Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Similar documents
The Essentials of Enterprise Password Management. FastPass Password Manager V 3.4 Enterprise & Service Provider Editions

Self-Service, Anywhere

Employee Active Directory Self-Service Quick Setup Guide

ManageEngine ADSelfService Plus. Evaluator s Guide

WEB HELP DESK GETTING STARTED GUIDE

Kaseya IT Automation Framework

Centralized Self-service Password Reset: From the Web and Windows Desktop

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

RSA SecurID Two-factor Authentication

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Password Reset PRO INSTALLATION GUIDE

BUILT FOR YOU. Contents. Cloudmore Exchange

NETWRIX IDENTITY MANAGEMENT SUITE

NETWRIX EVENT LOG MANAGER

NETWRIX PASSWORD MANAGER

Password Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

RSA Authentication Manager 7.1 Basic Exercises

AD Self-Service Suite for Active Directory

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

SysPatrol - Server Security Monitor

Bell Mobile Device Management (MDM)

AVG Business SSO Connecting to Active Directory

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Copyright 2013, 3CX Ltd.

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Sophos Mobile Control Technical guide

Introduction to the EIS Guide

SELF SERVICE RESET PASSWORD MANAGEMENT ADMINISTRATOR'S GUIDE

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Security Overview Enterprise-Class Secure Mobile File Sharing

Check Point FDE integration with Digipass Key devices

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Synchronization Agent Configuration Guide

Hosted Microsoft Exchange Client Setup & Guide Book

Getting the Most From. Your Help Desk

Active Directory Self-Service FAQ

LifeSize Control Installation Guide

STRONGER AUTHENTICATION for CA SiteMinder

Feature and Technical

Managing users. Account sources. Chapter 1

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Active Directory Manager Pro Quick start Guide

Administrators Help Manual

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Mobile Device Management Version 8. Last updated:

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

NetWrix USB Blocker. Version 3.6 Administrator Guide

ADDING STRONGER AUTHENTICATION for VPN Access Control

SecureVault Online Backup Service FAQ

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

ManageEngine SupportCenter Plus 7.7 Edition Comparison

How To Set Up A Sartorius Mailbox In Outlook On A Non-Standard Pc On A Windows Xp Oracle 365 On A Pc Oracle365 On A Sertorius Mailbox On A Microsoft Office365 On Pc Orca 2 On A

Contents First Time Setup... 2 Setting up the Legal Vault Client (KiteDrive)... 3 Setting up the KiteDrive Outlook Plugin Using the Legal Vault

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

Cloud Services ADM. Agent Deployment Guide

SecurEnvoy Security Server. SecurMail Solutions Guide

Mobile Iron User Guide

etoken TMS (Token Management System) Frequently Asked Questions

HP Intelligent Management Center Standard Software Platform

Installation and Setup Guide

Password Manager Windows Desktop Client

NetWrix Password Manager. Quick Start Guide

Kaspersky Lab Mobile Device Management Deployment Guide

Understanding and Configuring Password Manager for Maximum Benefits

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Preparing for GO!Enterprise MDM On-Demand Service

Chapter 1 Scenario 1: Acme Corporation

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

This Deployment Guide is intended for administrators in charge of planning, implementing and

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

HP Intelligent Management Center Standard Software Platform

Network device management solution

Configuration Guide. BES12 Cloud

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

Management of Hardware Passwords in Think PCs.

Extending Identity and Access Management

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE


Hosted Microsoft Exchange Client Setup & Guide Book

BillQuick Agent 2010 Getting Started Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

ADSelfService Plus Client Software Installation Guide

Aurora Hosted Services Hosted AD, Identity Management & ADFS

GRAVITYZONE HERE. Deployment Guide VLE Environment

Release Notes Self Service Reset Password Management

DriveLock and Windows 7

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

SysAidTM Product Description

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

BlackBerry Internet Service Using the Browser on Your BlackBerry Smartphone Version: 2.8

Total Defense Endpoint Premium r12

Transcription:

Password Management Buyer s Guide FastPass Password Manager V 3.3 Enterprise & Service Provider Editions FastPassCorp 2010 FPC0 FastPassCorp 2010. Page 1

