Beyond Cloud adoption - Kompetera
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Beyond
Cloud adoption
–
– get
get ready
ready for
for the
the 4
4th generation
th
generation
of
of User
User Authentication
Authentication
SMS PASSCODE 2020
For a Password Less future, with Smart Login for seamless
access to Windows, MacOS and all your applications
PROVEN With more than 25 years of identity-based security expertise,
VISIONARY we take you beyond MFA to Identity Assurance
EFFORTLESS and enable you to effortlessly secure all your users, applications and environments with one flexible platform
SMS Passcode Authentication
The SMS PASSCODE MFA solution has for 15+ years been a leading technology in adaptive multi-factor authentication and
is now pioneering the next generation of more intelligent and user-optimized authentication, that allows you to increase
remote access security without compromising user-friendliness.
If a hacker obtains an employee’s password, they can Luckily, strong user authentication is now less of a hassle
With a track record of thousands of installations worldwide, and four years in Gartner’s Magic Quadrant, we know what it exploit everything to which the employee has access for both users and admins as it used to be. And with this 11th
takes to protect your systems and cloud applications, whether your users are logging in from Aarhus, New York, Berlin or – Cloud and On Prem, and since most organizations are major version of SMS PASSCODE you will be ready to go as
Bangalore. By dynamically authenticating users based on geo-location and login behavior patterns, we help IT managers enabling more cloud services for file systems, intranet, Cloud as you want – password-less and with a Smart Login
address evolving business needs with cloud applications and mobile security. collaboration sites etc., more data is now exposed. to Windows 7, 8, 10 and MacOS. The future is here – beyond
Cloud!
SMS PASSCODE 2020 Allows you to go as much cloud as you want,
with the seamless integration to our IntelliTrust Cloud Authentication™
The 4th generation of
User Authentication is here!
No one enjoys having to type their password Innovation fueled by the
50 times a day or forgetting to lock their worlds leading organizations
computer whenever they leave their desk.
Imagine how it would affect your workday if Entrust Datacard has ignited the rocket thrusters on
an app on your mobile phone could remove its authentication offering with a secure and effortless Mobile Device Bluetooth Login / Cloud Admin, Directory Bluetooth Login /
Push Fingerprint Authenticators / Integrations Management Authenticators /
both of these daily hassles? alternative that goes beyond traditional multi-factor Self Service /
PW Reset etc.
& Policy Engine ID Proofing /
PW Reset etc.
authentication: Entrust Datacard has finalized an app-
Entrust Datacard has developed the IntelliTrust Smart based solution that moves the user login process beyond
Login app that eliminates both these annoyances. With the cloud. The IntelliTrust Smart Login solution provides a
this certificate-based app, you will never have to type in zero-hassle, secure login from a mobile phone.
your password ever again, and yet this significant usability
improvement also strengthens your digital security. The When using this certificate-based app, the phone will
Password-less future is here, and it starts with an upgrade automatically lock your computer when you leave it and
to SMS PASSCODE 2020 and the now connected IntelliTrust unlock it when you’re back in front of it, using the everyday
Integrations Admin, Directory Authenticators / Integrations Admin, Directory On Premises
Authentication solution build by Entrust Datacard, the biometric validation on your phone for instant access to all – VPN, VDI, SaaS,
OWA, etc.
Management
& Policy Engine
Self Service /
PW Reset etc.
– VPN, VDI, SaaS,
OWA, etc.
Management
& Policy Engine
Integrations
– VPN, Citrix, OWA
leading Identity Assurance Company. your applications.
ON PREM DEPLOYMENT HYBRID DEPLOYMENT PURE CLOUD DEPLOYMENT
On Premise Authentication, Hybrid or Full Cloud Adoption
Since Entrust Datacard acquired SMS PASSCODE in July day – Cloud to Cloud with OpenID Connect, Password-less
2018, we keep growing and add new capabilities. With SMS for user convenience, with a easy to configure risk engine
PASSCODE 2018 we introduced a hybrid authentication for intelligent authentication and finally Bluetooth Unlock
solution combining on-prem authentication with our cloud / Lock for the best workspace security ever seen – Identity
services for SMS, Voice, and App. Assurance for your futuristic logins – in the Office and in the
Cloud.
