Indeed Access Manager (Indeed AM)

Indeed Access Manager (combined several products - Indeed Enterprise Authentication, Indeed Enterprise Single Sign-On, Indeed AirKey)

Indeed Access Manager is a system for centralized control of user access to the company's information resources, which allows you to consolidate the procedures for managing, providing and gaining access to enterprise information systems. Indeed Access Manager consists of a number of software products (components) that share the general principles of organization: architecture, storage, administration, general style of design of the user interface.

2025

Indeed AM 9.3 with Indeed AM Linux Logon and Indeed AM LDAP Proxy Modules

Indeed, the developer of a set of identity protection solutions, has expanded the functionality of Indeed Access Manager (Indeed AM), a product for centralized access and account control. Version 9.3 includes such important improvements as the ability to automatically install the solution, new Indeed AM Linux Logon and Indeed AM LDAP Proxy modules, and support for the FreeIPA user directory. Indid announced this on October 14, 2025.

A key change in version 9.3 is the configuration wizard, which speeds up the installation and configuration of Indeed Access Manager. At the same time, the wizard offers those settings that are suitable for most users by default. Automating actions and verifying settings at each stage allows you to quickly start working with the product and reduce the likelihood of errors during the preparation of the infrastructure and during installation.

Another significant update to Indeed AM is designed to make it easier for import substitution users to interact with the product. Now support for two-factor authentication mechanisms in Linux is carried out using the Indeed AM Linux Logon module, developed by Indid as an alternative to the Windows Logon module. Indeed AM Linux Logon is implemented through automated integration with the Plugable Authentication Modules library, thanks to which the module supports a large set of user scripts (local login, unlocking, SSH, SU, RDP, etc.).

In addition, to simplify the transition the Russian of companies to import-independent technologies, the developer added support for the FreeIPA user directory to Indeed Access Manager. The FreeIPA directory service is designed for OS Linux-based systems, so Indeed AM administrators can fully work with users without binding to the service. Microsoft Active Directory

Indeed AM 9.3 introduced the Indeed AM LDAP Proxy module. It is designed for two-factor authentication in applications running on the LDAP protocol. In Indeed AM LDAP Proxy, it is possible to flexibly configure timeouts and set time limits for confirming push authentication. The module logs all redirected events and provides mutual authentication between the LDAP server and the LDAP client, which increases the security of user access during local and remote connections.

We are systematically developing Indeed AM to help our customers build a robust and flexibly managed access protection system that meets all security standards and requirements. In version 9.3, it became possible to automatically install Indeed AM through the web interface, which allows you to minimize manual setup operations and simplify changes to the product. For example, now you can add certificates, generate keys, fill configuration files, configure a database connection and other actions directly in the configuration wizard. In addition, we continue to expand the functionality of the product by introducing access control tools based on domestic technologies, - said Nikolai Ilyin, Product Manager of Indeed AM in Indid.

Integration with BearPass

Indid has provided the ability to integrate the Indeed Access Manager multi-factor authentication system with BearPass, a solution designed to store and manage corporate passwords. Indid announced this on October 9, 2025.

Technology compatibility between Indeed Access Manager (Indeed AM) and BearPass

Improves security when using corporate passwords with enhanced authentication.

BearPass enables you to centrally and securely store and manage corporate passwords. The functionality of the product allows you to automatically generate strong passwords for various services and services, as well as set their complexity policies. Password complexity requirements can be configured separately for each group as well as for each record. At the same time, Indeed AM provides an additional level of user protection using two-factor authentication: when authorized in the system, users indicate their domain details and confirm login using a notification in the Indeed Key mobile application or a one-time password.

The compatibility of the Indeed AM multifactor authentication system and the BearPass password management solution allows Russian companies to approach identity protection issues more comprehensively. The synergistic effect obtained through the integration of two products and their close relationship increases the convenience and reliability of access to IT systems. Thus, Indid customers get not only an easy, but also a safe way to keep corporate secrets, "said Andrey Laptev, director of Indid's product office.

The technology integration of BearPass and Indeed AM helps build an access management system that meets security standards. The use of multi-factor authentication allows you to significantly increase the protection of access to corporate secrets. We are confident that the sharing of two products will provide companies with reliable storage and management of corporate passwords and a high level of security of access to even the most critical data, "added Valery Komyagin, CEO of BearPass.

Termit Compatibility

Indid and Orion soft became technology partners. As part of the collaboration, the companies combined the capabilities of the Indeed Access Manager (Indeed AM) multifactor authentication system and the Term terminal access system. Indeed announced this on September 4, 2025.

Protection for remote access to enterprise systems to data is becoming an increasingly important task in the field cyber security for businesses of all sizes. The joint use of Indid and Orion soft products allows Russian enterprises to organize access to corporate systems and applications with local and remote user connections.

The technological integration of Indeed Access Manager and Term enhances the ability of customers to protect access, helps reduce the risk of current threats associated with unauthorized entry into the IT infrastructure and compromise of user accounts.

In the context of the development of remote work of employees, the protection of remote access becomes the most important aspect of protecting the corporate perimeter. Integration of the Indeed AM software complex with the Term system from our partner Orion soft increases the security of authentication with remote access to information resources, ensures the connection and protection of a network connection, "said Andrey Laptev, director of the product office of Indid.

Our Indide products have been tested for compatibility, so we can offer enterprise customers a solution to protect their IT systems and applications. The integration of Termit and Indeed AM systems is another step towards applying an integrated security approach that will provide Russian companies with enhanced access protection and compliance with modern security standards for remote work, "added Konstantin Prokopyev, leader of the Termit Orion soft product.

