Indeed ID: the Complex of solutions for authentication, access control and means of authentication at the enterprise

Being exposed to serious and quite reasonable criticism in recent years, password authentication is not capable to provide the necessary level of IT security today what regular messages about leaks of corporate information confirm. Weak passwords and the related problems continue to remain the main vulnerabilities.

For the solution of these problems the technologies of strict authentication and a uniform input implemented by the systems of the corresponding class are used. In the Russian market the complex of the solutions Indeed ID developed by the company is among such systems Indid. This complex proposes solutions Indeed Enterprise Authentication and Indeed Enterprise Single Sign-On for authentication and access control and also the solution Indeed Card Management for management of lifecycle of key carriers.

The solutions Indeed ID are intended for replacement of password access with a broad spectrum of different technologies of strict authentication and also for solving of tasks of control and accounting of means of authentication. The solution of these tasks increases employee performance, reduces risks of information security, minimizes the number of appeals to service Help Desk and, as a result, cuts down the total costs of maintenance of infrastructure of the enterprise. Use of the solutions Indeed ID allows to obtain quickly information on access for users to different resources and to instantly limit access to all systems in case of such need at once.

The solutions Indeed ID are intended for the companies of the different industries and fields of activity and can be applied at the enterprises with IT infrastructure of different scale - from the large companies with a wide branch network to the small enterprises.

At the expense of an open architecture of the solution Indeed ID can support work with applications and IT systems of third-party developers and, thus, completely to be integrated into the existing IT infrastructure of the enterprise.

In addition to opportunities, feature of the solutions Indeed ID is the convenient scheme of termless licensing which is not requiring annual payment of use of a system and a free support within a year after purchase of licenses.

Strict authentication and uniform access to resources

Strict authentication

Problems of the strict and strengthened authentication are implemented by the product Indeed Enterprise Authentication.

Allowing to replace password access to strict authentication, Indeed Enterprise Authentication exempts employees from need to remember and keep passwords a secret, to execute their regular change according to password security policies and also saves users from need of manual entry of passwords from the keyboard.

Use of Indeed Enterprise Authentication does not require additional training of employees as the interaction mechanism with a system is as close as possible to the traditional authentication scheme, usual for users. Instead of password entry in a window of authentication just it is necessary to perform the operation provided the authentication selected by technology (to put a finger to the reader, to connect an USB token or a smart card, etc.).

Indeed authentication window

Indeed Enterprise Authentication gives following features:

• access to resources of the domain Microsoft Active Directory using technology of strict authentication;
• support of a broad spectrum of technologies of strict authentication;
• storage of passwords of users and their automatic change according to established policies of security;
• optional generation of accidental passwords;
• an opportunity to combine all maintained technologies of authentication within one IT infrastructure;
• access to domain resources from internal network and to the services available from external network (mail, web applications);
• access on the cached (saved) authenticator in case of lack of contact with the Indeed server;
• automatic blocking of the workstation (for example, at extraction of the device of authentication or use of a screen saver);
• independent registration of authenticators and management of them for users;
• automatic identification of the user on an authenticator without the need for input of the login;
• automatic substitution of the password in the hidden type in the necessary field when clicking a combination of 'hot keys';
• work on terminal servers of Microsoft and Citrix;
• operation of the Indeed servers in the cluster mode;
• journalizing of events of the Indeed Enterprise Authentication system and audit of actions of administrators and users;
• creation of reports on system events;
• integration with control and management systems for physical access (ACS);
• integration with management systems for key carriers (Card Management System, CMS);
• integration with management systems for lifecycle and the rights of accounts of users (Identity Management, IDM).

Uniform access to resources

Approach of enterprise-wide Single Sign-On implements the product Indeed Enterprise Single Sign-On. Allowing to organize access to all corporate IT systems without repeated input of logins and passwords, Indeed Enterprise Single Sign-On considerably simplifies the procedure of authentication in applications and process of management of credentials of users.