This year, we present the integration to IntelliTrust, an
award winning Cloud authentication offering from Entrust
Datacard, already handling thousands of authentication a
2 3
License options – what is included? Three new secure and easy ways
to authenticate
With SMS PASSCODE 2018 we decided to create a With a SMS PASSCODE Subscription license, you get
Subscription bundle, that include SMS, Voice and App OTP IntelliTrust secure and user-friendly authentication features,
Dispatch Service, Support and more. With SMS PASSCODE either in a hybrid solution or as a full cloud solution. Aside from Windows 2019 support and other platform and applications securely, without the hassle of entering
2020 there are even more reasons to choose Subscription – improvements, SMS PASSCODE 2020 includes two new a password and traditional two-factor methods with each
the license of the Cloud and services era. Authentication options for Software Assurance customers session. Identity Assurance via Bluetooth login, Device
and one additional for those who have or will convert to our fingerprint authentication and Mobile push authentication
Subscription model. See box on previous page for details. gives users a passwordless, frictionless, secure login
Software Subscription experience.
Assurance Bundle With the three new features, all stemming from
SMS PASSCODE enhancements IntelliTrust™, employees can access workstations, networks
Windows Server 2019 Support
Device Fingerprint with AD FS (IntelliTrust)
Push Authentication (IntelliTrust) AUTHENTICATORS
IntelliTrust “One Enterprise”, including Risk Engine, Cloud-to-Cloud auth., etc.
ActiveSync Device Provisioning for Office365 and On Premise Exchange
Global SMS, App and Voice based OTP Dispatch Service
IntelliTrust Single Sign Portal for all Cloud Services in one place, protected SMS PASSCODE APP Google YubiKey OATH OTP
SMS Flash SMS Secure E-mail Voice-Call (Encrypted OTP) Authenticator Support Token Support
SMS PASSCODE Support, Business Hours (can be extended)
Smart Login using Bluetooth and Cert. based Auth.*
THE THREE NEW INTELLITRUST AUTHENTICATION FEATURES
AVAILABLE FOR SMS PASSCODE CUSTOMERS ARE;
* Until March 31, 2020 Smart Login is included for new SMS PASSCODE Subscription customers
On the back of this brochure, you will find a list of feature in SMS PASSCODE 2020.
For more info on IntelliTrust, please visit intellitrust.com
Device fingerprint Mobile Push Certificate-based
for secure, seamless access app authentication, with authentication via Bluetooth
to cloud applications company branding connection to your desktop
Device fingerprint as an extra Mobile Push Authentication Bluetooth Desktop Smart
security layer – or bypass of SMS PASSCODE 2020 now also Login using Microsoft or
OTP supports Push Authentication, Entrust PKI certificates
When accessing cloud applications with a brandable Entrust App that When using smart login, the your
through AD FS a new Device provides biometric security using phone can automatically lock your
Fingerprint option is available. This your native mobile biometrics to computer when you leave it and
allows for automatic detection of prevent unauthorized access (or unlock it when you return – just
a previously used device, so that to prevent your kids from tabbing use FaceID/TouchID or Android
a bypass of One Time Passcodes in the hacker by accident…), and a equivalent. The MS or Entrust
(OTPs) is possible. When using Confirm, Deny and Concern button. Certificate provides Identity
the IntelliTrust Risk Engine, this Concerns are recorded, and a Assurance also beyond the desktop
can also be seen as one factor to report will be send to an admin. login. Open any cloud solution
consider (geolocation, IP address, and you are already authenticated
time of login, travel velocity, etc. – passwords are history, and we
are others). increase security and usability at
the same time!
4 5
ActiveSync Protection
– without the need for
Allow a secure but easier login Mobile Device Management
with enhanced contextual intelligence
ActiveSync – the protocol for easy synchronization
of e-mail, contacts, etc., imposes an often overlooked
More than 80 pct. of all network breaches are caused by SMS PASSCODE pioneered adaptive authentication, where security risk. If a user can easily setup access to important
hackers using weak or stolen user credentials. Adding MFA login is granted depending on the context, whether the information using only e-mail address and a password – so
on all services, you will boost your security dramaticaly, by user is logged in over VPN, Citrix, RDP or Cloud Services for can the hacker… And when you protect OWA/Office365
disarming the hackers of their preferred weapon. instance. with MFA, ActiveSync should not be forgotten.
To overcome push-back from your users, you should look
into our adaptive / contextual intelligence capabilities – Device Fingerprint is the latest addition, providing more
they have already improved user experience in thousands security than a auth cookie to validate the machine that has THERE ARE THREE PRIMARY WAYS
TO ACCESS OFFICE 365/OWA CONTENT
of organizations. previously been used in a login.
