a wrong etoken password). This feature eliminates any chance of breaking the etoken passwords, including brute force attacks. Secured smart card - etoken is a highly secured smart card device. User credentials are maintained within the secured smart card, protected from reverse engineering or other hacking attempts. 22. What other security solutions does etoken support? In addition to SSO, etoken supports a wide range of enterprise security applications, including: Smart card logon Secure web access File/folder/disk encryption and pre-boot authentication Email/document encryption and signing Digital signatures Secure physical access For more information regarding Aladdin etoken, please refer to: www.aladdin.com/etoken For more contact information, visit: www.aladdin.com/contact North America: +1-800-562-2543, +1-847-818-3800 UK: +44-1753-622-266 Germany: +49-89-89-4221-0 France: +33-1-41-37-70-30 Benelux: +31-30-688-0800 Spain: +34-91-375-99-00 Italy: +39-333-9356711 Israel: +972-3-978-1111 China: +86-21-63847800 India: +919-82-1217402 Japan: +81-426-607-191 All other inquiries: +972-3-978-1111

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information