Requirements for Password Management including FastPass functions and offerings. This document has been produced by FastPassCorp to assist IT-organizations considering implementation of a Password Management Solution. The consideration and decision regarding implementation of Password Management will normally be driven by the business case. In the business case the benefits will normally be derived from: Service Desk costs are reduced End-user service is improved Security is enhanced Processes are standardised and automated The costs of the Password Management process will depend on: Implementation time of the solution Purchase or subscription cost of the Software Necessary add-on hardware and software Ongoing operational cost to support the solution It is important that the requirements of the Password Management System are fully understood before implementation. To produce these requirements employees from the following groups should be involved: End-users Service Desk IT Security ITIL skilled personnel System Architects Network administrators Finance FastPassCorp and our partners can assist you in formulating the requirements and building the business case for Password Management with FastPass. Many Password Management solutions will at first look do the job. Only when you take the time to take a deeper look into your actual needs you will find that a lot of features often are overlooked in the first instance, but turns out to be very important once you start deployment and looking into the return on investment from your investment. FastPassCorp 2010. Page 2

The Following high-level requirements are important, and some crucial, for a successful Password Management implementation: End-user functionality and handling End-user accessibility Enrolment process Administration of users Authentication strong authentication Notification service Reporting Help Desk Functionality Technical Software security certification Installation and Implementation Synchronization to other target systems The necessary functions for password reset / change and unlock have to be present. The solution must be intuitive and easy to use for the user. The user must be able to access the password application from anywhere. Successful enrolment is key for productivity improvement from password management. The aim should be more than 95% enrolled users. Administration must be powerful and efficient to simplify admin overhead and keep IT support costs down It is essential that the organization can choose the authentication that meets the security demands. Strong authentication is a layered authentication approach relying on two or more authenticators to verify the identity of an originator or receiver of information. Any attempts to misuse the Password Manager to gain access to another users password must generate alerts. Administrators and management need reports and action lists to manage the Password reset process. Standard reports and data transfer to Service Desk tools are necessary. The Help Desk needs tools to identify end users and see the status on end-user actions. In large and/or complex IT-systems it is important that the Password Management System can fulfil demanding requirements for volume and availability The Software must be proven to be secure by an independent third party verification authority. Installation and implementation must be simple and straightforward to secure low start-up costs. When users only have one password to remember they are more likely to remember this which will increase end-user satisfaction and productivity. FastPassCorp 2010. Page 3

Detailed list: ID Requirements FastPass solution EU End-user functionality and handling The user must have simple functions for password reset/change/unlock, and enrolment. All easy-to-use with no training required. EU1 EU2 EU3 EU4 EU5 User able to reset/unlock AD passwords without assistance from IT Service Desk User able to reset/unlock AD without assistance from IT Service Desk across a VPN connection User able to reset/unlock AD without assistance from IT Service Desk in Citrix environment User able to reset/unlock Active Directory password without assistance from IT Service Desk with Outlook Webmail Different means for user authentication including strong authentication Users have a FastPass function available at the point of login where the problem is! The user dialogue is straightforward and requires no training or instruction. FastPass will work from different kinds of networks, as well outside the domain as inside There are a number of different solutions in a Citrix environment that will enable the users to reach FastPass. FastPass can be accessed both inside and outside the LAN. FastPass is accessed through a Browser. You can insert a function key in OWA to access FastPass directly. FastPass has a built-in multi-authentication engine. This allows for multi-factor authentication. Administrators are able to configure the authentication process required by the users. If a user attempts to access the solution on the LAN then a less-strict authentication may be needed than if the user comes from the internet. User authentication is role-based and happens dynamically based on the roles and the configuration within FastPass. FastPassCorp 2010. Page 4

