SlideShare a Scribd company logo

Password Synchronization

PortalGuard dba PistolStar, Inc.
PortalGuard dba PistolStar, Inc.

The document discusses PortalGuard's server-based password synchronization solution. It allows users to manage passwords across multiple systems from a single interface by synchronizing passwords in real-time. Key features include self-service password reset, aligning password policies, and supporting directories like Active Directory, Novell, and IBM System i. Benefits are reduced help desk calls, increased productivity, and eased password management for users.

Technology
1 of 13
Download to read offline
Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard. All Rights Reserved.
Tech Brief — Server-based Password Synchronization PortalGuard Server-based Password Synchronization: Managing Multiple Passwords Table of Contents Summary ................................................................................................. 2 The Basics............................................................................................... 2 Password Complexity Challenges............................................................ 2 PortalGuard Server-based Password Synchronization ............................ 3 Features .................................................................................................. 3 Benefits ................................................................................................... 3 How it Works ........................................................................................... 4 Account Linking ............................................................................ 4 Self-service Password Reset Process .......................................... 5 Configuration ........................................................................................... 6 Deployment ........................................................................................... 10 IIS Install................................................................................................ 10 System Requirements ........................................................................... 10 Platform Layers ..................................................................................... 11 © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1
Tech Brief — Server-based Password Synchronization Summary A common concern across organizations is that users have too many passwords to man- age, each with a separate management interface to become familiar with. This creates user frustration and increased costs around Help Desk and IT support. Enterprise single sign-on (SSO) is looked at as a solution but for many organizations it proves too costly and many encounter internal resistance due to security concerns. Password synchronization is a possible midpoint that can ease user frustrations by ena- bling access to different systems using the same password and a single interface. This proves easier to implement than SSO and most solutions can force enrollment and do not require client-side software. However, organizations have struggled with forgotten passwords as a sticking point with password synchronization as each system must be reset independently. PortalGuard addresses these challenges by providing a cost-effective, flexible approach to server-based password synchronization plus self-service password reset allowing users to easily manage passwords for multiple systems from a single, consistent interface. The Basics The process of password synchronization correlates the passwords for multiple user ac- counts, enabling users to authenticate to all systems leveraging a single password. Since only one password needs to be remembered, overall system security can now be in- creased by enforcing stronger password policies such as more frequent expiration. Password Complexity Challenges Password complexity rules often differ from system to system. These differences are a common hurdle when implementing password synchronization since a password that is acceptable on one system may be rejected by another thus preventing password synchro- nization altogether. This can be a difficult problem to troubleshoot as it may only occur for a small subset of user-chosen passwords. Identifying password complexity rules for all systems that will be included in the synchronization process is a critical first step to mitigat- ing this challenge. After identification, a typical response to this issue may be to change the password rules on one or more systems to reach a common set that can be enforced for each. This ap- proach can often be impeded by potential compliance issues or trepidation that the change may cause other unforeseen maintenance issues (e.g. legacy service or embedded ac- counts). Alignment of password policies across systems may not even be technically fea- sible if the systems do not support a common set of enforceable password rules. As an example, Microsoft Active Directory cannot natively enforce a maximum password length or prevent new passwords from containing specific characters. IBM System i servers typi- cally have a maximum password length of 10 and can only accept letters, numbers and the ‘$’, ‘@’, ‘#’ and ‘_’ characters in new passwords. AD and System i server password policies cannot be aligned natively because they only support incompatible proprietary password complexity rules. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2
Tech Brief — Server-based Password Synchronization PortalGuard helps reconcile these problems by enforcing a consistent set of password rules that are always enforced when a password is changed or reset through it. By config- uring the PortalGuard policies such that they will only allow new passwords that comply with all included systems, password synchronization will not be prevented due to pass- word policy rules. PortalGuard Server-based Password Synchronization PortalGuard offers a comprehensive password synchronization solution which supports Microsoft Active Directory, Novell eDirectory, IBM System i, any LDAP v3-compliant direc- tory and custom SQL user tables. Beyond being easy to implement and forcing user en- rollment, PortalGuard enables self-service password reset, recovery and account unlock to manage forgotten passwords. Users can now be allowed to reset forgotten passwords from one place, including the Win- dows logon screen, corporate web portal login or a stand-alone website. When performing resets across all systems, PortalGuard passes the