Understanding PortalGuards

Server-based Password Synchronization: Managing Multiple Passwords

Highlighting the Self-service Password Reset Layer of the PortalGuard Platform

By the end of this tutorial you will be able to

How PortalGuard can help you

Understand password synch can be a midpoint between too many passwords and expensive SSO solutions

Learn about PortalGuards Server-based Password Synch

See the step-by-step Authentication Process Know the technical requirements

The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications.
Usability Single Sign-on
Password Management Password Synchronization Self-service Password Reset

Security
Knowledge-based Two-factor Authentication

Contextual Authentication
Real-time Reports/Alerts

Before going into the details

Configurable by user, group or domain hierarchy Comprehensive solution supporting multiple directories

Enables self-service password reset, recovery and account unlock

Force user enrollment (optional)

Active Directory Password Filter (optional) Cost effective and competitively priced Easy to implement

Enterprise SSO

 Single password, single interface Easier implementation Force enrollment No client-side software required

Cost effective Flexible Server-based Self-service Password Reset

Password Synch

The process of password synchronization Correlates the passwords for multiple user accounts

Password Complexity Challenges

Step One: Identifying Password Complexity Rules Rules differ from system to system causing a common hurdle to implementing password synch
Step Two: Change Password Rules on Systems

WARNING:
Microsoft AD: no maximum password length or prevent specific characters IBM System i: typically maximum length of 10 with special character limitations

Multiple Directories
(including MS Active Directory, Novell eDirectory, IBM System i, LDAP v3-compliant, and custom SQL user tables )

Self-service Password Reset

Real-time synch

Consistent set of password rules

Active Directory Password Filter

Features:
Ability to link a users primary account to accounts on multiple systems/directories All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time Aligns password complexity rules to reduce barriers to password propagation Requirement to link accounts is policy driven which can be specific to the user, group or domain hierarchy Account linking can be enforced or made optional Supports multiple user account repositories

 Password Synch - eliminate the need for users to remember different passwords Ease of Use - manage passwords from single consistent interface Self-service - unlock accounts and reset passwords from one place Seamless Integration - with existing logins using sidecar mode Lower Costs - reduce password-related calls and required IT support Increased Productivity - and user adoption for new services/websites

HOW IT WORKS

How to link an account.

Step 1: the user logs into a Windows workstation or an existing internal website. PortalGuard is notified of the logon and checks its policies to see if the user:

Is required to link to an account in another directory, and If they have yet to do so

How to link an account.

Step 2: Once the user provides the correct password, the secondary account password will be immediately synched with the primary if necessary

Step 1:
The user has forgotten their password and clicks Forgot Password? link on the Windows logon screen or website logon page

Step 2:
The user chooses to reset their forgotten password and proves their identity by correctly answering a series of challenge Q&A or entering an OTP

Step 3:
The user enters a new password that satisfies all linked account systems. The PortalGuard server resets all linked accounts to use this password and unlocks the accounts as well.

Step 4:
Immediate feedback is given to the user that the password reset was successful on all linked accounts.

Configurable through the PortalGuard Configuration Utility:

Password Synchronization Dictionary Words Regular Expressions Password History Minimum Length Maximum Length Minimum: Lowercase characters Uppercase characters Numeric characters Non-alphanumeric characters Enforce AD Complexity Password Rule Grouping Password Strength Meter Password Policies:

TECHNICAL REQUIREMENTS
PortalGuard Desktop for Windows workstations

Sidecar Mode enforce account linking on existing website

AD Password Filter enforce custom password policy for native Ctrl+Alt+Del Windows password changes

A MSI is used to install PortalGuard on IIS 6 or 7.x.

This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only.

Microsoft Active Directory Windows 2000 AD domain or later Novell eDirectory 8.7 or later IBM System i - V5R2 or later Any LDAP v3-compliant directory Custom SQL user tables Microsoft Windows Server 2000 Microsoft Windows Server 2003 (32 or 64-bit) Microsoft Windows Server 2008 (32 or 64-bit) Microsoft Windows Server 2008 R2 Windows Terminal Services on Win2003 Remote Desktop Services on Win2008
IBM WebSphere/WebSphere Portal v5.1 or higher Microsoft IIS 6.0 or higher Microsoft Windows SharePoint Services 3.0 or higher Microsoft Office SharePoint Server 2007 or later

THANK YOU
For more information visit PortalGuard.com or Contact Us