Advanced Authetication and Access Management Platform
One framework for every authentication
Organizations are usually forced to manage and maintain multiple infrastructures. Not only are multiple authentication infrastructures complicated to manage, they are less secure. What you need is a single authentication framework for all of your devices and methods. Having a single framework keeps costs down as Advanced Authentication scales to any size environment.
Centralized policy engine
Advanced Authentication framework is robust enough to manage large environments with diverse authentication needs, but simple enough to require little administration. With our two factor (or more) authentication capabilities, you can create authentication policies specific to users, groups, devices or locations. The web interface keeps configuration clean regardless of complexity. Delegated administration and tracking of changes keeps policies consistent and secure. And because the policy engine in the Advanced Authentication framework is flexible, it crosses all authentication methods, alleviating redundant work and inconsistent authentication.
Large organizations requiring worldwide deployment of their authentication policies will appreciate Advanced Authentication’s support for multi-site configurations. Advanced Authentication is designed to scale to any performance or location requirement that you may have.
Advanced Authentication is designed for High Availability providing continuous uninterrupted operations. Application availability, reliability and performance are ensured with internal server load balancing capabilities. While replication between a primary and secondary locations (over LAN or WAN) ensures data integrity. Multiple updated data stores are always available for rapid disaster recovery (DR).
Every organization has some private information (financial, customer, regulated, etc.) that requires an added level of user verification not possible with traditional credentials. It’s that type of information that warrants a higher level of authentication based on the situation. Is the requester in the building, as expected, or across the country or beyond? Are they using a known device or one not seen before? Perhaps there is other criteria from which you want to control the authentication level. We offer risk based access control that enables you to match the type of authentication to the potential risk of the information or service being accessed.
You can configure ADFS to use our Advanced Authentication framework. If your organization uses any ADFS services and have multi-factor authentication or other types of strong authentication requirements, you will be glad to know that Advanced Authentication integrates into those environments. Of course it also supports ADFS setup in other Microsoft Azure configurations that your business applications may be using. And because Advanced Authentication integrates natively into ADFS, you have the flexibility to use any authentication type that you like.
Because National Institute of Standards and Technology’s (NIST) standards for encryption have been recognized over the world, Federal Information Processing Standard (FIPS) 140-2 is important to any corporation. Advanced Authentication does meet these standards so security conscious businesses as well as organizations operating in regulated industries can deploy with confidence.
Using global positioning (GPS) technology, geo-fencing allows the administrators to define authentication policies based on a user’s specific location, such as a building or campus. The policies can be configured to limit access to only those users in the allowed locations(s). This feature differs greatly from typical geo-location using IP address lookup which relies upon accurate IP address reporting and larger geographic region definitions.
Compared to other location based technologies, geo-fencing offers a superior option with high accuracy and resistance to spoofing.
For organizations that want to balance speed of access with their security needs, NetIQ Advanced Authentication allows administrators to configure a grace period between authentications where a second factor isn’t required. The user is still required to fulfill the complete authentication requirement initially. Separately, your organization may choose to use Access Manager’s risk based authentication engine to define when second factor authentication is required.
Travelers on-the-go required to perform multi-factor authentication to access private information can now do so anytime they need. Meaning, that even without connectivity users are able to get work done.
We are dedicated to your success in providing security across a broad number of platforms. As such, Advanced Authentication provides an OS X authentication plug-in as well as a Linux Pluggable Authentication Module. This is in addition to the existing Windows Credential Provider. Now you can use methods based on iOS, Android and Windows Mobile to authenticate to Windows 7+ and OS X 10+ computers for business-critical initiatives. Broad platform support enables you to accelerate full coverage and reduce the cost created if multiple solutions were required.
Advanced authentication provides an OAuth interface that provides clients an easy way to integrate their applications. Once in place, applications can leverage Advanced Authentication’s policy engine to match the appropriate method(s) to the situation to provide the ‘right’ level of security.
Advanced Authentication provides an easy self-explanatory workflow for the end user registration experience. By simplifying the registration of iOS, Android and Windows Phone devices as well as workstation connected biometrics, card reads and others, your users will effectively register their devices, your system will easily scale and your help desk will not be overrun with registration issue calls.
Administrative and configuration operations are web based. The simple elegant interface provides for network and RADIUS configuration, database connection, configuration of all authenticators, authentication chain design (2FA / MFA) and assignment, roles delegation and other key operations in one tool.
Help Desk module provides the capabilities to ensure a good end-to-end customer experience. This includes un-enrolling and assist in re-enrolling methods, assign tokens (when needed), and assignment of specific user roles. If a user contacts the Help Desk with an authentication issue related to Advance Authentication, your Help Desk Agent will be able to provide the positive customer support experience expected. This builds strong relationships and further support for your MFA efforts.
Use this Advanced Authentication feature when a user has no previously enrolled authentication method available. Perhaps your user misplaced their token, took their phone swimming or they could just be at a workstation where the card reader has failed. In any event they still need access. The Emergency OTP access process is part of the Help Desk Module and allows for an OTP to be generated for the user in these urgent situations.