Integration with "FPSU-IP"

Indid, a Russian identity protection product developer, and AMICON, a manufacturer of information protection tools, have successfully integrated the Indeed Access Manager (Indeed AM) multifactor authentication system and a remote access software system based on FPSU-IP Client and Amikonnekt solutions. This was announced on August 12, 2025 by the Indid company.

It was reported that the joint use of Indid and AMICON products makes it possible to organize controlled secure access to the corporate IT infrastructure and ensure the safe connection of users outside the office.

The Indeed Access Manager multi-factor authentication system enhances standard password authentication, which helps reduce unauthorized access threats to corporate information security. The use of Indeed AM provides centralized access to information resources from the company's internal network and through VPN. The product supports many authentication methods, including the use of one-time passwords and push notifications. FPSU-IP Client and Amikonnekt - a set of solutions for organizing secure access to corporate resources, regardless of the user's location.

Each supports the following scenarios:

• FPSU-IP Client - allows you to create virtual public VPN networks, provides filtering of network packets, performs enciphering traffic, and can also provide access to the company's local network;
• Amiconnect - used to build private VPN connections. The system encrypts transmitted data, reducing the risk of interception and unauthorized access, allowing you to increase the security of remote work. It is based on the PKI infrastructure and certified hardware of the FPSU.

Technological integration of Indeed AM with FPSU-IP solutions Client and Amikonnekt optimizes authentication security during remote connection. The integrated application of these products ensures the optimal level of protection of access to target resources from local and remote users, as well as full compliance with modern security standards.

Through a technological partnership with AMICON, our customers have a comprehensive access control and security solution. The software package based on FPSU-IP solutions Client and Amikonnekt allows organizations to reduce security risks during remote work. At the same time, thanks to the enhanced authentication mechanism, Indeed AM provides protection for access to information resources, regardless of the user's geography when connecting. narrated by Andrey Laptev, Product Office Director, Indid

The integration of AMICON and Indid solutions is a step towards creating a safe and convenient environment for remote work. We see that for many organizations, the issues of secure access and reliable authentication become critical, especially in the context of distributed commands. The joint solution combines our competencies in protecting data channels with access control technologies from Indid. noted Georgy Korablev, Deputy General Director for Business Development of AMICON

Integration with ViPNet Client 5

Indeed and InfoTeCS have integrated Indeed Access Manager (Indeed AM) system-based authentication and ViPNet Client 5 software to protect user workplaces. Indeed announced this on July 29, 2025.

The integrated application of Indeed AM and ViPNet Client 5 allows secure access with multi-factor authentication to the IT resources of organizations protected by ViPNet technology, with local and remote connection. This ensures that only authorized users will access the target resources.

Indeed Access Manager enhances standard password authentication in ViPNet Client 5 to help reduce threats from unauthorized access to ViPNet protected network resources. To gain access to the corporate network, users undergo two-factor authentication: they indicate their domain credentials data and confirm login using push notification mobile application in Indeed Key. The ViPNet Client 5 software complex protects a network connection using a VPN connection built on the basis of cryptographic protection methods. The solution allows you to create encrypted - VPN channels, reliably protects against external and internal networks attacks by filtering traffic using the built-in one. firewall

{{quote 'We pay special attention to cooperation with Russian developers in order to offer mature and functional security solutions through joint products. This makes it possible to increase the cyber resilience of companies in the face of growing threats. The integration of Indeed AM and ViPNet Client 5 products has become an operational response to the requests of our customers who need to protect user access through VPN connections and within the corporate network, - said Andrey Laptev, director of the product office of India. }}

Thanks to our technological partnership with Indid, we offer our customers a solution that provides familiar and reliable protection of communication channels with simple but secure access to corporate resources using enhanced authentication scenarios, "added Alexander Vasilenkov, Head of Product Department of InfoTeCS.

Integration with NGFW "Continent 4"

Indid, Russian solution developer in the field of Identity protection, and, "Security Code" a domestic supplier of certified funds, INFORMATION SECURITY have created a technological partnership to increase the cyber resilience the Russian of organizations and strengthen the protection of access to key IT systems. As part of the collaboration, the companies conducted integration multifactor authentication the Indeed Access Manager (Indeed AM) and (NGFW) systems Next Generation Firewall , "Continent 4" Indeed officials said on July 14, 2025.

Sharing these products enhances the ability of customers to secure access to their IT infrastructure, enabling a comprehensive approach to security when connecting from both an internal network and virtual private networks (VPNs). This helps reduce cyber threats associated with unauthorized use of accounts.

Continent 4 protects the external network perimeter and confidential data in open communication channels with the help of Russian, algorithms enciphering and also allows you to strengthen control over devices connected to the corporate system and perform network microsegmentation more efficiently. The solution supports various modes VPN and centralized management of cryptographic keys.

Indeed Access Manager allows you to organize controlled centralized access to information resources and provides them with additional protection, strengthening standard password authentication. The system implements several authentication methods, including the use of one-time passwords and push notifications in the Indeed Key mobile application.

Companies implementing the Continent 4 firewall for network access control receive an additional layer of protection - the multifactor authentication mechanism implemented in Indeed AM. After providing the first authentication factor, the second factor is requested from the user - a one-time password or push notification in the Indeed Key mobile application to confirm login. In this case, authentication is carried out regardless of whether users are at their workplaces or connect remotely.

