PortalGuard’s Password Synchronization offers a comprehensive solution which supports multiple directories including Microsoft Active Directory, Novell eDirectory, IBM System i, any LDAP v3-compliant directory and custom SQL user tables. Beyond being easy to implement and forcing user enrollment, PortalGuard enables self-service password reset, recovery and account unlock to manage forgotten passwords. PortalGuard helps reconcile any password complexity policies by enforcing a consistent set of password rules.
Tutorial: http://pg.portalguard.com/server-based_password_synch_tutorial
2. By the end of this tutorial you will be able to…
• How PortalGuard can help you
• Understand password synch can be a midpoint between
too many passwords and expensive SSO solutions
• Learn about PortalGuard’s Server-based Password Synch
• See the step-by-step Authentication Process
• Know the technical requirements
3. The PortalGuard software is a Contextual Authentication platform
which is focused on enhancing usability, while maintaining a
balance between security, auditing and compliance for your web,
desktop and mobile applications.
Usability Security
• Single Sign-on • Knowledge-based
• Password Management • Two-factor Authentication
• Password Synchronization • Contextual Authentication
• Self-service Password Reset • Real-time Reports/Alerts
4. Before going into the details…
• Configurable by user, group or domain hierarchy
• Comprehensive solution supporting multiple directories
• Enables self-service password reset, recovery and account unlock
• Force user enrollment (optional)
• Active Directory Password Filter (optional)
• Cost effective and competitively priced
• Easy to implement
8. • Single password, single interface • Cost effective
• Easier implementation • Flexible
• Force enrollment • Server-based
• No client-side software required • Self-service Password Reset
Password Synch
9. The process of password synchronization…
Correlates the passwords for multiple user accounts
10. Password Complexity Challenges
Step One: Identifying Password Complexity Rules
Rules differ from system to system causing
a common hurdle to implementing
password synch…
Step Two: Change Password Rules on Systems
WARNING:
Microsoft AD: no maximum password length or prevent specific characters
IBM System i: typically maximum length of 10 with special character limitations
11. Multiple Directories
(including MS Active Directory, Novell eDirectory, IBM
System i, LDAP v3-compliant, and custom SQL user tables )
Self-service Password Reset
Real-time synch
Consistent set of password rules
Active Directory Password Filter
12. Features:
• Ability to link a user’s primary account to accounts on multiple
systems/directories
• All password changes, resets and account unlocks through
PortalGuard flow to all linked systems in real-time
• Aligns password complexity rules to reduce barriers to password
propagation
• Requirement to link accounts is policy driven which can be
specific to the user, group or domain hierarchy
• Account linking can be enforced or made optional
• Supports multiple user account repositories
13. • Password Synch - eliminate the need for users to remember different
passwords
• Ease of Use - manage passwords from single consistent interface
• Self-service - unlock accounts and reset passwords from one place
• Seamless Integration - with existing logins using “sidecar” mode
• Lower Costs - reduce password-related calls and required IT support
• Increased Productivity - and user adoption for new services/websites
15. How to link an account….
Step 1: the user logs into a Windows workstation or an existing internal
website. PortalGuard is notified of the logon and checks its policies to see if
the user:
• Is required to link to
an account in another
directory, and
• If they have yet to do
so
16. How to link an account….
Step 2: Once the user provides the correct password, the secondary account
password will be immediately synched with the primary if necessary
17. Step 1:
The user has forgotten their password and clicks “Forgot Password?” link
on the Windows logon screen or website logon page
18. Step 2:
The user chooses to reset their forgotten password and proves their identity
by correctly answering a series of challenge Q&A or entering an OTP
19. Step 3:
The user enters a new password that satisfies all linked account systems. The
PortalGuard server resets all linked accounts to use this password and
unlocks the accounts as well.
20. Step 4:
Immediate feedback is given to the user that the password reset was
successful on all linked accounts.
21. Configurable through the PortalGuard Configuration Utility:
• Password Synchronization • Password Policies:
• Dictionary Words
• Regular Expressions
• Password History
• Minimum Length
• Maximum Length
• Minimum:
• Lowercase characters
• Uppercase characters
• Numeric characters
• Non-alphanumeric
characters
• Enforce AD Complexity
• Password Rule Grouping
• Password Strength Meter
22. TECHNICAL REQUIREMENTS
PortalGuard Desktop – for Windows workstations
Sidecar Mode – enforce account linking on existing website
AD Password Filter – enforce custom password policy for
native Ctrl+Alt+Del Windows password changes
23. A MSI is used to install PortalGuard on IIS 6 or 7.x.
This version of PortalGuard supports direct access and authentication
to cloud/browser-based applications, only.
• Microsoft Active Directory – Windows 2000 AD domain or later
• Novell eDirectory 8.7 or later
• IBM System i - V5R2 or later
• Any LDAP v3-compliant directory
• Custom SQL user tables
• Microsoft Windows Server 2000
• Microsoft Windows Server 2003 (32 or 64-bit)
• Microsoft Windows Server 2008 (32 or 64-bit)
• Microsoft Windows Server 2008 R2
• Windows Terminal Services on Win2003
• Remote Desktop Services on Win2008
• IBM WebSphere/WebSphere Portal v5.1 or higher
• Microsoft IIS 6.0 or higher
• Microsoft Windows SharePoint Services 3.0 or higher
• Microsoft Office SharePoint Server 2007 or later