Advanced Multi-factor Authentication Using Your Access Control Credential
As we all know the use of technology is an integral part of success in business today. Super-fast internet, cloud computing, mobile phones and tablets are underpinning a global phenomenon of reliance on technology. So much of what we do at work now happens online. It is therefore not surprising that cybersecurity issues are making frequent headlines in the wake of recent and repeated hacks and leaks from large corporations; victims even including household brands like Boots, Virgin Media, and Tesco Clubcard. It is estimated that the cost of breaches, identity theft, and other cybercrimes will double, from $3 trillion in 2015 to $6 trillion by 2021.
If you find yourself using a username and password this is simply no longer effective, particularly against phishing and spear phishing and credential stealing malware. This is where an authentication package like HID® DigitalPersona® will be a better defence against unauthorised access. HID® DigitalPersona® deploys Multi-Factor Authentication (MFA) so that if your password has been compromised (the only factor needed to gain access to your network) then a second or third factor is needed.
To make it very easy, your access control card could be used as that additional factor via a cheap desktop reader on your desk. Due to the overwhelming growth in technology, there is a greater need to keep data safe. After all, if you are using physical access control systems to lock the door, why would you keep the windows open?
Read more about how HID® DigitalPersona® closes every gap in user authentication for business of all sizes and our further blog posts on this subject. We have included a comprehensive resources section at the end including a video demonstration.
HID® DigitalPersona® - an incredibly flexible, low-cost solution
DigitalPersona® closes EVERY gap in user authentication for organisations of all sizes
In addition to the traditional set of authentication factors – WHAT YOU HAVE, WHAT YOU ARE, WHAT YOU KNOW – the HID® DigitalPersona® solution offers complete protection using risk-based analytics. This adds WHAT YOU DO (user behaviour), WHERE YOU ARE (GPS location, IP address) and WHEN YOU ACT (time frame). Now you can choose the right level of protection for every application, for every user and every system.
When compared to limited authentication methods, DigitalPersona® supports a huge choice of authentication factors to satisfy all use cases, architectures, and compliance mandates to truly give full coverage.
HID® DigitalPersona® will give complete coverage of your IT system
With the growth in cloud adoption, products can understandingly focus on just cloud and single sign-on (SSO) applications and a particular subset of an IT system. But what about your mainframe, client and server logon, desktop client applications, VDA and VPN? Would you lock the door at home but leave the windows open? You may have your cloud secured but what about all your IT assets?
HID® DigitalPersona® addresses this problem by giving full coverage and, in addition, protecting mobile devices and even legacy mainframe apps which may continue to play a role for many. Complete coverage is finally possible in complex IT environments.
HID® DigitalPersona® can facilitate a ‘touchless experience’ for ease of use when logging in
HID® DigitalPersona® factors are so broad that customers can craft a very convenient and touch-free experience when authenticating.
You may want to consider facial recognition or the use of contactless cards for example. With hygiene at the forefront of people’s minds, HID® DigitalPersona® can be configured so users can use their own exclusive personal devices with factors such as OTP devices or Mobile Push Notifications. For some users, mobile push notifications can be authenticated via facial recognition. Removing time-consuming layers and facilitating a touchless experience are real options to explore.
HID® DigitalPersona® takes away any complexity and makes it easy for users to adopt
‘Complexity’ and ‘lack of staff to manage’ are very often the number the barriers to adoption. HID® DigitalPersona® takes the complexity away with a human-proof solution. By offering the widest array of authentication factors, including BYOD, organisations can genuinely adopt strong authentication factors without the fear of user adoption. The flexible toolset simplifies administration with features such as self-service password recovery to reduce the burden on administration.
HID® DigitalPersona® facilitates ease of installation and rapid adaptability
With HID® DigitalPersona® you can leverage your existing IT infrastructure and deploy in ‘weeks’ rather than months. This is due to the flexibility HID® DigitalPersona® offers in certain areas such as:
- Leveraging industry authentication interface standards such as SAML, ADFS, Azure AD, FIDO.
- Facilitating ease of integration with existing IT infrastructure. No proprietary tools are needed to learn, manage, or administer the system.
- No weighty solution requirements are needed such as application modifications, new server installation and configurations. Includes a comprehensive DigitalPersona® API.
- Common administrative and user interfaces providing visibility to the entire authentication landscape via a single lens.
Converged Access Control
To meet the growing security needs of today’s organisations, Physical Security and IT are aligning their objectives to reduce both risks and ensuring greater convenience with users by having one card for both applications.
HID® DigitalPersona® can explore using your existing physical access control credential as an authentication factor with its flexible portal of credentials. 125khz proximity, 13.56Mhz and ISO7816 contact smart cards can be integrated.