"We can confidently say that over the past few years, accounts data have become a new security perimeter for companies. They require effective protection based on an integrated approach. In the changed realities, our cooperation with the company "Security Code" is not just integration Russian technologies. Against the backdrop of rapidly increasing cyber threats, we are joining forces to guarantee our customers the highest level of protection of their network perimeter. To do this, we provide reliable and controlled user access and enhanced authentication, "explained Andrey Laptev, director of the product office of Indid.

"The technological integration of domestic developments is another important step towards the digital sovereignty of Russian companies in the field of information security. With this in mind, we strive to develop partnerships with vendors whose solutions have already proven themselves in the information security market. The integration of Indeed AM and Continent 4 provides organizations with an end-to-end IT security solution that is flexible and powerful. The joint use of these products allows our customers to be sure that their data is reliably protected, as well as significantly reduce risks during remote work and ensure compliance with regulatory authorities, "said Fedor Dbar, Commercial Director of Security Code.

Integration with "BAS-W" complex

Indid and NTC CONTACT, a Belarusian manufacturer of information security tools, have created a technological partnership. As part of the cooperation, the companies integrated the Indoor AM system-factorial authentication and the BAS-W cryptographic protection software. Indid announced this on May 13, 2025.

The joint use of Indid and NTC CONTACT products allows corporate customers to increase the level of security of remote access to corporate infrastructure through a VPN connection.

Indeed Access Manager enhances the standard system, password authentication which helps reduce threats to corporate security information related to unauthorized access. To access the corporate network via VPN, users undergo two-factor authentication: they specify their domain credentials data and confirm login using push notification mobile application in Indeed Key. The ALS-W software complex, in turn, protects the network connection and VPN connection for devices operating under control. OS Windows

Thus, the integration of Indeed AM and "ALS-W" increases the security of authentication when connected remotely. The comprehensive application of these products ensures that only authorized users will gain access to target resources.

Cooperation with "NTC CONTACT" is an important part of the Indian development strategy in the Belarusian market. We see a demand from our Belarusian customers for modern and reliable solutions for identity protection and access control. The technological integration of Indeed AM and ALS-W products will provide customers with a high level of security for corporate systems and data. Now, thanks to advanced authentication capabilities, users can safely access information resources even when connected outside the corporate perimeter, "said Andrey Laptev, director of the product office of Indid.

Partnership with Indid is an example of how combining efforts and advanced technologies can contribute to the creation of a reliable and secure IT infrastructure for Belarusian organizations. The use of our ALS-W software complex together with Indeed AM allows you to fulfill the highest requirements for protecting user credentials and guarantee customers the necessary level of security when connected remotely. It is achieved using multifactor authentication mechanisms implemented in Indeed AM, "added Anatoly Teplyakov, Director of NTC CONTACT CJSC.

Indeed AM 9.2 with Linux support

Indid On April 21, 2025, the company "" introduced an update to Indeed Access Management (Indeed AM), a software complex for centralized access and account control. In version 9.2, the developers added support OS Linux and improved user search for requests. authentications

The added functionality of Indeed AM will help Russian companies simplify the transition to an import-independent technology stack. In version 9.2, users have the ability to run and install some of the Indeed AM components on servers running Linux. Support for two-factor authentication mechanisms in a Linux environment is carried out using the Indeed FreeRADIUS Extension module, which is designed for services and applications compatible with the RADIUS protocol.

Another important update to Indeed AM 9.2 is designed to improve user directories. Authentication requests now search for users in multiple directories faster, and if some of them fail, the system continues to interact with the available directories. This makes it possible to optimize the process of searching for users and significantly reduce the time required for their authentication.

Indeed has made a number of improvements to the Indeed AM Management Console, which allows for more flexible product management. In particular, administrators can independently select and configure the format in which the user name should be displayed in the console. In addition, the ability to search for users has been enhanced by adding new search attributes. In Indeed AM 9.2, authentication providers can be configured centrally in the management interface rather than in the registry editor as before. Now most of the parameters for setting up the product are collected in one place, which provides a faster and easier installation of providers and allows you to optimize the work of administrators.

Other changes that developers have made to Indeed AM 9.2 are aimed at improving system security. To minimize the risks of unauthorized access by attackers, requests to the API are now made only if there is a client certificate trusted by the Indeed AM server. In addition, administrators have the ability to prohibit authentication for users who are not included in any Indeed AM access policy.

"The release of this release was an important step in our desire to provide Russian companies operating in import substitution with the most flexible and reliable tools for managing user access. One of the key tasks of version 9.2. - Run Indeed AM on Linux operating systems. In addition, we have migrated the main components of Indeed AM to a more up-to-date ASP.NET Core framework. This will allow us to further develop the product in a single framework for versions compatible with both WIndows and Linux. Also, many updates have been added to Indeed AM 9.2 to improve the convenience and safety of the product, "noted Nikolay Ilyin, Product Head of Indeed AM.

2024

Integration with S-Crypto VPN 1.0

December 3, 2024 Indid, Russian developer of solutions for identity security, and Es-Crypto, a leading Belarusian manufacturer of cryptographic protection, announced a technological partnership. The key goal of the collaboration is to optimize the security level of remote access to the corporate infrastructure through the integration of Indeed Access Manager (Indeed AM) and S-Crypto VPN 1.0 products.

Indeed AM

As reported, Indid and Es-Crypto are joining forces to provide corporate clients with the optimal level of protection for IT systems and credentials when connecting via virtual private networks (VPNs). This task is solved by controlling user access and enhanced authentication.