DEVICE FINGERPRINT – THROUGH CLOUD INTEGRATION
Device Fingerprint
The Outlook client Browser
on PC/Mac ActiveSync Office.com or OWA
Block 50 pct. of the time via iPhone/Android/Tablet 10 pct. of the time
Group Membership spent on e-mail 40 pct. of the time spent on e-mail
spent on e-mail
User Behavior Allow
SMS PASSCODE introduced ActiveSync Device Provisioning
Geolocation Challenge
in 2014 for On Premise Exchange. It has since been made
available for Exchange Online / Office365.
Time of Day and Day of Week
This feature does not provide a complete MDM solution if
1 2 3 you need a tool to roll out apps and manage the company
User Login Contextual Analysis Risk Engine devices. However, it does provides the most critical security
capability of protecting the onboarding on new mobile
devices and enabling email synch.
Both SMS PASSCODE and IntelliTrust can allow you to The feature allows users to onboard and use their new
eliminate the need for repetitive and frustrating logins with (private) phones and use mobile e-mail the way they want
our easy-to-configure engine that detects risk in real-time, to. A simple, secure, yet very powerful self-service option
based on contextual data and user behaviour. that works!
6 7
The 4th Generation User Authentication is
Smart Login! Password-less access to both
Mobile Push Authentication Desktop and Cloud Applications!
SMS PASSCODE 2020 includes Push Authentication to To unauthorized mobile app usage or the user itself from Multi factor authentication has provided a necessary layer minimizes user friction. By harnessing the security power of
get access via VPN / Citrix (Radius) and AD FS. When accidentally allowing access for a hacker, a biometric of security on top of passwords for many years. But, our digital certificates and leveraging the user convenience of
activated, the user is prompted on the mobile screen: validation can be added (e.g. Touch/FaceID), and world has continued to evolve both from a technology the mobile phone, we provide sophisticated solution that is
“concern”, “cancel”, or “confirm”. contextual information is also show in the app (login and from a cyber threat perspective creating issues with simple for end users.
attempt from Hilton Hotel in Bangkok, Thailand?) traditional MFA. First, as users, we have come to expect
Pressing the “concern” button blocks access but is also instant access to data and applications and MFA has Smart login allows employees to log into their workstation
logged in the system, for the administrator to look at. increased the friction and frustration. From typing in OTP and applications simply by having their phone in their
codes or carrying around USB keys, MFA not only slows possession. No more passwords and no more 2FA such as
down productivity but if you lose your USB key or the knowledge questions, one-time passcodes (OTPs) or grids
PUSH AUTHENTICATION – THROUGH CLOUD INTEGRATION battery dies on your hardware token, you are now locked cards etc. this means that accessing their computer and
out of being able to work. Secondly, hackers are starting to applications is quick and easy allowing them to work with
find ways around certain MFA methods leading to costly more productivity and less security hurdles and frustration.
breaches. As well, they no longer have to remember to lock their work
stations as the feature automatically logs them out when
Entrust Datacard smart login address the key issues they walk away.
with MFA with an approach that maximizes security and
[USERNAME] wants to
authenticate to Cisco VPN
CONCERN
PASSWORDLESS USER AUTHENTICATION
CANCEL
CONFIRM
1 2 3
User logs into VPN Push notification sent to phone Session is authenticated
User confirms
Authentication
Service
The App works for both Android and iOS – and comes in
two forms – with and without certificate capabilities.
Push to Authenticate is a great feature for the IT savvy user 1 2 3
– but SMS/Text, Voice call, etc. that don’t require installation Virtual Smart Card Automatic Windows / MacOS Unlock Next generation SSO
and setup on the phone is still a valid solution for many Biometric security – No PIN Support for Microsoft PKI No need to authenticate!
front line workers and a less techy audience.
8 9
Solution Highlights
Seamless integration: The SMS PASSCODE MFA platform integrates seamlessly with login systems and cloud solutions for
an intuitive and user-friendly remote access experience.
Adaptive Authentication: Balance high security and strong user-friendliness with a solution that automatically adapts the
level of authentication based on the user’s current circumstances.
Automatic failover: It is possible to establish highly flexible failover mechanisms to ensure that the OTPs always arrive. The
solution can even switch between transmissions, depending on the user’s current login context.
Broad Directory Support: Users can be synchronized from Active Directory and general LDAP Directories like OpenLDAP
or AD LDS. Users can be imported by selecting a specific user group, or by use of an LDAP filter.