Application tuning in Indeed Enterprise Single Sign-On

Client part of a system (ESSO the Agent) requests the list of the systems requiring user authentication, and the corresponding credentials from the Indeed server. These data make a personal profile of access for the employee. As soon as the employee starts the application from the profile of access, ESSO the Agent intercepts a registration window of this application, hides it from the user, autocompletes the necessary data obtained from the server (substitutes a name of an account and the password) and controls the procedure of gaining access to application environment. By result of accomplishment of transaction in the event log of a system the fact of accomplishment of successful or unsuccessful access attempt is fixed.

Indeed Enterprise Single Sign-On gives following features:

• storage of passwords of users and their automatic change agrees to the security policies admitted to the companies;
• strict authentication at access to applications (including during the work with the application in the terminal environment);
• pass-through authentication in applications;
• support of any types of applications (Windows Java .Net web applications using browsers Internet Explorer Mozilla Firefox);
• support of a broad spectrum of technologies of authentication and possibility of use of their any combinations;
• access control both for individual employees, and for structural units of the company (departments, divisions and so forth);
• journalizing of events of the Indeed Enterprise Single Sign-On system and audit of actions of administrators and users;
• integration with management systems for key carriers (Card Management System, CMS);
• integration with management systems for lifecycle and the rights of accounts of users (Identity Management, IDM);
• integration with control and management systems for physical access (ACS).

The maintained technologies of authentication

Indeed Enterprise Authentication and Indeed Enterprise Single Sign-On support a broad spectrum of technologies of authentication at the expense of what the authentication system of the company can be adapted for its specific objectives and the IT environment flexibly.

Solutions support the following technologies:

• smart cards and USB keys of different producers;
• biometrics: fingerprint, drawing of veins of palms;
• RFID-карты: Mifare, EM Marin, HID Prox, HID iClass;
• one-time passwords: The SMS, an OTP charm, the application on the smartphone.

At the same time all maintained technologies can function jointly in a unified environment. For example, top managers and finance division of the company can use highly reliable biometric authentication, non-management employees are inexpensive proximity cards, and remote workers - generators of one-time passwords.

Management of lifecycle of key carriers

For providing the high level of information security more and more companies implement the information systems based on digital certificates and a public key infrastructure (Public Key Infrastructure, PKI). Strict authentication in this case is implemented using smart cards and tokens which use needs to be considered and controlled.

The Indeed Card Management system is intended for the solution of these and other tasks connected with implementation, management and accounting of digital certificates and key carriers for all their lifecycle.

The user's card in Indeed Card Management

The main advantage of the solution Indeed Card Management is support of a broad spectrum of smart cards and USB keys of different producers that allows the companies to select freely models of the key carriers optimum suitable at the cost and functionality for the tasks solved by them and the current working conditions.

Indeed Card Management gives following features:

• accounting of key carriers and information storage about them in the database;
• support of work with key carriers of different types and producers;
• centralized operation by digital certificates for all lifecycle;
• process automation of management of digital certificates of users;
• support of work with UTs Microsoft CA and Crypto Pro certification centers;
• authentication of users of service of self-service on confidential questions;
• backup of key information (creation of duplicates of the lost or damaged key carriers);
• maintaining event logs and audit of actions of administrators and users with key carriers;
• the independent operational solution users of the main objectives of use of key carriers (through service of self-service);
• card management outside network of the enterprise which users can independently execute (through remote service of self-service);
• creation of reports on system events.

The supported means of authentication

Indeed Card Management supports work with key carriers of different producers:

• Rutoken USB keys of the Asset company;
• USB keys and smart cards of eToken of SafeNet company;
• USB keys and smart cards of ESMART of ISBC company;
• USB keys and smart cards of JaCarta of Aladdin R.D. company;
• AvestKey USB keys of Avest company;
• smart cards of ID Prime of Gemalto company;
• smart cards of Indeed AirKey and Crypto Pro of AirKey.

All types of the supported means of authentication can be used within one infrastructure. At the same time the list of devices is not limited only to these carriers. A system is focused on work with different smart cards. Features of creation of a solution architecture allow to provide a possibility of a first line support of new key carriers.