The Indeed Access Manager software package allows you to organize controlled centralized access to information resources and systems both from the internal network of the company and from an external one, for example, VPN. The product supports many authentication methods, including the use of one-time passwords and push notifications.

S-Crypto VPN 1.0 provides VPN creation using certified cryptographic security methods, including support for TLS protocols, traffic tunneling and filtering using the built-in firewall. It also supports VLANs and manages traffic priorities.

The integration of Indeed AM and S-Crypto VPN 1.0 reduces the risk of unauthorized access to corporate IT resources and provides them with additional protection using one-factor and. two-factor authentication When one factor is applied, it is enough for the user to specify a login and a one-time one. password If two factors are used, then at the first stage the user enters a login and a permanent password, and at the second stage he indicates a one-time password or receives mobile application a push notification in Indeed Key to confirm the login. At the same time, the authentication details are displayed on the screen - smartphone the user always sees which system he is logged into., Server necessary for the Indeed Key application to work, is deployed locally - according to the on-premium model.

In addition, the integration of Indid and Es-Crypto products provides secure remote access without the need to install additional agents on users' devices - so the authentication process is simple and convenient.

One of Indid's key tasks is to provide corporate users with not only a level of credential protection, but also a flexible and convenient solution. The integration of Indeed AM with S-Crypto VPN 1.0 provides a secure remote connection to infrastructure from anywhere in the world using VPN networks. Thanks to the enhanced authentication mechanism, Indeed AM provides reliable protection for access to information resources. noted Andrey Laptev, director of the product office of Indid

{{quote 'author
= added Valery Vizhukailo, director of Es-Crypto LLC|S-Crypto VPN 1.0 uses certified cryptographic protection methods and supports flexible configuration at the traffic level, therefore it is suitable to ensure the security and scalability of the corporate infrastructure. At the same time, technological partnership with Indid allows us to provide the necessary level of protection when users are remotely connected through multifactor authentication mechanisms that are used in the Indeed AM system.}}

HOSTVM Platform Compatibility

INDID and HOSTVM on July 18, 2024 announced the technological compatibility of the Indeed Access Manager (Indeed AM) multi-factor authentication solution with  the HOSTVM virtualization splatform. Read more here.

Red OS Compatibility

On June 13, 2024, Indeed and Red Soft announced the compatibility of the Indeed AM software complex with the Red OS operating system.

Now, with the help of the enhanced authentication product Indeed AM, users can safely access the RED OS operating system. This capability is provided by the built-in Pluggable Authentication Module (PAM). Authentication is performed regardless of whether users are in the workplace or remotely connected.

Indeed AM supports both single-factor and single-factor. In two-factor authentication the first case, it is enough for the user to enter a one-time password password, and in the second case, in addition to such a password, you need to enter your domain credentials. data This ensures a high level of security when logging in.

The technological integration of Indeed AM with RED OS provides support for various authentication methods: Software TOTP, SMS OTP, Telegram, Email OTP, Hardware HOTP and others.

According to the test results, the companies signed a compatibility certificate confirming the operability and correctness of the enhanced authentication system Indeed AM under the RED OS operating system.

{{quote 'Our partnership with RED SOFT allows Russian companies to use advanced technologies to strengthen information security and thereby help them meet the criteria of the import substitution program. This once again confirms our desire to provide high-quality solutions that meet the requirements of Russian companies, "said Andrey Laptev, Head of Product Development at Indid. }}

We are pleased to provide our users with new opportunities to strengthen information protection measures. Indid solutions are suitable for organizations wishing to implement advanced information security measures from domestic developers. We thank Indid for their fruitful cooperation!, - commented Rustam Rustamov, Deputy General Director of RED SOFT.

Compatibility with Rosa Chrome

The companies Indid ROSA have confirmed the compatibility of the Indeed Access Manager (Indeed AM) solution, which implements enhanced technology, authentications with. operating system ROSA Chrome IT Rosa Scientific and Technical Center announced this on May 21, 2024.

The Indeed AM software package allows you to securely log into the ROSA Chrome operating system with local and remote access using the Plugable Authentication Module.

According to the test results, the companies signed a compatibility certificate. The document confirms the functionality of the Indeed AM software (NPS Radius Extension module) during remote connection via SSH, RDP protocols and during local entry into the ROSA Chrome 12 OS, as well as the correct functioning of the product together with this system within the framework of the specified scenarios.

To access the operating system, the user needs to undergo enhanced authentication. Indeed AM provides both one-factor and two-factor authentication. In the first case, it is enough to specify a login and a one-time password, and in the second you must first use the login and password of the domain account, and then enter a one-time password.

The technological integration of the ROSA operating system Chrome and Indeed AM provides support for the following authentication technologies - using the software password generator using the TOTP algorithm and through push notifications that come to the Indeed Key mobile application.

TrueConf Server Compatibility

Russian companies Indid and Trukonf on March 18, 2024 announced the technological compatibility of their products: the Indeed Access Manager enhanced authentication system and the TrueConf Server corporate communications platform. Integration will help protect data from unauthorized access in the event of user login and password leaks.

Indeed Access Manager implements centralized authentication management policies and various enhanced and multi-factor authentication scenarios for TrueConf login.

The joint use of two Russian systems allows replacing standard authentication with more secure enhanced authentication technology in order to neutralize the threat of gaining access to corporate data, which is possible due to human factors, login and password leaks and other cases leading to access compromise. At the same time, all authentication data is stored in the protected storage of the Indeed AM system.