Choose between 2 packages:
Option 1 - HID® DigitalPersona® Premium
PREMIUM KEY COMPONENTS | |
---|---|
HID® DigitalPersona® Logon for Windows | - Provides fast and secure device logon - Includes behavioral and contextual risk-based policies |
HID® DigitalPersona® Client DigitalPersona® Console with Enrollment, Policy Engine and Core | - Connects to HID® DigitalPersona® server for enrollment, authentication and policy enforcement - Provides tools for user enrollment |
HID® DigitalPersona® Mobile Enrollment Client | - Offers strong attended enrollment on a Windows mobile platform to onboard users in disconnected mode |
HID® DigitalPersona® Password Manager | - Enforces strong MFA for Windows, web and legacy apps - MFA unlocks username/password to fill in authentication forms - Includes password randomization and self-serve reset |
HID® DigitalPersona® SAML SSO Portal | - Allows for app integration using SAML protocol - Provides browser-based SSO Portal for accessing SAML enabled apps |
HID® DigitalPersona® Access Management API | - MFA authentication SDK for custom app integration - Native SDK – interfaces include C, Java and .NET - Web services interface – for integration with web apps - Eliminates the need for password-based authentication |
SERVER MODULES | |
HID® DigitalPersona® Server Policy Engine and DB (AD or LDS) | - Creates, distributes, and enforces MFA policies - Acts as a central repository for user credentials |
HID® DigitalPersona® RADIUS VPN Extension | - Provides two-factor authentication for remote access |
HID® DigitalPersona® SAML Identity Provider | - Allows users to authenticate at an identity provider (IdP) and then access apps without additional authentication |
PREMIUM INTEGRATION OPTIONS
A rich array of integration options – from native integration to SAML to our own industry-leading password manager – helps to ensure that all applications are covered.
- Integration of SAML enabled applications
- SSO application portal on both Window and mobile platforms
- Customers option to remove all passwords
- Comprehensive HID® DigitalPersona® API management enables tightly integrated implementation
- Full scalability across on-premise and cloud services
- Secure and convenient authentication application overlay
- Allows customers to quickly provision apps without modifying source code
- Out of the box integration with Windows logon
- Includes all factors including contextual and risk-based
- Up to 3-FA, any combination
Option 2 - HID® DigitalPersona® Logon For Windows
Typical Configurations…
HID® DigitalPersona® Hosted in the Azure Cloud
For customers that have opted for a cloud-based Azure model, with (1) or without (2) an on-premise Active Directory, HID® DigitalPersona® SSO for Office 365 fits like a glove. It can be hosted in an Azure instance to provide multi-factor authentication or Office 365 apps as well as the extended set of SaaS apps supported by Azure.
1) HID® DigitalPersona® Server Hosted in Azure, On-premise AD
2) HID® DigitalPersona® Server Hosted in Azure, No On-premise AD
3) HID® DigitalPersona® Server Hosted in Azure with full Application Coverage
HID® DigitalPersona® Server On-Premises Deployment Options
Customers have the option to install the HID® DigitalPersona® Server on-premise to provide composite authentication protection for Azure SaaS applications. HID® DigitalPersona® supports customer configurations using either (4) Office 365 Federation or (5) Microsoft Active Directory Federation Services (AD FS). In either case, DigitalPersona® can be extended to provide full application protection with the addition of an endpoint client.
4) On-Premise Server Deployment, Office 365 Federation
5) On-Permise Server Deployment, Microsoft AD FS
Take your security to the next level by adding biometric technology to the DigitalPersona solution. This range of readers offers huge flexibility with both USB desktop readers and modules, all designed to work seamlessly with the DigitalPersona solution.
White Papers
HID® Advanced Authentication Buyers Guide
This document was created to aid you in your selection of an advanced authentication vendor and help ensure that your choice is the right one for your organization.
Securing the Enterprise with Advanced Adaptive Multi-Factor Authentication
This paper describes how organizations can secure credentials from theft and misuse, by employing advanced adaptive multi-factor authentication technologies.
Considerations when Choosing the Best Strong Authentication Approach
This white paper will explore the variables that should be considered when choosing the best authentication solution for your organization
Brochures
HID® DigitalPersona®
Through diverse authentication options to pick and choose from, forward-thinking organizations can provide users with a fast and secure Windows® Logon as well as VPN access, web, mobile and cloud applications.
HID® DigitalPersona® Premium Package
HID® DigitalPersona® Premium builds on the fast and secure Windows® Logon and VPN access found in HID® DigitalPersona® Logon for Windows, adding advanced integration options to secure all applications, systems and networks.
HID® DigitalPersona® SSO for Microsoft Office 365
Introducing a promising new solution to the multi-factor authentication — HID® DigitalPersona® Logon for Windows
Awards and Reports
InfoTech Research IAM Customer Experience Report
Tech’s Category Reports provide a comprehensive evaluation of popular products in the Identity and Access Management market. This buyer’s guide is designed to help prospective purchasers make better decisions by leveraging the experiences of real users.
InfoTech Product Scorecard
The Product Scorecard is a comprehensive report designed to help clients make better purchasing decisions.
Techradar Best identity management software of 2020
Read the following report ranking the best authentication software of 2021 making it easier to manage and authenticate users with single-sign-on (SSO) processes for accessing apps, and so help prevent unauthorized access to systems users should not be able to use.
Info-Tech Research Group Emotional Footprint Report for IAM 2020
latest report comparing and evaluating Identity Access Management (IAM) and framework of policies and technologies for ensuring that an organization has the appropriate access to technology resources.
Case Studies
Kawasaki Thermal Engineering Co Ltd
Please read the case study how KTE implemented HID® DigitalPersona®’s strong, multi-factor authentication (MFA) software with biometrics to secure access with proof of presence.
Phoenix Police Department
Please read this case study to explore how HID® DigitalPersona® provides the Phoenix Police Department personnel with quick, secure access to criminal records while in the field and in the office.
Videos
Watch the demo video
Please watch this 15 minute video exploring the rich features of HID® DigitalPersona® in a desktop environment.