Technology Integrations Open Architecture for Authentication

Open Architecture for Authentication

P-Synch® has an open authentication architecture, and can plug into existing password systems, corporate directories, two-factor authentication tokens, PKI certificates and biometric engines.

Users Authenticating for Self-Service

(1)Users authenticate as follows:

• On a web GUI:
  • By typing their current password to a trusted system (for example Windows / Active Directory, OS/390, RADIUS, etc.).
  • By answering a set of system-selected personal questions, whose answers may either be stored inside the P-Synch server or may be validated on an existing system (Oracle, LDAP, mainframe and so on).
  • Using a security token (e.g., SecurID pass-code or other device).
  • Using a PKI certificate or smart card.

• Using a telephone:
  • By keying in one or more personal identification numbers (e.g., employee number, date of hire, driver's license number).
  • By matching a voice print sample taken at time of authentication against a previously recorded sample on file (biometric voice print verification)

Moreover, if the user decides to call the help desk, then P-Synch can be configured to have the support staff authenticate the user via the user's Q-A (Question-and-Answer) profile before the user is helped.

Administrators (IT staff) authenticate to the web GUI as follows:

• By typing a current network OS or directory password.
• By typing a password and validating it against a password hash stored inside P-Synch itself.
• Using a security token (e.g., SecurID pass-code or similar).
• Using a PKI certificate or smart card.

Multiple authentication factors may be configured as required.

Authentication for Support Staff and Administrators

Help desk analysts, security officers and P-Synch administrators can authenticate to the P-Synch web GUI using one of the following methods:

• By typing a current NOS password.
• By typing a password and validating it against a password hash stored inside P-Synch itself.
• Using a security token (e.g., SecurID pass-code).

Q-A (Question-and-Answer) authentication is not recommended for use with privileged accounts.

© Hitachi ID Systems, Inc. 2008. All rights reserved.