For enhanced user authentication, many different technologies are used, in particular biometric authentication, push authentication, authentication using hardware, digital certificates or one-time passwords issued by local generators or sent by SMS or e-mail.

Confirming the technological compatibility of Indeed AM with the TrueConf VKS platform is another important step for us. Now we can better meet the needs of organizations that are obliged to use only domestic solutions in their IT perimeter. Integration with TrueConf will ensure reliable access protection and increase information security of Russian companies, - said Kirill Michurin, head of the sales group of Indid.

2021: Compatibility with VeiL virtualization ecosystem products

Within the framework of technological cooperation, specialists of the Research Institute "," Scale which is part of the Concern "Automatic equipment State Corporation," and Rostec representatives of the company Indid"" tested for compatibility and correctness of the ecosystem software products virtualizations VeiL and the Indoor Access Manager software complex. This was announced on November 10, 2021 by the Avtomatika company. Positive test results will enable market participants to use joint solutions of companies. More. here

2019: Indeed Access Manager 7.1

Indeed ID released the release of Indeed Access Manager (formerly Indeed Enterprise Authentication) 7.1 on March 19, 2019.

Capabilities of Indeed Access Manager in version 7.1:

using and Authentication mobile application product-based push notifications Indeed AirKey Cloud

Indeed AM was integrated with Indeed AirKey Cloud: a client server platform where the client is an application for smartphone running and. operating systems iOS Android To switch to this technology, you will need to deploy the Indeed AKC server, install Indeed AirKey Cloud on Provider the Indeed AM server and install the mobile application. During authentications , a push notification appears on the device.

When you click on the notification, you will be taken to the Indeed AirKey application, where additional information and buttons will be displayed to confirm or deny the authentication request.

Indeed ID claims that the technology is a secure replacement for SMS. Unlike SMS messages, where information is transmitted in an unprotected form, in Indeed AirKey Cloud all data transmitted to the user's smartphone is encrypted using asymmetric cryptography, which guarantees the ability to view data only on the device for which it is intended.

Hardware TOTP Provider

Added support for hardware TOTP tokens. Such are presented, for example, in the eToken PASS line.

The following algorithms are supported:

• HMACSHA1
• HMACSHA256
• HMACSHA512

Using Indeed SAML IdP for Authentication in Administration Console and Indeed AM User Self-Service

Along with Windows authentication in Indeed Enterprise Management Console and Indeed Self Service, it became possible to authenticate via Indeed SAML IdP.

According to the developer, the advantage of the technology is:

• authentication using any authentication methods supported in AM 7.1
• ability to request multiple authenticators from the user at the same time
• support for scripts outside the Active Directory domain

Among other changes in Indeed ID, highlighted:

• Separate web application for Self Service for publishing outside the corporate infrastructure over the Internet
• Unification of SAML IdP and IIS Extension authentication page design

2018

Tasks to be solved and basic description of the functionality of Indeed Access Manager

• Replacing Passwords with Biometric Employee Authentication - Windows Access and Business Applications
• Single point of access to your company's IT systems - Enterprise SSO and two-factor authentication
• Protection of published enterprise applications - two-factor authentication and one-time passwords in VDI, VPN and Web applications
• Using RFID Cards to Access Information Systems
• Two-factor smart card authentication in OS and applications
• Meet PCI DSS user authentication requirements

Supported Authentication Technologies

The system supports more than 20 access technologies, including:

Smart cards and USB keys from any manufacturer

• Smart cards and USB keys from any manufacturer
• Biometrics: fingerprint, palm vein pattern, 3D face image
• RFID-карты: Mifare, EM Marin, HID Prox, HID iClass
• One-time passwords: OATH TOTP/HOTP, SMS, OTP keychain, smartphone application

All supported technologies can be combined. For example, you can authenticate users by fingerprint and contactless card, smart card and OTR, etc.

Application Area

From the moment an employee is hired, he begins to interact with information stored and processed in various it-systems. Each system creates an account, determines the rights and password. The employee is given a pass to enter the building, the work time is determined, the office and computer are allocated. Every day, an employee gets access to company data, moves around the office, works from home, flies on business trips. Career advancement, the emergence of new duties require constant modification of rights, and dismissal of instant blocking of the access profile and deletion of credentials. In organizations where hundreds, thousands or tens of thousands of employees work, it is impossible to effectively manage the listed processes without using special tools.

The product line of Indeed AM allows you to partially or completely automate many of the listed operations, reduce their execution time, avoid downtime and simplify the work of each category of users. The presence of an independent central event log helps with incident analysis and information collection. The integration of the solution with third-party systems allows you to gain additional return on investment, achieve seamless and continuous operations.

Indeed AM includes a number of components that allow you to consolidate the procedures for managing, providing and gaining access to information systems within a single complex.

Currently, manual password entry is used in 90% of systems, which poses a threat to the information security of companies. The Indeed AM complex is based on authentication technology, which allows you to abandon the use of passwords in the corporate environment. No matter where an ordinary user gets access: Active Directory resources, corporate portal, mail system or remote desktop of the terminal server, Indeed AM saves employees from remembering, changing and tedious password entry. To authenticate its users, the complex provides support for a range of modern technologies, most of which are included in the minimum package.

Account management, modification of access rights, reset of forgotten passwords, restriction of access when special conditions arise, issuance or suspension of certificates - that list of operations, most of which are amenable to full or partial automation. Thus, companies today can begin to cut their costs.