password change down to all linked accounts in real-time. PortalGuard also has an optional component for further Active Directory integration. This Active Directory Password Filter can prevent users from setting domain passwords native- ly through the Ctrl-Alt-Del Windows Password Change process that do not comply with custom rules that AD itself cannot enforce. This ensures that what may be the most com- mon interface for changing user passwords will comply with the necessary rules for pass- word synchronization to occur seamlessly Features  Ability to link a user’s primary account (e.g. Active Directory) to accounts on multiple systems/directories  All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time  Align password complexity rules to reduce barriers to password propagation across sys- tems  The requirement to link to accounts is policy driven which can be specific to the user, group or password repository  Account linking can be enforced or made optional - enforcement points include website login and Windows desktop login  Supported user account repositories include:  Microsoft Active Directory  Novell eDirectory  And LDAP v3-compliant directory  IBM System i  Custom SQL user tables Benefits  Password Synchronization - eliminates the need for users to remember different pass- words for each system/directory  Ease of Use - the user can manage passwords for multiple systems from a single, con- sistent interface © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3
Tech Brief — Server-based Password Synchronization  Self-service - accounts can be unlocked and passwords can be reset from one place, including the Windows login screen, a corporate web portal login or a stand-alone web- site  Seamless Integration with existing website logon pages using PortalGuard in “Sidecar” mode  Lower Costs - reduces password-related Help Desk calls and required IT support  Increased Productivity and user adoption for new services/websites How it Works Account Linking Step 1: The user logs into a Windows workstation or an existing internal website. Portal- Guard is notified of the logon and checks its policies to see if the user:  Is required to link to an account in another directory, and  If they have yet to do so If both conditions are true, PortalGuard will prompt the user to enter a username in the secondary directory and the current password for that account. The user must know the account’s current password to link it to their primary account. Step 2: Once the user provides the correct password, the secondary account password will be immediately synchronized with the primary if necessary. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4
Tech Brief — Server-based Password Synchronization Self-service Password Reset Process Step 1: The user has forgotten their password and clicks “Forgot Password?” link on the Windows logon screen or website logon page. Windows 7 Desktop Support Windows XP Desktop Support Step 2: The user chooses to reset their forgotten password and proves their identity by correctly answering a series of challenge questions and/or entering a One-time Password (OTP) sent to their mobile phone or email. Challenge Questions and Answers One-time Password (OTP) © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5
Tech Brief — Server-based Password Synchronization Step 3: The user enters a new password that satisfies all linked account systems. The PortalGuard server resets all linked accounts to use this password and unlocks the ac- count as well. Step 4: Immediate feedback is given to the user that the password reset was successful on all linked accounts. The user is now able to login to all linked systems with the new password. Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Password Synchronization  Linked Repositories © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6
Tech Brief — Server-based Password Synchronization Password Policies:  Minimum length  Maximum length  Minimum lowercase characters  Minimum uppercase characters  Minimum numeric characters  Minimum non-alphanumeric characters  Enforce Active Directory complexity (3 out of 4 character classes)  Password rule grouping (subsets)  Use of a visual password strength meter  Password history  Prevention of passwords containing dictionary words  Use of regular expression for custom rules © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7
Tech Brief — Server-based Password Synchronization © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8
Tech Brief — Server-based Password Synchronization © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9
Tech Brief — Server-based Password Synchronization Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. To enforce account linking on Windows workstations, the PortalGuard Desktop must be deployed. This is done using a standard MSI which can be pushed out silently. To enforce account linking on an existing website login, PortalGuard Sidecar mode must be integrat- ed. To enforce custom password complexity rules for native Ctrl+Alt+Del Windows password changes, the Active Directory Password Filter must be installed on all Active Directory do- main controllers. This is also packaged as a MSI for easier deployment. This component is compatible with all versions of Windows Server and has separate MSIs for either 32-bit or 64-bit architectures. IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/browser- based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later PortalGuard can link the following accounts for password synchronization:  Microsoft Active Directory - Windows 2000 Active Directory domain or later  Novell eDirectory 8.7 or later  IBM System i - V5R2 or later  Any LDAP v3-compliant directory  Custom SQL user tables © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10
Tech Brief — Server-based Password Synchronization The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 PortalGuard works with Windows Terminal Services on Win2003 servers and Remote Desktop Services on Win2008 servers. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. Platform Layers Beyond password synchronization, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals (visual on pg.12):  Contextual Authentication  Tokenless Two-factor Authentication  Real-time Reports / Alerts  Knowledge-based  Password Management  Self-service Password Reset  Single Sign-on © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 11
Tech Brief — Server-based Password Synchronization ### © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 12