Protect your systems
Real-Time Protection: All OTP codes are generated in real-time at the point of login. There are no pre-issued passcodes or
seed files that could be hacked. At the same time, real-time is a prerequisite for delivering session-specific OTPs. and applications
PowerShell: SMS PASSCODE MFA supports PowerShell. Administrators can use PowerShell scripting to create role-based Below is a list of some of the systems we support.
access, integrate to other systems, or automate daily tasks such as checking license availability or country-specific logins.
Status Feedback: SMS PASSCODE MFA provides unrivalled status feedback enabling the user to follow the login progress.
Status feedback inspires user confidence and reduces the number of helpdesk calls.
Location and Behaviour Aware: SMS PASSCODE MFA takes full advantage of contextual information such as login
behaviour patterns and geo-location information to effectively grant or deny user access in an easier and more efficient
way. Geo-fencing, allows admins to white- and blacklist based on systems and locations. E.g. limit access through Citrix
NetScaler from certain countries.
Secure Device Provisioning: This functionality allows users to quickly and easily enrol new ActiveSync devices by
themselves without compromising security and without having to contact the help desk for assistance.
OTP Delivery Methods: With plug-ins and standard OTP delivery methods like apps, SMS, voice-call, secure e-mail, cloud
keys, and hard- / soft tokens, SMS PASSCODE MFA can support your business requirements now and in the future.
Advanced database auditing: SMS PASSCODE MFA includes advanced auditing capabilities to help customers comply
with strict industry regulations and meet audit control requirements.
Mobile push authentication app, with your own branding: Add a user-friendly level of security when employees wants
log in at an unusual time or place. A notification message pops up on the mobile phone before granting access, if the users
is allowed access, prompting for a confirmation (biometry option).
Device fingerprint: After a successful login to a cloud service through AD FS, a device fingerprint can be captured and
used for future login security assessments. This will typically allow for an easier login.
Bluetooth Login to Windows and MacOS + Certificate-based authentication: The App will automatically lock the
computer when employees leave it and unlock it when they return. Moreover, the certificate can be used for cloud
authentication, eliminating the need for passwords for both Desktop and Cloud!
10 SharePoint Online 11Supported Systems
SMS PASSCODE supports a variety of login systems used for remote access. The platform is designed to integrate seamlessly
into hundreds of VPNs providing a secure and intuitive login process.
Below is a list of examples of supported remote access systems.
RADIUS VPN/SSL VPN Clients Internet Information Services (IIS) Websites
Support for the following types of websites:
• Check Point
• Cisco ASA • Outlook Web Access 2010 / 2013 / 2016 / 2019
• Citrix Netscaler (Citrix ADC/Citrix Gateway) • Remote Desktop Web Access (Windows Server 2008 R2 /
• Juniper 2012 R2 / 2016 / 2019)
• Pulse Secure • Websites using Basic or Integrated Windows
• Barracuda SSL VPN and NG firewalls Authentication
• VMware Horizon View
• Netop Remote Control
Secure Device Provisioning
• Palo Alto
Protection for ActiveSync devices on the following
• F5 BIG-IP systems:
• NCP VPN
• Other RADIUS clients (challenge/response) • Exchange 2010
• Exchange 2013
• Exchange 2016
Windows Logon, Remote Desktop Services
• Exchange 2019
Support for the following Servers and Services:
• Exchange Online
• Remote Desktop Services (RDP Connections)
• Windows Servers 2008 R2 / 2012 / 2012 R2 / 2016 / 2019
• Windows 7, Windows 8, Windows 8.1 and Windows 10
• VMware Virtual Desktop Portal & Client Access
Microsoft AD FS Protection
• AD FS 2.0 plug-in for multi-factor authentication
• AD FS 3.0/4.0/5.0 adapter for multi-factor authentication
Multi-factor authentication support for:
• Access to cloud applications such as Saleforce.com,
Microsoft Office 365, Google Apps, etc.
(AD FS 3.0/4.0/5.0)
• Access to websites published through Microsoft Web
Application Proxy (AD FS 3.0/4.0/5.0), such as Outlook (1) Protection of SharePoint using RADIUS is only supported if the
Web Access SharePoint Portal server is published through an Application Gateway, which
will ensure that the user is only required to authenticate once during the
• Approval of devices in connection with workplace joins initial login. For example, using the Citrix Netscaler configured to make use
(AD FS 3.0/4.0/5.0) of persistent cookies.
Entrust Datacard A/S
Park Allé 350 D, DK-2605 Brøndby
Phone: +45 70 22 55 33
www.entrustdatacard.comYou can also read