Indeed Enterprise Authentication 7.0 (22.08.2018)

The company has completed work on a new version of Indeed Enterprise Authentication. Despite being numbered 7.0, the version is technically a brand new product.

The server is a ASP.NET application deployed on an IIS web server, allowing you to work with multiple servers combined into farms to provide the required level of performance and fault tolerance.

The storage can be Active Directory and MS SQL systems. The data in the vault is encrypted and is only editable through the Indeed EA server.

The user directory is an external database with respect to the product in which the user information is stored. The Active Directory system is supported as a user directory in release 7.0, and in the future various DBMS, LDAP directory and other systems will be supported. Multiple user directories can be connected to the solution at the same time.

The log server is used to log and audit all events of the Indeed EA system. Events can be stored in the DBMS, in the Windows Event Log, or in the syslog format. The log server is a ASP.NET application, the solution allows you to install several log servers combined into a farm.

The Administrator Web Console was introduced as an interface for managing licenses, user profiles, and log browsing previously. A new release has added a user self-service service.

The integration modules are responsible for embedding the solution in the authentication process in the target application or protocol.

Added support module for the international authentication standard SAML 2.0 (Security Assertion Markup Language) Centralized token management functionality (registration, release, recall, blocking, resynchronization, etc.)

2017

Indeed Enterprise Single Sign-On (Indeed Enterprise SSO)

A system for centralized control of user access to the company's information resources. Indeed Enterprise SSO implements Single Sign-On's enterprise-wide approach. The system centrally stores user passwords from all applications that require authentication, and automatically substitutes them when the application requires it, thus saving employees from remembering and storing passwords in secret, from manually entering passwords from the keyboard, from periodically changing passwords according to password security policies.

Tasks to be solved

• strict and enhanced authentication when accessing applications
• end-to-end authentication in applications
• strict and end-to-end authentication in terminal mode applications (Remote Desktop, VDI, Citrix)
• Logging Administrator and User Actions

Application platforms supported

The system can be used to organize access to both boxed applications and custom-designed applications. The following platforms are supported:

• Windows applications
  • Application Java

• .Net-applications
• Web applications using browsers: Internet Explorer, Mozilla Firefox

Supported Authentication Technologies

The system supports more than 20 authentication technologies, including:

• smart cards and USB keys from any manufacturer
• biometrics: fingerprint, palm vein pattern, iris
• RFID-карты: Mifare, EM Marin, HID Prox, HID iClass
• one-time passwords: SMS, OTP keychain, smartphone app

In this case, all supported technologies can be combined with each other, for example, you can authenticate users by fingerprint and contactless card, smart card and OTR, etc.

---

The implementation of the Indeed-Id program allows the company to build an effective user account management system that is convenient for both ordinary employees and administrators and security specialists.

System users do not have to remember many passwords made up of a number of characters. Administrators get convenient mechanisms for configuring access levels for different categories of users. And the security service will be able to control the actions of employees and, in case of registration of violations, successfully find their cause and culprit.

The company offers more than 20 ways to identify users. These include working with one-time passwords, biometric fingerprint authentication, access to the system by card. If enhanced access control is required, the company's specialists will offer one of the methods for multifactorial verification of users before logging in. For example, combining a one-time password with a smart card.

A one-time password must be generated using a well-known scheme of characters that appear on the screen. The characters are updated each time, but the principle of compiling a password from them remains the same. Therefore, third-party users cannot find the key to logging in, and it is not difficult for company users to work according to such a simple scheme. The access card assumes the presence of a card reader that reads information from it and passes the user into the database. A more expensive but also more reliable method of authentication is fingerprint access. It ensures that only a user of a particular computer can log into its system, since the fingerprint cannot be transferred to another person or accidentally lost.

The system centrally stores user passwords from all applications (requiring authentication) and automatically substitutes them when the application requires it. Indeed-Id Enterprise SSO technology is applicable to any type of application (windows, java, web), regardless of their architecture: single-link, two-link, three-link, "thick" client, "thin" client, terminal applications.

Indeed-Id Enterprise SSO saves employees from storing and storing passwords in secret, from manually entering passwords from the keyboard, from periodically changing passwords according to password security policies.

The system consists of server and client components. The server provides centralized management of all user credentials and authenticators. The client part is installed on each workstation. The client component (agent) intercepts the user's access to resources, inviting him to go through a universal authentication procedure. If the procedure is successful and the user is allowed access, the agent passes the login and password to the requested resource.

One of the ways to transfer the login and password is to automatically fill in the required fields and forms in the application dialog. This approach allows you to use Indeed-Id to access almost any application.

Integration with Solar inRights and Indeed Card Management

On August 9, Solar Security and Indeed Identity announced the development of a joint integration solution that combines the capabilities of the Solar inRights IGA platform (Identity Governance and Administration), the Indeed Enterprise SSO single sign-on system and the Indeed Card Management public key infrastructure management system. The solution improves information security and saves human resources in the company by automating processes related to granting access rights and managing the user password lifecycle. You can read more about the event here.

2016

Indeed Enterprise Authentication 5.4

On March 2, 2016, Indeed ID announced the release of a version of the Indeed Enterprise Authentication and Indeed Enterprise SSO information resource access control systems. The new edition of Indeed EA/ESSO 5.4 introduces a number of new features and capabilities.

