Imprivata Security

Strong Authentication Made Easy

Imprivata OneSign Authentication Management is a unique user authentication solution that integrates a broad range of flexible and powerful strong authentication types – all managed from within a single administrator framework. OneSign eases the cost and complexity of managing independent systems and provides a central location for reporting access events across all strong authentication options, reducing the burden of regulatory compliance.

Flexible Authentication Options.

OneSign Authentication Management provides native support for a broad range of plug-and-play authentication options such as One-Time-Password (OTP) tokens (including built-in management support for VASCO DIGIPASS) finger biometrics smart cards proximity cards, building access cards, and USB tokens. Simply plug them into your workstation and you are ready to go.

Consolidated Reporting

With OneSign Authentication Management, you can easily report in real-time an aggregated view of when, how and from where an employee gained access to the network. By having all access information available at the push of a button via standardized reporting, OneSign Authentication Management provides critical value in helping you rapidly respond to audit inquiries that may otherwise require manual viewing and collation of independent system logs. When adding OneSign Single Sign-On, you can also incorporate reporting on user access events to applications as well.

ROI Right Out-of-the-Box

The power of OneSign Authentication Management is that it’s all in one box. OneSign Authentication Management is designed to be affordable and easy to adopt. Purpose-built for flexible and rapid enterprise deployment, OneSign’s appliance-based approach to user authentication dramatically minimizes implementation time, infrastructure needs, and installation costs – accelerating your return on investment right out of the box.

OneSign Authentication Management can also be purchased alone or as part of The OneSign Platform, the technology solution that is helping more than 500 companies around the globe to achieve their most pressing Identity and Access Management security mandates with one easy, smart and affordable appliance-based solution.

What’s Inside The Box

Broad Support for Strong Authentication

OneSign Authentication Management provides native support for a broad range of user authentication options including:

Monitoring and Reporting

OneSign records all local and remote network authentication and application access events in a centralized database. Exportable reports provide an audit trail accessible to the OneSign administrator.

Built-in VASCO DIGIPASS One-Time-Password Authentication

OneSign Authentication Management and DIGIPASS by VASCO combine to replace network passwords with two-factor authentication that secures access for users regardless of whether they are online and connecting to the local network, offline and logging onto their laptop, or accessing network resources from a VPN.

Built-in Support for Finger Biometrics

OneSign Authentication Management provides native support for Dell, Lenovo and other laptop PC’s that embed the UPEK TouchStrip scanner, as well as support for external UPEK TouchStrip USB readers thereby simplifying the user logon experience by removing the need for users to type their username or password.

Built-in Support for Active Proximity Cards

OneSign Authentication Management provides native support for the Ensure Xylox active proximity cards and readers in order to provide comprehensive walk-away security.

Built-in Support for Passive Proximity Cards

OneSign Authentication Management provides native support for the RF Ideas PCprox USB reader that supports a variety of smart cards technologies, including HID, Casi-Rusco, Indala and Mifare.

Application Transaction Level Strong Authentication

The Imprivata OneSign ProveID capability allows an application to leverage OneSign’s strong authentication services to positively identify a user at any point in the application workflow. Examples of ProveID in use include a banking environment where positive identification of a user is required prior to executing a financial transaction, and a healthcare environment where positive identification of a user is required at the point of drug disbursement.

Built-in RADIUS Host for Remote Access Authentication

OneSign Authentication Management contains a built-in RADIUS host for handling remote access authentication using VASCO DIGIPASS tokens, SecurID or Secure Computing tokens or domain passwords.

Imprivata OneSign Physical | Logical integrates building and network access systems for unified enterprise security management.

Beyond simply leveraging the building access badge, OneSign Physical | Logical consolidates identities between physical access systems and IT directories to enable creation and deployment of a single, converged security policy for allowing or denying network access based on a user’s physical location, user role, and/or employee status.

For the first time, events from physical security access systems can now be incorporated into network access decisions, providing a finer layer of authentication for closing security holes, and providing organizations with broader monitoring and reporting capabilities in order to better demonstrate regulatory compliance.