Recommended

Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
Sachin Resume Updated
Sachin Resume UpdatedSachin Resume Updated
Sachin Resume UpdatedSachin Zirange
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Reverse password synchronization with ibm tivoli identity manager redp4299
Reverse password synchronization with ibm tivoli identity manager redp4299Reverse password synchronization with ibm tivoli identity manager redp4299
Reverse password synchronization with ibm tivoli identity manager redp4299Banking at Ho Chi Minh city
 
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...IRJET Journal
 

Recommended

Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Microsoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideMicrosoft OCSP LUNA SA PCI Integration Guide
Microsoft OCSP LUNA SA PCI Integration GuideChris x-MS
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
Sachin Resume Updated
Sachin Resume UpdatedSachin Resume Updated
Sachin Resume UpdatedSachin Zirange
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...MS Cloud day - Understanding and implementation on Windows Azure platform sec...
MS Cloud day - Understanding and implementation on Windows Azure platform sec...Spiffy
 
Reverse password synchronization with ibm tivoli identity manager redp4299
Reverse password synchronization with ibm tivoli identity manager redp4299Reverse password synchronization with ibm tivoli identity manager redp4299
Reverse password synchronization with ibm tivoli identity manager redp4299Banking at Ho Chi Minh city
 
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...IRJET Journal
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Ccnp sisas 300 208
Ccnp sisas 300 208Ccnp sisas 300 208
Ccnp sisas 300 208p4sco
 
CV_FINAL
CV_FINALCV_FINAL
CV_FINALMITHUN ROY
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Save guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encryptSave guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encryptnilicfu
 
Resume
Resume Resume
Resume siva shankar
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Concordia
ConcordiaConcordia
ConcordiaAshish Jain
 
Twitter y you tu con
Twitter y you tu conTwitter y you tu con
Twitter y you tu conConsuelo Briceño
 
Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012ramram0
 
Problem
ProblemProblem
ProblemJoanna Moszczyńska
 
Happiness at work
Happiness at workHappiness at work
Happiness at workstealthsvk
 
Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals nl1_k53
 
Paper based surveys
Paper based surveys Paper based surveys
Paper based surveys IBRAHIM L MUKATTASH
 
Password Management
Password ManagementPassword Management
Password ManagementPortalGuard dba PistolStar, Inc.
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password ResetPortalGuard dba PistolStar, Inc.
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
An Alternative to Single Sign-On
An Alternative to Single Sign-OnAn Alternative to Single Sign-On
An Alternative to Single Sign-OnGordon Kiser
 
Integrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsIntegrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsHitachi ID Systems, Inc.
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Saas security
Saas securitySaas security
Saas securitySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

More Related Content

What's hot

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Ccnp sisas 300 208
Ccnp sisas 300 208Ccnp sisas 300 208
Ccnp sisas 300 208p4sco
 
Save guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encryptSave guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encryptnilicfu
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 

What's hot (9)

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancements
 
Ccnp sisas 300 208
Ccnp sisas 300 208Ccnp sisas 300 208
Ccnp sisas 300 208
 
CV_FINAL
CV_FINALCV_FINAL
CV_FINAL
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Save guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encryptSave guard 60_ig_eng_installation, encrypt
Save guard 60_ig_eng_installation, encrypt
 
Resume
Resume Resume
Resume
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Concordia
ConcordiaConcordia
Concordia
 

Viewers also liked

Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012ramram0
 
Happiness at work
Happiness at workHappiness at work
Happiness at workstealthsvk
 
Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals nl1_k53
 

Viewers also liked (6)