Advanced Authentication HTTP Proxy serves as a barrier between the Internet and your authentication server. This means that traveling and remote users have access to advanced authentication services while your server remains safe behind your corporate security.
In a day and age where employees and contractors are using their own devices (BYOD), it’s likely that they’re not part of your corporate domain. Because Advanced Authentication doesn’t require domain membership multi-factor authentication isn’t limited to just your corporate devices. Your users can bring their Windows, Mac OS X and even Linux based systems and you can enforce Advanced Authentication to your resources as needed.
Advanced Authentication lets you define which types of authentication events are logged for later retrieval. Typical events include both successful and unsuccessful authentication attempts, as well as changes in enrollment or configuration.
Customized reports allow administrators to identify user authentication behavior or abnormalities that may be important for their environment. Analysis can be performed on persons, authentication methods or various types of authentication trends.
Reports can also be focused on the servers themselves, potentially identifying ways to optimize configurations or expand deployments.
Use Access Manager’s risk-based authentication engine to increase the security of your web-based and federated services. Administrators can set up risk profiles to determine the level of identity verification as well as the authentication type(s) to be presented to the user. Higher risk profiles could invoke an access denial or a step-up authentication with stronger methods or challenges.
Used together with Advanced Authentication, Access Manager enables organizations to select the authentication methods that fit the context of the authentication. Using the right authentication type provides high security for sensitive information while simplifying access for authorized users.
Access Manager enables single sign-on, which means your employees and partners only have to remember one login for authorized access to all corporate web-based applications. This not only makes your environment more secure, it makes secure authenticated access convenient and fast, creating more productive users and lowering your support costs.
Give your employees secure access to externally hosted applications. Present a single view of applications, information and services delivered from multiple partners to your customers. Or, enable business-to-business interactions or collaboration with one or more partners. Access Manager offers all of this and more using standards-based technologies.
Manage and configure your environment from a single console. No need to touch individual web servers or configure individual agents.
Access Manager provides an integrated single sign-on experience to your Office 365 applications and hosted information without the need for complicated Active Directory Federation Services (ADFS) configurations. And because it’s Microsoft certified you know that it’s every bit as reliable.
Access Manager provides intuitive wizards for configuration of single sign-on to Office 365. And because Access Manager provides a rich set of web-access management features, you can use it for all your internal and cloud-based access needs.
Using the WS-Federation standard, Access Manager simplifies the management of different user communities to Microsoft SharePoint. Access Manager lets you avoid complicated Active Directory Federation Services (ADFS) configurations or the need to setup trusts across domains.
Access Manager gives your users a single SharePoint password adhering to a single policy regardless of where their account resides.
Secure your web services and protect your information against authentication attacks and unauthorized access through security tokens. Access Manager uses a standards-based Secure Token Service (STS) that issues and validates security tokens to act as a trusted authority.
Enterprise web services can use STS to enforce appropriate security token policies across web service providers and consumers. Access Manager STS allows the secure identity propagation and token exchange between web services and facilitates secure identity delegation and impersonation.
Self Service Password Reset enables users to reset their passwords or unlock their accounts without calling the help desk. And because Access Manager distributes password updates in real time across all your physical and virtual resources, your entire environment is password-maintenance free.
For those situations where federation isn’t the best fit, Access Manager can serve as a reverse proxy that protects your web resources.
Administrators have the ability to customize user interfaces, such as the optional login page and portal. With minimal effort, you can brand the login page with your own corporate logo and colors.
If you don’t already have a centralized place from which users launch their applications, Access Manager’s built-in portal provides an easy way for your administrators to configure their users’ experience as they access applications and services from their laptops, tablets and smartphones. The portal optimizes the view for each form factor to make navigation quick. Users also have the flexibility to choose favorites as well as the type of view they want to experience.
For those that want to move their web-based apps out to their mobile users, Access Manager does that for you. It supports the MobileAccess app which keeps them secure and simple to access. Within the app, your users are presented a corporate view of their business applications made to fit the form factor they are using. With a single touch of an icon, the selected application is loaded. Users can also group or favorite the apps that they use most.
For those of you who are delivering services through native mobile apps, Access Manager includes an SDK (iOS and Android) as well. Whether it’s for customer facing or internal use, Access Manager enforces the right access controls for these applications. We use open standards so you can avoid vendor lock-in. Using Access Manager provides secure access as well as audit information when needed.
Broad support of social identities
Often people find it easier to use their social credentials (such as Facebook, Twitter, Google, LinkedIn, etc.) because they’re easy to remember. Not only does it support the most common social credentials, Access Manager comes integrated with the most common social identity sources right out-of-the-box.
Access Manager’s support for social identities makes it easy for you to engage your customers and give them personalized service or web experience. It enables you to increase your customer satisfaction and participation by catering to their interests because you know who they are. And when customers are allowed to use their social identity to login, they won’t leave your site.