EU6 EU7 EU8 User able to enrol without training or education Clear, detailed guidance to users advising how to enrol and reset password Easy and individual language adaption To ensure that all users enroll in the solution, FastPass offers two services, Discovery Services and Enrolment Services. Discovery Services collects information of users (domains, group memberships etc.) Enrolment Services invites users to enroll by mail or SMS. The invitation is sent automatically and invites users to enroll into FastPass. Users who are not enrolled within, say, one week will receive a reminder e-mail. The built-in scheduler fully automates the enrolment process. The process is intuitive for the users. Furthermore there is a clear text helping the user. The administrator can taylormade the text to fit the individual needs. On every page a short description of what the user should do helps the user move forward. FastPass is a very intuitive solution that requires no end-user training at all. The FastPass user interface selects language depending on the language setting in Internet Explorer. FastPass currently supports eight different languages: English Spanish French German Dutch Swedish Danish Norwegian Other languages are added per request. EU9 Application guidance for user FastPass has a clear and descriptive guidance for all functions. Administrator can however change the text to suit individual organizational needs. EU10 Meaningful challenge questions FastPass is delivered with a standard set of challenge questions. The questions can be changed by Security officers and administrators to match the requirements from each organization. EU11 Look and feel of user interface must be modifiable to customer standard portal look. The customer can change the look and feel of the enduser GUI to make password reset an integral part of the corporate intranet or self service portal. AC End-user accessibility The user must be able to access the password application from his favoured platforms. AC1 User able to reset password from her own PC, even when the Password to the PC is forgotten. FastPass adds a forgot password button on the Windows login screen. This is available on XP, Vista and Windows 7. FastPassCorp 2010. Page 5

AC2 AC3 AC4 AC 5 User able to reset Password from a WEB browser from secured network User able to reset Password from a WEB browser from unsecured network (outside) User able to reset password from mobile devices with Internet browsers User able to get the local cached Domain Password updated, even when the user is not on the LAN Enrolment process FastPass is a browser-based application and has no need for any software on the client. If the company wants to use windows login feature mentioned above then an MSI file needs to be deployed. This could be done via group policy or any software distribution tools available. Administrator can define the authentication process depending on the network. FastPass is a browser application and has a solid gateway architecture that allows for advanced deployments. FastPass is designed for use with smart phones and has support for Windows Mobile, Blackberry, Symbian and iphone devices. FastPass lets the user reset the password remotely and then FastPass establishes a secure connection to the server and forces an update of the locally cached password Successful enrolment is key for productivity improvement from a password management solution. EN1 Flexible process defined by Administrator Administrator defines the enrolment processes and ties them with the User-groups. The process defines when invitation will be sent and when and how many reminders will be sent to the user (and notification to administrators and managers) EN2 Administrator defined mail invitation Administrator writes the invitation mails including a link to FastPass enrolment pages. EN3 Automatic mail-reminder process Any number of reminders can be sent to each user with different text and different dates or time intervals. This is a fully automated process. EN4 Automatic invitation of new users When a new user is activated in AD and discovered by FastPass, the invitation process is invoked automatically for the user. EN5 Helpdesk PIN for handling of nonenrolled users If a user that has not yet enrolled into FastPass calls the Service Desk with a password problem, the Service Desk issues a one-time PIN code, which can be used for verification of the user so that he can enrol. When the user then is enrolled, he can reset his password. In this way he will only call the Service Desk this one time and the process sustained. EN6 Negative reminders For non-enrolled users a NAG function can be enforced. The NAG function will regularly on the PC prompt the user for FastPass enrolment! Administration of users Administration of users and handling of user processes must be simple and intuitive for the administrator AD1 Efficient insertion of users in Password Manager Administrator selects AD groups to be registered in FastPass AD2 Automatic insertion of new users FastPass Discovery Service will on regular intervals identify all new users in the selected AD groups, and insert them in FastPass FastPassCorp 2010. Page 6

AD3 Automatic deletion of users FastPass Discovery Service will on regular intervals identify all deleted/exposed users in the selected AD groups, and delete them from FastPass AD4 AD5 AD6 AD7 Specific deletion of users by administrator Administration of user authentication process Password changes must be subject to profile in AD New passwords must adhere to Password policy in AD Administrator can at any point in time delete a user in FastPass Administrators define the desired authentication processes. Each Group is then tied with an authentication profile. FastPass is delivered with standard authentication profiles to be used straight away. Before resetting or changing the password in AD, FastPass controls the user setting in AD and will always respect this setting. Password rules for length, complexity etc. will be respected by FastPass AD8 Temporary exclusion of users Administrator can exclude users from FastPass even though his AD-group is included AU1 AU2 AU3 AU4 AU5 AU6 Authentication strong authentication Number of challenge questions to be defined by administrator 2-Factor authentication based on IPaddress and Challenge questions 2-Factor authentication with SMS PIN-code and Challenge questions 2-Factor authentication with Help Desk Pin code and Challenge questions Authentication process to be decided based on user present network (secure or unsecure network) Authentication profile is defined for each user group It is essential that the organization can choose the authentication that meets the security demands. Strong Authentication is a layered authentication approach relying on two or more methods of authentication to establish the security layer that is demanded and ensure proper identification of users. Number of challenge questions for enrolment is set by the Administrator Administrator defines the IP-address range valid for domain-users, and FastPass combines the location with the challenge answers. FastPass can send a PIN Code to the user via SMS, which they must enter before answering the Challenge questions. The User s Cell number is looked up from AD. A qualified person at the Service Desk can verify a user s identity before handing over a PIN. The user must enter the PIN before answering the Challenge questions. FastPass allows administrators to define different profiles depending on the user s network. FastPass handles different profiles for different groups. FastPassCorp 2010. Page 7