Twitter y you tu con
Twitter y you tu conTwitter y you tu con
Twitter y you tu con
 
Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012Q1 2012 investor presentation may 2012
Q1 2012 investor presentation may 2012
 
Problem
ProblemProblem
Problem
 
Happiness at work
Happiness at workHappiness at work
Happiness at work
 
Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals Design consideration for pc boilers illinois basin coals
Design consideration for pc boilers illinois basin coals
 
Paper based surveys
Paper based surveys Paper based surveys
Paper based surveys
 

Similar to Password Synchronization

Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
An Alternative to Single Sign-On
An Alternative to Single Sign-OnAn Alternative to Single Sign-On
An Alternative to Single Sign-OnGordon Kiser
 
Integrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsIntegrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsHitachi ID Systems, Inc.
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일Cana Ko
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonJoel Oleson
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager IntroductionAidy Tificate
 
Authenticated key exchange protocols for parallel network file system
Authenticated key exchange protocols for parallel network file systemAuthenticated key exchange protocols for parallel network file system
Authenticated key exchange protocols for parallel network file systemLeMeniz Infotech
 
Password Management Before User Provisioning
Password Management Before User ProvisioningPassword Management Before User Provisioning
Password Management Before User ProvisioningHitachi ID Systems, Inc.
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnRiddhi Sood
 

Similar to Password Synchronization (20)

Password Management
Password ManagementPassword Management
Password Management
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
An Alternative to Single Sign-On
An Alternative to Single Sign-OnAn Alternative to Single Sign-On
An Alternative to Single Sign-On
 
Integrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsIntegrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO Systems
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Saas security
Saas securitySaas security
Saas security
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel Oleson
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager Introduction
 
Authenticated key exchange protocols for parallel network file system
Authenticated key exchange protocols for parallel network file systemAuthenticated key exchange protocols for parallel network file system
Authenticated key exchange protocols for parallel network file system
 
Password Management Before User Provisioning
Password Management Before User ProvisioningPassword Management Before User Provisioning
Password Management Before User Provisioning
 
ILANTUS Password Express FAQs
ILANTUS Password Express FAQsILANTUS Password Express FAQs
ILANTUS Password Express FAQs
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
 
How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters Works
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign On
 

More from PortalGuard dba PistolStar, Inc.

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationPortalGuard dba PistolStar, Inc.
 

More from PortalGuard dba PistolStar, Inc. (8)

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
 
Password management
Password managementPassword management
Password management
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
Make Your Employees More Security Aware
Make Your Employees More Security AwareMake Your Employees More Security Aware
Make Your Employees More Security Aware
 

Recently uploaded

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Recently uploaded (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Password Synchronization

