SecureAuth IEP
IdM Services

SecureAuth IEP Delivers Identity Enforcement and Configurable IdM, 2-Factor Authentication, and SSO to Protect all Cloud, Web and VPN Resources

User identities are the key to unlocking access to an organization’s kingdom of data and must be protected at all time. Without adequate protection, identities are vulnerable to attack that can result in catastrophic data breaches. No one understands this better than SecureAuth Corporation. SecureAuth’s Identity Enforcement Platform secures and simplifies access to every cloud, VPN, and web application with integrated Authentication, SSO, Access and User Management Services.

The heart of identity management (IdM) and the SecureAuth Identity Enforcement Platform (IEP) is your enterprise directory, i.e., Active Directory, LDAP, SQL, or other industry-leading directories that store your user credentials. SecureAuth IEP integrates with your existing directory or directories so users don’t have to remember a new password and administrators don’t have to manage stronger authentication or SSO credentials from yet another directory. In addition, SecureAuth works seamlessly with your existing IdM infrastructure, whether it’s a single directory, multiple and/or virtual directories, or an Identity/Access control solution such as IBM TAMeb or CA Siteminder. Regardless of the IdM system in place, SecureAuth can simplify, optimize, and secure it while providing the integrated tools necessary to manage it.

For organizations that don’t have an IdM system in place or can’t support emerging cloud requirements with their current infrastructure, SecureAuth IEP provides critical Identity and User Management services in a single identity-based platform that also delivers 2-factor authentication and SSO for all cloud, web, and VPN resources. SecureAuth’s IdM services automate the creation and management of user accounts, reducing administrative overhead and strengthening security by ensuring that only authorized users are accessing the application at any given point in time.

SecureAuth IEP identity management functions include:

• Administrator Secure User Account Creation
• Help Desk User Profile Administration Improves Operational Efficiency
• User Profile Self-administration Reduces Administrative Overhead
• Automated User Profile On-boarding and Directory Update Ensures Data Consistency
• Self-service Password Reset Reduces Help Desk Calls

SecureAuth IdM services are one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus SSO, access and user management services in a single solution.

Administrator Secure User Account Creation

The type of authentication required to ensure that user access to applications is secure varies from company to company and user to user and is driven by policy and configured by an administrator. SecureAuth IEP can be configured to require authentication variations for super users. Configurable options can include enforcing only private machines and specific administrator user groups. In addition any of SecureAuth’s 2-factor authentication methods can be used to enforce the user-creation policy, including:

• Certificate Authentication
• 2-Factor SMS Authentication
• 2-Factor Telephony Authentication
• 2-Factor E-mail Authentication
• Knowledge Based Authentication
• Help Desk Authentication
• Any combination of the above

For an administrator, ease-of-use is critical. SecureAuth IEP’s web interface increases productivity by making it easy, fast, and secure got administrators to manage user accounts.

Back to top of the page

Help Desk User Profile Administration Improves Operational Efficiency

By enabling self-service user profile management within SecureAuth IEP, organizations can dramatically reduce the burden on IT administrators. However, organizations also need administrators to be able to manage user accounts and profiles attributes that reside in different directories or datastores whether it be LDAP, Active Directory, SQL, etc. This function often resides with the Help Desk. SecureAuth can easily create an authentication realm specifically for Help Desk assisted user profile management. The authentication can be any mechanism that SecureAuth supports to identify the user before they are allowed to change their identity attributes. User attributes the Help Desk can manage include:

• Mobile Phone Number(s)
• Land Phone Number(s)
• E-Mail Address(es)
• Knowledge Based Authentication (KBA) answers
• Static Personal Identity Number (PIN)
• Federated IDs including:
  o Google ID
  o SalesForce ID
  o Postini ID
  o ADP ID
  o SuccessFactors ID
• Custom Attributes

In addition, SecureAuth’s IEP native certificate management capability enables an administrator to revoke a user’s SecureAuth authentication X.509 v3 certificate if they leave the company unexpectedly.

Back to top of the page

User Profile Self-administration Reduces Administrative Overhead

Every organization has to manage their user’s profiles regardless of where the identity attributes reside (LDAP, Active Directory, SQL, etc.). If 100% of the process is based on manual help-desk assisted profile management, user profile administration becomes too resource intensive, expensive, and takes longer to get users on-board. SecureAuth IEP enables authenticated users to manage their own passwords stored in an enterprise directory.

Enabling User Profile Self-administration is simple, secure and configurable. An administrator simply selects the feature for the authentication realm and then selects the authentication method to be used before a user is allowed to update their profile. Once authenticated, a user can update the following attributes:

• Mobile Phone Number(s)
• Land Phone Number(s)
• E-Mail Address(es)
• Knowledge Based Authentication (KBA) answers
• Static Personal Identity Number (PIN)
• Custom Attributes

Furthermore, SecureAuth integrates with existing directories and all changes to passwords are enforced according to the native directory policies.

Back to top of the page

Automated User Profile On-boarding and Directory Update Ensures Data Consistency

Trying to keep user profile information up-to-date or getting missing data to complete a profile is time consuming for any organization, but critical for authenticating a user and identity enforcement. SecureAuth IEP enables users to on-board their identity attributes during an initial SecureAuth authentication. These attributes include fields such as:

• Mobile Phone Number(s)
• Land Phone Number(s)
• E-Mail Address(es)
• Knowledge Based Authentication (KBA) answers
• Static Personal Identity Number (PIN)
• Custom Attributes

If there are missing user identity attributes identified during the on-boarding process, the user can be prompted to provide the information. SecureAuth can be configured to import these attributes directly into the directory eliminating the need to write complex profile scripts to import data. The SecureAuth IEP user and administrator graphical user interface is simple to use. Enabling User Profile On-boarding is easy. An administrator simply selects the feature for the authentication realm and then selects the attributes that are mandatory. Any missing data is automatically imported into the directory.

Back to top of the page

Self-service Password Reset Reduces Help Desk Calls

On average, 25% of the calls to a help desk are password-related. Of those, the majority of requests are to reset forgotten passwords. SecureAuth IEP enables users to securely reset their own password in an enterprise directory. To ensure maximum security, an administrator configures the method of authentication needed to reset a password. Authentication methods supported include:

• Mobile SMS One Time Password
• Telphony Audio One Time Password
• E-Mail One Time Password
• Knowledge Based Authentication
• Help Desk Phone Number
• Static PIN

To reset a password, a user simply clicks on the SecureAuth Password Reset link and is stepped through the reset process and the new information is securely stored in the enterprise directory. For maximum security, the password reset capability can be restricted to only users who are SecureAuth IEP registered users and have a SecureAuth X.509 certificate. For the user, it means resetting a password or unlocking accounts in seconds, without having to call the help desk and potentially waiting for a callback. For administrators, it means the added security of sound and sustainable password policies and practices without additional administrative overhead.

Back to top of the page

SecureAuth IdM services are one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus SSO, access and user management services in a single solution.