Distributions include the Indeed Enterprise Management Console (EMC Indeed) tool for centralized administration of Indeed ID systems and provides the administrator with a complete set of tools for managing system parameters and users. The tool is implemented in the form of a web application that is deployed on the basis of the Microsoft Web Server (IIS) and does not require installation at each administrator workplace. EMC's Indeed enhances ESSO management by enabling changes to individual user data from role accounts. All information about users of the system is combined into profiles that group authenticators according to the login method, and Single Sign-On accounts - according to the user's membership in the role.

The ability to use the Indeed EA and Indeed ESSO systems in the enterprise in the employee replacement mode has been added. In the event of a temporary absence of the user (sick leave, leave, etc.), the administrator can give the deputy access to the credentials of the absent employee for a limited period. The authenticators and passwords of the substitute employee remain unknown to the alternate. Access to IT resources is provided to the deputy for authenticators registered in the system to him. The event log records a delegated logon event. When the replacement period expires, you cannot access the account data of the substitute employee.

To provide access to IT resources exclusively using strong authentication technologies, it is possible to exclude a password from the list of logon methods for certain workstations.

The software interface for automating user profile management operations Indeed ESSO implemented using scripts executed Microsoft Windows in the PowerShell environment has been significantly expanded.

In addition, the version expands the capabilities of personalizing the user interface of the system, adds the ability to determine the priority of searching for Indeed servers outside the site, optimizes the algorithm for checking the availability of storage for Indeed servers, optimizes the compression of SSO data during storage and transmission over the network.

Indeed ID Enterprise SSO 5.4

On March 2, 2016, Indeed ID announced the release of version 5.4 of the Indeed Enterprise SSO system and access control for information resources Indeed Enterprise Authentication.

The distributions include the new Indeed Enterprise Management Console (EMC Indeed) for centralized administration of Indeed ID systems and provide the administrator with a complete set of tools for managing system parameters and users. The tool is implemented in the form of a web application that is deployed on the basis of the Microsoft Web Server (IIS) and does not require installation at each administrator workplace. EMC's Indeed enhances ESSO management by enabling changes to individual user data from role accounts. All information about users of the system is combined into profiles that group authenticators according to the login method, and Single Sign-On accounts - according to the user's membership in the role.

The ability to use [[|the Indeed EA and Indeed ESSO systems in the enterprise in the employee replacement mode has been added. In the event of a temporary absence of the user (sick leave, leave, etc.), the administrator can give the deputy access to the credentials of the absent employee for a limited period. The authenticators and passwords of the substitute employee remain unknown to the alternate. Access to IT resources is provided to the deputy for authenticators registered in the system to him. The event log records a delegated logon event. When the replacement period expires, you cannot access the account data of the substitute employee.

To provide access to IT resources exclusively using strong authentication technologies, it is possible to exclude a password from the list of logon methods for certain workstations.

The software interface for automating user profile management operations of Indeed ESSO, implemented using scripts executed Microsoft Windows in the PowerShell environment, has been significantly expanded.

The possibilities of personalizing the user interface of the system have been expanded, the ability to determine the priority of searching for Indeed servers outside the site has been added, the algorithm for checking the availability of storage for Indeed servers has been optimized, and SSO data compression during storage and transmission over the network has been optimized.

2015

Indeed Enterprise AirKey

On December 16, 2015, Indeed ID developed Indeed Enterprise AirKey network virtual smart card technology for data protection. The card emulates the behavior of hardware key media and allows the execution of operations available to its physical counterparts.

In companies with a deployed PKI infrastructure, an employee smart card is a personal key for protecting and accessing data. The hardware component of such a means of protection, being lost or damaged, can become a "weak link" when used within the PKI infrastructure. The Indeed Enterprise AirKey network virtual smart card technology helps to eliminate this factor and eliminate its shortcomings.

Indeed AirKey Enterprise Presentation (2015)

Indeed Enterprise AirKey emulates the behavior of a physical smart card and allows you to perform the full range of operations and user scripts available to hardware key media: electronic digital signature, data decryption, two-factor user authentication, Single Sign-On access.

The developed technology defines a virtual smart card in several ways. In one case, the physical medium is replaced by a special storage of keys and digital certificates on the system server, in the other, the smartphone with the AirKey application installed on it becomes the personal key carrier.

The Indeed Enterprise AirKey virtual smart card works in accordance with standard protocols, interfaces and mechanisms of the PKI infrastructure. Like conventional cryptographic key media, the virtual smart card uses the PKCS# 11 standard and the Microsoft CryptoAPI interface to perform crypto operations.

In this case, private encryption keys are not transmitted to the user's PC. Depending on the implementation of the virtual smart card technology, the keys are stored either in encrypted form in the database on the system server, or in the secure memory of the smartphone and cryptographic operations are performed on the system server or the user's smartphone. With this approach, neither malware at the employee's workplace nor an attacker can compromise private keys.

To ensure security, communication channels are encrypted between all elements of the system (server, PC and/or user's smartphone) using asymmetric encryption algorithms using the TLS protocol. A ready-made crypto operation result is delivered to the user's PC.

author = Pavel Konyukhov, Technical Director of Indeed ID Conveniently, the delivery of the virtual smart card itself to the user's computer is carried out remotely, without requiring a personal visit of an employee to the system operator. For information security specialists, in addition, the procedure for removing a card from the system is significantly simplified: to stop using it, the administrator only needs to perform a remote recall of the smart card with the destruction of private keys.