Security Scenarios Addressed

Features

Maps identities between physical access systems and IT directories to enable one converged policy for allowing or denying network access based on a user’s:

Provides integrated and centralized user access monitoring and reporting in order to better demonstrate regulatory compliance

Enables a single point for Instant User Lockout from access to both buildings and IT networks

Non-intrusive, interoperable with companies’ existing physical access system infrastructure

Strategic Partnership Solutions

OneSign Physical/Logical offers complete solution integration and built-in support for the most powerful and advanced physical access security solutions on the market today:

Imprivata OneSign Single Sign On (SSO) uses breakthrough technology to help organizations benefit from increased user productivity and reduced password management costs by enabling single sign-on (SSO) to all your enterprise applications.

OneSign Single Sign On uses patent-pending technology to enable SSO without modifying applications. Companies benefit through centralized password administration, lower help-desk costs, increased user productivity and satisfaction, and ability to demonstrate compliance.

OneSign Single Sign On requires no modifications to existing applications and no user learning curves. With integrated support for multiple, strong authentication methods and centralized password policies, OneSign Single Sign On allows companies to implement levels of security that are appropriate for their environments.

OneSign Single Sign On is invaluable to IT departments managing a heterogeneous portfolio of applications. Because OneSign replaces multiple passwords and application logon events with a single, centrally-managed user logon, IT’s burden is significantly reduced. There’s no longer any need to compromise increased security for increased usability. Imprivata delivers both security and convenience within the fully integrated OneSign appliance.

Instead of custom scripting or Visual Basic code, OneSign Single Sign On uses the award-winning Application Profile Generator (APG) to “learn” the login behaviors of the target applications and generates the correct XML profile that is securely distributed to SSO users on a session basis. As new applications are added or existing applications changed, the APG is ready to make changes in minutes without any interruption or downtime.

Organizations can also use OneSign Single Sign On Extension Objects to integrate SSO with an unlimited set of critical business functions. OneSign Single Sign On events can trigger the execution of independent procedure code to enable powerful capabilities such as Roaming User Desktops, Personalized Drive-Mapping, or Automatic Password Synchronization.

OneSign’s browser-based tools allow administrators to increase information security through straightforward password policy settings. Administrators can change password constraints (minimum/maximum length, reset intervals, auto resets), manage authentication challenges, and accommodate application-generated password reset requests automatically.

Features

Automate Application Password Changes

With OneSign Single Sign-On, administrators can implement a clear, straightforward password policy across all SSO-enabled applications based on users’ primary authentication. For additional security measures, OneSign is able to cycle complex application passwords behind the scenes on the users’ behalf. This allows organizations that require certain application passwords to be changed periodically to handle the changes automatically.

Self-Service Password Management

With this option, users can easily reset or be notified of their own network and application passwords without help desk intervention. Administrators can set identity verification thresholds for users, or groups of users, who are simply prompted to answer a set of random or administrator-created questions, and, once authenticated, OneSign Single Sign-On delivers the service. This service can be accessed either by users on the network or via the Web.

Broad Support for Strong Authentication

OneSign Single Sign-On supports major forms of authentication out of the box — without requiring any custom integration with device vendors. Authentication methods include password, strong password, finger biometrics authentication or identification, active and passive proximity cards, smart cards, One-Time-Password tokens, USB tokens, and Kerberos authentication. Administrators decide which users should have which authentication modes, and whether they should upgrade their authentication options over time.

Application Profile Generator (APG):

Point-and-Click instead of expensive scripting

The OneSign Single Sign-On Application Profile Generator (APG) enables SSO and password change support for ALL enterprise applications — without writing logon scripts, building custom connectors or modifying existing code. APG’s point-and-click paradigm automatically learns logon and password change behaviors for even the most challenging applications —including native Java clients, Telnet emulators, Web-to-host applications, frame-based Web applications and many more.

Monitoring and Reporting

The OneSign Intelligent Agent allows organizations to monitor, capture and log password-related user access events in a centralized database. Easy-to-use detailed reporting can strengthen security and enforce regulatory compliance across all applications. Now, for the first time, administrators can easily monitor access records for every user, application or workstation in one, central location —even revealing users that may be sharing credentials to confidential applications.