N1 Notification service Information to user when the user has performed an operation in the Password Manager Any attempts to misuse the Password Manager to gain access to other users password must generate alerts FastPass forwards a notification mail when events occur. For instance if a password has been reset has been performed, and email is sent to the user. Another example is when a password reset was attempted but failed. Se more in Reporting items R1 R2 R3 R4 Reporting All incidents to be transferred to Service Desk tool of the customer s choice Provide daily, monthly, yearly data on number of password resets/unlocks by user Log of incidents with full data content to be transferred to standard reporting tools (like EXCEL) Provide details of real time exception through notification (e.g. multiple failed resets, detection of potential unauthorised access) to ICT professionals (i.e. alerting) Administrators and management need reports and action lists to manage the Passwords. Standard reports and data transfer to Service Desk products are necessary. FastPass can transfer information about password reset/change/unlock as records to Service Desk tools. Import setup to be done by customer. Records can be forwarded real-time or as batch. Integration with SD-tools meaning that a create problem ticket & close problem ticket will automatically be generated. This will get the data into this system automatically and take advantage of the reporting facilities available in the Service Desk system. Reporting is provided from the Administration Client. FastPass can deliver data in XML or CSV format realtime or on defined time intervals. FastPass notification Service offers live notification to registered contacts in the groups: Administrative Contacts, Technical Contacts and Service Desk Manager Contacts and to Users (or their Managers if available in AD). Live notifications can be sent by e- mail or SMS or to third-party alerting or Service Desk tools. S1 S2 Service Desk Functionality Service Desk personnel can unlock end users accounts. View user enrolment data for verification of user identity. The Service Desk needs tools to identify end-users and see the status on end-user actions. In the web-based HelpDesk client, the Service Desk user can unlock users in either FastPass or AD FastPass can be setup to store the end users enrolment data in decrypted format, and then choose to display the information to the Service Desk analyst. The Service Desk analyst is capable of checking the Challenges and responses for the users and verifies FastPassCorp 2010. Page 8

the user s identity potentially for other purposes than just password resets and account unlocks. S3 View Audit Report An audit report for the user is available, stating the user s actions and the systems actions for that user. S4 Provide information on users The Service Desk analyst has the ability to see the S5 synchronization requests Helpdesk PIN for handling of nonenrolled users user s latest transactions and their status. If a user, which is not yet enrolled into FastPass, calls the Service Desk with a password problem, the Service Desk issues a one-time PIN code, which can be used for verification of the user so that he can enrol. When the user then is enrolled, he can reset his password. In this way he will only call the Service Desk this one time and the process sustained. S6 Reset Password The HelpDesk client allows the Service Desk analyst to generate and set the users password directly in FastPass. Technical Answers to technical environment and specifications T1 Solution is Secure LDAP Complaint Yes T2 Solution is SSL LDAP Complaint Yes T3 Support for Multiple AD domains Yes T4 Support for Multi Forrest Yes T5 Support for Multi Organization Yes T6 Software requirements for FastPass Server FastPass back-end resides on Microsoft Windows Server 2003 (32 bit and 64 bit) Microsoft Windows Server 2008 (32 bit and 64 bit) T7 Support for client component to reset password, when PC is locked caused by forgotten password For Windows XP, FastPass has a GINA-extension. This feature is also available for Windows VISTA and Windows 7. The client component can be deployed through a group policy or by any available SW distribution tools. T8 Secure communications All communication from clients to server and between server components are SSL and https based. T9 Very High Data security All user data (challenge questions and answers) are hashed and encrypted by 128bit key. This can be configured by FastPass admin. T10 User data only in AD FastPass use data in AD (user-id, name, password, mobile and other) but does not require any changes to AD schema. FastPass does NOT store the user passwords. All other FastPass data are stored in AD extension (ADAM / ADLDS). No special or additional databases are needed. T11 Scalability FastPass has been tested for more than 100.000 users. T12 Flexibility server deployment FastPass back-end can be installed on any Windows FastPassCorp 2010. Page 9