For the operating system of the computer and the target applications with which the user works, the virtual smart card is indistinguishable from its physical counterpart. Excluding the user-side hardware component from the PKI infrastructure, the Indeed Enterprise AirKey virtual smart card allows you to make this process continuous.

Indeed AirKey

Indeed AirKey is an application iPhone for that programmatically emulates the behavior of a plastic smart card and thus allows you to use smartphone to store keys and digital certificates, perform strict two-factor authentications and create enhanced electronic signature of documents.

Tasks to be solved

• electronic signature of messages and documents;
• Installation and protection of [www.tadviser.ru/index.php/VPN VPN] connections
• Access to the Windows desktop
• Access to the Active Directory corporate network
• Access to business applications and web resources
• Remote Desktop Access (VDI)
• encryption of messages, documents, data.

Advantages of the Indeed AirKey Digital Smart Card over Plastic Counterparts

Indeed AirKey Digital Smart Card has significant advantages over traditional plastic smart cards:

• no costs for the purchase, maintenance and replacement of plastic smart cards, readers, USB tokens;
• unlike the issued plastic smart card, the iPhone is a user's personal device that is not forgotten at work, is not handed over to colleagues, is not borrowed for vacation;
• Wireless connection to a personal computer, laptop, or tablet no USB port required; the device retains the standard dimensions, standard weight and the usual level of comfort (usability);
• convenient graphical interface, familiar gesture control;
• iPhone CPU performance is sufficient to allow fast encryption of large amounts of data without transferring the encryption key to the PC side;
• visualization of data on the iPhone screen before executing an electronic digital signature;
• Direct IP connection of the digital smart card to web resources there is no need to install a driver, runtime or browser plugin on the computer;
• Push notification of the user (the use of a smart card in this mode allows you to confirm transactions on the go, in response to a request from the information system or another user).

The application is available in two editions:

• Indeed AirKey - digital smart card with support for RSA, SHA-1 and AES algorithms
• KripoPro AirKey - digital smart card with support for algorithms GOST R 34.10-2001, GOST R 34.11-94, GOST 28147-89, RSA, SHA-1 and AES

Problems to be solved and basic description of the Indeed-ID IAM function

• strict and enhanced PC access authentication
• strict and enhanced authentication in terminal mode of operation (Remote Desktop, VDI, Citrix)
• enhanced authentication in Outlook Web Access
• enhanced authentication on RADIUS server
• Logging Administrator and User Actions

Supported Authentication Technologies The system supports more than 20 access technologies, including:

• smart cards and USB keys from any manufacturer
• biometrics: fingerprint, palm vein pattern, iris
• RFID-карты: Mifare, EM Marin, HID Prox, HID iClass
• one-time passwords: SMS, OTP keychain, smartphone app

All supported technologies can be combined. For example, you can authenticate users by fingerprint and contactless card, smart card and OTR, etc.

Application Area

From the moment an employee is hired, he begins to interact with information stored and processed in various it-systems. Each system creates an account, determines the rights and password. The employee is given a pass to enter the building, the work time is determined, the office and computer are allocated. Every day, an employee gets access to company data, moves around the office, works from home, flies on business trips. Career advancement, the emergence of new duties require constant modification of rights, and dismissal of instant blocking of the access profile and deletion of credentials. In organizations where hundreds, thousands or tens of thousands of employees work, it is impossible to effectively manage the listed processes without using special tools.

The Indeed-Id IAM product line allows you to partially or completely automate many of the listed operations, reduce their execution time, avoid downtime and simplify the work of each category of users. The presence of an independent central event log helps with incident analysis and information collection. The integration of the solution with third-party systems allows you to gain additional return on investment, achieve seamless and continuous operations.

Indeed-ID IAM includes a number of components that allow you to consolidate the procedures for managing, providing and gaining access to information systems within a single complex. The solution includes: Indeed-ID Logon for Windows, Indeed-ID ESSO, Indeed-ID Rules System, Indeed-ID IDM, Indeed-ID Integration Pack. The combination of these components in a single ensemble, as well as integration with third-party systems, allows you to achieve optimal results in creating seamless access control procedures and user credentials.

Manual password entry is used in 90% of systems, which poses a threat to the information security of companies. The Indeed-ID IAM complex is based on the Indeed-ID authentication technology, which allows you to abandon the use of passwords in the corporate environment. No matter where an ordinary user gets access: Active Directory resources, corporate portal, mail system or remote desktop of the terminal server, Indeed-ID IAM saves employees from remembering, changing and tedious password entry. To authenticate its users, the complex provides support for a range of modern technologies, most of which are included in the minimum package.

Account management, modification of access rights, reset of forgotten passwords, restriction of access when special conditions arise, issuance or suspension of certificates - that list of operations, most of which are amenable to full or partial automation. Thus, companies today can begin to cut their costs.

2011

AGSES, a supplier of software and hardware products that provide unconditional biometric authentication, and Indid entered into a technological partnership agreement in September 2011, under which Indid integrates AGSES unconditional authentication technology into proprietary products under the Indeed-Id brand.

The integration is expected to allow the use of AGSES-based multifactor biometric authentication in the tasks of centralized management and providing users with access to information resources solved by the Indeed-Id line of software products.

AGSES technology is a breakthrough in ensuring the security of access to information and confirmation of operations, Indid said in a statement. The AGSES card stores the identity identifier of the owner in the form of fingerprint models, which allows it to be considered an electronic analogue of a person's passport. At the same time, the personal characteristics of the user are not transferred anywhere. Access to information systems is carried out by confirming the fingerprint of the owner.