Provisioning Support

OneSign Single Sign-On provides provisioning support based on the industry standard Service Provisioning Markup Language (SPML). SPML-based provisioning support allows users – and their network and application credentials – to be automatically provisioned and de-provisioned in OneSign Single Sign-On, eliminating the need to ever issue passwords to your users. New users, applications, and password resets are automatically reflected in OneSign. Imprivata provisioning partners providing out-of-the-box OneSign provisioning connectors include Courion and Fischer International. Check with your OneSign representative for the most up to date list of OneSign provisioning partners and connectors.

OneSign Extension Objects:

Roaming Desktops, Drive-Mapping, and More

Organizations can now extend OneSign Single Sign-On events to automate or integrate with an unlimited set of critical business functions. This is done through the execution of procedure code that can be associated with any OneSign Intelligent Agent event.

Examples:

These procedures can consist of DOS command sequences, JavaScript, or VBScript scripts. Any pre-defined OneSign Intelligent Agent event can trigger one or more procedures.

Benefits

Radically Easy

From the beginning, OneSign Single Sign-On was designed to make password management easy for IT and end users alike. Implementing and managing it is extremely fast and simple.

Application Profile Generator (APG)

Our intelligent APG technology SSO-enables all enterprise applications – legacy, client/server, or web-based – out of the box. There is no custom scripting required, no connectors to build, and no long and expensive custom integration projects to manage.

Intuitive User Interface

OneSign Single Sign-On’s administrator console provides an intuitive, easy to navigate, Web-based interface. Making enterprise single sign-on easy to install, configure and deploy. In a matter of days, you can fully SSO-enable your organization.

OneSign Intelligent Agent

The OneSign Intelligent Agent automatically handles updating for you by recognizing when new versions, application SSO profiles, or user security policies are added or changed. It’s easy for users, too. They log on to their applications as always, and require no training or modifications to their desktop environment.

Simply Smart

A hardened appliance built on patent-pending technology, OneSign is designed to be smart enough to do much of the work for you because we anticipated and automated the redundant tasks. The OneSign appliance is shipped in a redundant pair configuration, providing seamless failover. System back-up can be automatically run and transferred for storage each day without administrator effort. The system can be restored from a back-up file in minutes for disaster recovery.

Automated Password Policy

OneSign Single Sign-On automates password policy implementation — creating unique, strong passwords behind the scenes to support compliance efforts. It performs password changes automatically on behalf of the users, ensuring stricter security. It eliminates security breaches associated with passwords written on sticky notes posted to monitors and keyboards. And, OneSign Single Sign-On decreases costly help desk calls associated with password reset calls.

OneSign Extension Objects

Organizations can extend OneSign Single Sign-On events to launch an unlimited set of critical business functions using OneSign Extension Objects.

Support for Range of Strong Authentication Modalities

With built-in support for various authentication methods such as passwords, ID tokens, active or passive proximity cards, smart cards and finger biometrics, OneSign Single Sign-On offers a smart and effective way to increase your security while leveraging the benefits and convenience of single sign-on.

Monitoring and Reporting

Built-in monitoring provides an accounting of which users accessed which applications and when, including all password change activity. Detailed access logs and reports give organizations the ability to refine and strengthen security policies and enforce regulatory compliance across all applications.

Uniquely Affordable

OneSign Single Sign-On’s low total cost of ownership, short implementation time and quick user adoption delivers instant help desk cost reduction — and with that, immediate financial return. Companies see decreased costs and increased staff productivity due to greatly reduced help desk and password reset calls.

Self-Contained Appliance

As a self-contained appliance, OneSign Single Sign-On delivers all the functionality needed to effectively implement and manage single sign-on. There is nothing else to buy — no custom scripting or costly integration.

Low Installation and Ongoing Maintenance

Changes to policy, applications or user profiles can be administered and transparently applied in a matter of minutes from the administrator’s console. Users remain productive, and ongoing day-to-day management is minimal.