Hitachi ID Password Manager Client Device Support
Hitachi ID Password Manager (formerly P-Synch) supports several access channels:
- Transparent password synchronization is initiated from a native
password change on a variety of existing systems, including
Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP,
Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).
- Password Manager can prompt users to register and notify users of
events relating to their profiles, by sending e-mails, by
opening a web browser from a network login script or by
sending Windows popup messages to users who have signed into
a domain.
- Users can manage their passwords and authentication profiles
using any web browser (desktop, PDA, cell phone), with a pure
HTML web interface. The Password Manager web interface is compatible
with all reverse web proxies and can be load balanced across
a cluster of self-replicating Password Manager servers.
-
Users who forget their passwords can dial an
IVR (interactive voice response) system with any
telephone and initiate a password reset. Authentication using either
touch-tone entry of personal secret information or using voice print
verification is supported. Existing IVR systems can be extended
using a Password Manager remote
API (application programming interface), or Hitachi ID Telephone Password Manager -- a turn-key IVR
system specifically designed for password resets.
- Users who forget their network login passwords can launch a
kiosk-mode web browser from the desktop login screen. This
can be done using several methods:
- A domain secure kiosk account (SKA): is an Active Directory user,
normally called "help", with an easy-to-remember or blank password.
A security policy (GPO) is applied to this user, to launch
a locked down full-screen web browser instead of the usual Windows
desktop. The
SKA (secure kiosk account) does not require a client software deployment.
It is supported on any version of Windows.
- A
LSKA (local, secure kiosk account): is a variant of the domain
SKA, but where the special user is defined on each user's
workstation rather than the domain.
The LSKA has the added capability of launching a temporary
VPN connection, to enable remote users to access self-service
password reset.
- A
GINA (Graphical Identification and Authentication library) service: this is a service installed on Windows XP clients,
which adds elements to the login screen.
This includes both an "I forgot my password" button on the
main login dialog and a "Reset password / clear lockout" button
on error dialogs. Note that a GINA DLL is not installed,
but instead the native GINA UI is extended on the fly. This makes
the GINA service a much less dangerous component than GINA DLLs.
A temporary VPN option is available to assist off-site users.
- A credential provider DLL: this is a service installed on
Windows 7 and Vista clients, which adds elements to the login
screen. This allows users who locked themselves out or forgot
their passwords to access self-service password reset.
A temporary VPN option is available to assist off-site users.
- A domain secure kiosk account (SKA): is an Active Directory user,
normally called "help", with an easy-to-remember or blank password.
A security policy (GPO) is applied to this user, to launch
a locked down full-screen web browser instead of the usual Windows
desktop. The
SKA (secure kiosk account) does not require a client software deployment.
It is supported on any version of Windows.