Upload
hitachiid
View
218
Download
0
Embed Size (px)
Citation preview
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 1/6
Self-Service, Anywhere
© 2014 Hitachi ID Systems, Inc. All rights reserved.
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 2/6
Contents
1 Introduction 1
2 Mobile users warned of password expiry 2
3 Reset forgotten, cached password while away from the office 2
4 Unlock encrypted hard disk 3
5 Smart card PIN reset 4
6 Low cost multi-factor authentication using mobile phones 4
i
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 3/6
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 4/6
Self-Service, Anywhere
2 Mobile users warned of password expiry
Problem Solution Business impact
Mobile users are not notified byWindows when their passwords
are about to expire. Users whoinfrequently connect their laptopto the office network, insteadchecking e-mail with a solutionsuch as Outlook Web Access,suffer regular password expiryand require frequent passwordresets.
Password Manager sends userse-mails warning of imminent
password expiry. Users changepasswords using a web browser.An ActiveX control refreshes thepassword on their laptop.
Fewer login problems that causea work interruption. Lower IT
call volume and support cost.
3 Reset forgotten, cached password while away from the office
Problem Solution Business impact
Laptop users sometimeschange their password beforeleaving the office and may forgetthe new password when theyneed to use it while not attachedto the corporate network.Without a technical solution, the
IT help desk cannot resolvethese users’ problem until theyreturn to the office. User laptops
are rendered inoperable untilthey return to the office.
A Password Manager clientsoftware component allowsusers who forgot their primary,cached Windows password andcannot sign into their PC toconnect to the Internet over aWiFi hotspot or using an
air-card. Users locked out out oftheir PC login screen can alsoestablish a temporary Internet
connection using their homeInternet connection or a hotelEthernet service. Once theuser’s laptop is on the Internet,Password Manager establishesa temporary VPN connectionand launches a kiosk-mode (fullscreen, locked down) webbrowser. The user steps througha self-service password reset
process and Password Manager
uses an ActiveX component toreset the locally cachedpassword to the same newvalue as was set on the networkback at the office.
Forgotten passwords are amajor work disruption for mobileusers, since they cannot beresolved until the user visits theoffice. Password Manager
allows users to re-enable theirlaptop in minutes.
© 2014 Hitachi ID Systems, Inc.. All r ights reserved. 2
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 5/6
Self-Service, Anywhere
4 Unlock encrypted hard disk
Problem Solution Business impact
Organizations deploy full diskencryption (FDE) software to
protect against data leakage inthe event that a corporate laptopis lost or stolen. Users with FDEon their PCs normally have totype a password to unlock theirhard disk, before they can bootup an operating system. Thispassword is normallysynchronized with the user’sprimary Windows password, so
that the user only has toremember and type a singlepassword at login.
If a user forgets his hard diskencryption unlock password, theuser will be unable to start theiroperating system or use theircomputer. This is a seriousservice disruption for the user
and can contribute to significantsupport costs for the IT helpdesk.
Most FDE packages include akey recovery process at the PC
boot prompt. This normallyinvolves a challenge/responseprocess between the FDEsoftware, the user, an IT supportanalyst and a key recoveryserver. Password Manager canfront-end this process using anintegrated telephony option, sothat users can perform keyrecovery 24x7, from any
location, using their telephoneand without talking to a humanhelp desk technician.
Key recovery is an essential ITsupport service for
organizations that havedeployed FDE. Password
Manager lowers the IT supportcost of key recovery by movingthe process to a self-servicemodel.
© 2014 Hitachi ID Systems, Inc.. All r ights reserved. 3
8/3/2019 Self Service Anywhere
http://slidepdf.com/reader/full/self-service-anywhere 6/6
Self-Service, Anywhere
5 Smart card PIN reset
Problem Solution Business impact
Organizations deploy smartcards to strengthen their
authentication processes. Userstypically sign into their PC byinserting their smart card into areader and typing a PIN. If usersforget their PIN or leave theirsmart card at home, they cannotsign into their PC. PIN reset is acomplex support process sincethe new PIN has to be physicallyinstalled on the user’s smart
card. This means that ITsupport may trigger a physicalvisit to the help desk.
Password Manager allows usersto access a self-service web
portal from anywhere, includingfrom the locked out login screenof their laptop, even away fromthe office (even using WiFi, asdescribed earlier). Once a usersigns into the self-service portal,Password Manager candownload an ActiveXcomponent to the user’s webbrowser, to communicate with
the smart card and reset theforgotten PIN. Password
Manager can also be used toassign a user a temporary loginpassword (often a very long andrandom one) to be used in theevent that a user left his smartcard at home.
While forgotten PINs areinfrequent – PINs are not
usually set to expire – when theydo happen, they are extremelydisruptive. Assigning temporarypasswords is just as importantfor users who left their smartcard at home, which happensquite often.
6 Low cost multi-factor authentication using mobile phones
Hitachi ID Password Manager supports low-cost, multi-factor authentication into its own request portal, withuser mobile phones acting as a secondary authentication factor (i.e., “what you have”).
This solution is implemented using two technologies included with Password Manager :
1. Managed user enrollment, used to invite users to enter their mobile telephone number and provider.
2. Authentication chains, used to define how users can sign into Password Manager itself. For example,end users who forgot their password might be asked to answer a series of security questions and then(if this was successful) to key in a randomly generated PIN that was sent to their mobile phone via ane-mail-to-SMS gateway. Alternately, help desk staff and administrators might be required to sign into
Password Manager using a combination of their Active Directory password and a random PIN, alsodelivered via SMS.
ww.Hitachi-ID.com
0, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: /pub/wp/documents/ssa/self-service-anywhere-1.texDate: 2011-04-28