T13 T 14 Fail-over technology available to handle single point of failure of hardware and software Secure and Flexible Server architecture Software security certification 2003/2008 server virtual or physical. You can configure FastPass to handle single point of failure. For a maximum availability configuration contact your FastPass partner or FastPassCorp In deployment scenarios where there is a requirement to access get access from the DMZ, FastPass has a special thin-client component which is installed on the DMZ server. This feature enables secure deployment of FastPass in any type of environment. The Software must be proven robust from hostile attacks. SSC1 PCI-DSS compliancy FastPass has passed the PCI-DSS compliancy test performed by PCI-DSS approved vendor nsense. A report is available on request. II1 II2 II3 Installation and Implementation Lead times to implement the solution for Active Directory password resets Installation must be performed easily through installation wizard Hardware required to host the solution Installation and implementation must be simple and straightforward to secure low start-up costs. Installation and configuration on Active Directory is less than 1 day. FastPass installation - as download or from CD - takes app 30 minutes guided by installation wizards The solution can be implemented either on a domain controller in the existing Windows Server environment. An additional Windows Server could be considered based on the security architecture and design. A standard Server with 2 GHz CPU, 512 MB RAM and 2 GB Disc space is required. Most Customers today use a Virtual Server. II4 Smooth integration with AD FastPass does not change or require changes to ADschema II5 Easy deployment to Windows Workstations MSI files for Windows GINA extension and Windows7 is easily deployed via Group Policy SY1 SY2 Password reset on other target systems Passwords must be synchronized from AD to target system when changed at AD with Password Manager Passwords must be synchronized from AD to the target system when changed at AD with Standard When users only have one password to remember they will be more satisfied and productive FastPass has a Synchronization module which is invoked when there are changes to AD passwords. This module decides to which target-system and userid to send the changed password. FastPass has a Synchronization module which is invoked when there are changes to AD passwords even when initiated from outside FastPass. The Sync module decides to which target-system and user-id to FastPassCorp 2010. Page 10

SY3 SY4 Microsoft tools. Synchronization must handle different user-id s for the same user on different systems Retries for failing sync to target systems send the changed password. FastPass controls synchronization via a table, defining relationships between users on different systems. FastPass retries synchronization according to rules set by administrator SY5 Reset & synchronization to SAP FastPass has connectors for SAP that can be used for password synchronization or reset on SAP only. SY6 Reset & synchronization to AS400 FastPass has connectors for AS400 that can be used for password synchronization or reset on AS400 only. SY7 Reset & synchronization to SQL FastPass has connectors for SQL that can be used for password synchronization or reset on SQL only. SY8 Reset & synchronization to Oracle FastPass has connectors for Oracle that can be used for password synchronization or reset on Oracle only. SY9 SY10 SY11 CR1 Reset & synchronization to customer specific systems & applications Password Filtering for Password alignment when target systems have different password models Individual Password reset and change per Password System Password reset for end-point encryption User Self-service for endpoint encryption protected devices. FastPass has a Generic connector that allows customers or FastPass partners to develop custom connectors. The Generic connector is delivered with documentation and sample code and can be used to include almost any target system that is required. FastPass 3.3 allows for Password modification, so the AD password can comply with the specifications of the Target system. FastPass 3.3 has a feature that allows for individual password reset on the different target systems that is part of the solution. Ex.: Once the user is authenticated by FastPass the user can decide if a password reset should affect only AD, only SAP or both AD & SAP. When users has software for endpoint encryption there is a need to also reset passwords on the endpoint encryption solution. FastPass has an endpoint encryption module that allows the users to perform self-service from the boot prompt screen. Please check what solutions that are currently supported by FastPass. FastPassCorp 2010. Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information