Password Management User Interfaces
P-Synch® supports several access channels:
- Transparent password synchronization is initiated from a native
password change on a variety of existing systems, including
Windows NT, Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP,
Oracle Internet Directory, Unix (various), OS/390 and OS/400
.
- P-Synch can prompt users to register and notify users of
events relating to their profiles, by sending e-mails, by
opening a web browser from a network login script or by
sending Windows popup messages to users who have signed into
a domain.
- Users can manage their passwords and authentication profiles
using any web browser (desktop, PDA, cell phone), with a pure
HTML web interface. The P-Synch web interface is compatible
with all reverse web proxies and can be load balanced across
a cluster of self-replicating P-Synch servers.
-
Users who forgot their passwords can dial an
IVR (interactive voice response) system with any
telephone and initiate a password reset. Authentication using either
touch-tone entry of personal secret information or using voice print
verification is supported. Existing
IVR (interactive voice response) systems can be extended using a
P-Synch
remote
API (application programming interface),
or ID-Telephony® -- a
turn-key
IVR (interactive voice response) system specifically
designed for password resets -- can be acquired from Hitachi ID.
- Users who forgot their network login passwords can launch a
kiosk-mode web browser from the desktop login screen. This
can be done using one of two methods:
- A global SKA (secure kiosk account): is domain-wide account,
normally called "help", with an easy-to-remember or blank password,
that uses a security policy to launch a locked down full-screen
web browser instead of the Windows desktop.
SKA (secure kiosk account) does not require
a client software deployment. It is supported on any Windows
or Unix workstation.
- An
LSKA (local, secure kiosk account): is a variant of the global
SKA (secure kiosk account) that exists on a user's workstation rather than a domain.
The
LSKA (local, secure kiosk account) establishes a temporary network connection, launches
a locked-down web browser and allows the user to authenticate
and issue a password reset that applies to both local and
network passwords. The
LSKA (local, secure kiosk account) method does require a desktop
component, including an ActiveX DLL.
- A GINA (Graphical Identification and Authentication library) DLL: pushed out to all Windows desktops, which introduces a password reset button to the login screen. The GINA (Graphical Identification and Authentication library) DLL method does require a desktop component and is supported on Windows NT and later client operating systems.
- A global SKA (secure kiosk account): is domain-wide account,
normally called "help", with an easy-to-remember or blank password,
that uses a security policy to launch a locked down full-screen
web browser instead of the Windows desktop.
SKA (secure kiosk account) does not require
a client software deployment. It is supported on any Windows
or Unix workstation.