  • 1. Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard. All Rights Reserved.
  • 2. Tech Brief — Server-based Password Synchronization PortalGuard Server-based Password Synchronization: Managing Multiple Passwords Table of Contents Summary ................................................................................................. 2 The Basics............................................................................................... 2 Password Complexity Challenges............................................................ 2 PortalGuard Server-based Password Synchronization ............................ 3 Features .................................................................................................. 3 Benefits ................................................................................................... 3 How it Works ........................................................................................... 4 Account Linking ............................................................................ 4 Self-service Password Reset Process .......................................... 5 Configuration ........................................................................................... 6 Deployment ........................................................................................... 10 IIS Install................................................................................................ 10 System Requirements ........................................................................... 10 Platform Layers ..................................................................................... 11 © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1
  • 3. Tech Brief — Server-based Password Synchronization Summary A common concern across organizations is that users have too many passwords to man- age, each with a separate management interface to become familiar with. This creates user frustration and increased costs around Help Desk and IT support. Enterprise single sign-on (SSO) is looked at as a solution but for many organizations it proves too costly and many encounter internal resistance due to security concerns. Password synchronization is a possible midpoint that can ease user frustrations by ena- bling access to different systems using the same password and a single interface. This proves easier to implement than SSO and most solutions can force enrollment and do not require client-side software. However, organizations have struggled with forgotten passwords as a sticking point with password synchronization as each system must be reset independently. PortalGuard addresses these challenges by providing a cost-effective, flexible approach to server-based password synchronization plus self-service password reset allowing users to easily manage passwords for multiple systems from a single, consistent interface. The Basics The process of password synchronization correlates the passwords for multiple user ac- counts, enabling users to authenticate to all systems leveraging a single password. Since only one password needs to be remembered, overall system security can now be in- creased by enforcing stronger password policies such as more frequent expiration. Password Complexity Challenges Password complexity rules often differ from system to system. These differences are a common hurdle when implementing password synchronization since a password that is acceptable on one system may be rejected by another thus preventing password synchro- nization altogether. This can be a difficult problem to troubleshoot as it may only occur for a small subset of user-chosen passwords. Identifying password complexity rules for all systems that will be included in the synchronization process is a critical first step to mitigat- ing this challenge. After identification, a typical response to this issue may be to change the password rules on one or more systems to reach a common set that can be enforced for each. This ap- proach can often be impeded by potential compliance issues or trepidation that the change may cause other unforeseen maintenance issues (e.g. legacy service or embedded ac- counts). Alignment of password policies across systems may not even be technically fea- sible if the systems do not support a common set of enforceable password rules. As an example, Microsoft Active Directory cannot natively enforce a maximum password length or prevent new passwords from containing specific characters. IBM System i servers typi- cally have a maximum password length of 10 and can only accept letters, numbers and the ‘$’, ‘@’, ‘#’ and ‘_’ characters in new passwords. AD and System i server password policies cannot be aligned natively because they only support incompatible proprietary password complexity rules. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2
  • 4. Tech Brief — Server-based Password Synchronization PortalGuard helps reconcile these problems by enforcing a consistent set of password rules that are always enforced when a password is changed or reset through it. By config- uring the PortalGuard policies such that they will only allow new passwords that comply with all included systems, password synchronization will not be prevented due to pass- word policy rules. PortalGuard Server-based Password Synchronization PortalGuard offers a comprehensive password synchronization solution which supports Microsoft Active Directory, Novell eDirectory, IBM System i, any LDAP v3-compliant direc- tory and custom SQL user tables. Beyond being easy to implement and forcing user en- rollment, PortalGuard enables self-service password reset, recovery and account unlock to manage forgotten passwords. Users can now be allowed to reset forgotten passwords from one place, including the Win- dows logon screen, corporate web portal login or a stand-alone website. When performing resets across all systems, PortalGuard passes the password change down to all linked accounts in real-time. PortalGuard also has an optional component for further Active Directory integration. This Active Directory Password Filter can prevent users from setting domain passwords native- ly through the Ctrl-Alt-Del Windows Password Change process that do not comply with custom rules that AD itself cannot enforce. This ensures that what may be the most com- mon interface for changing user passwords will comply with the necessary rules for pass- word synchronization to occur seamlessly Features  Ability to link a user’s primary account (e.g. Active Directory) to accounts on multiple systems/directories  All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time  Align password complexity rules to reduce barriers to password propagation across sys- tems  The requirement to link to accounts is policy driven which can be specific to the user, group or password repository  Account linking can be enforced or made optional - enforcement points include website login and Windows desktop login  Supported user account repositories include:  Microsoft Active Directory  Novell eDirectory  And LDAP v3-compliant directory  IBM System i  Custom SQL user tables Benefits  Password Synchronization - eliminates the need for users to remember different pass- words for each system/directory  Ease of Use - the user can manage passwords for multiple systems from a single, con- sistent interface © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3
  • 5. Tech Brief — Server-based Password Synchronization  Self-service - accounts can be unlocked and passwords can be reset from one place, including the Windows login screen, a corporate web portal login or a stand-alone web- site  Seamless Integration with existing website logon pages using PortalGuard in “Sidecar” mode  Lower Costs - reduces password-related Help Desk calls and required IT support  Increased Productivity and user adoption for new services/websites How it Works Account Linking Step 1: The user logs into a Windows workstation or an existing internal website. Portal- Guard is notified of the logon and checks its policies to see if the user:  Is required to link to an account in another directory, and  If they have yet to do so If both conditions are true, PortalGuard will prompt the user to enter a username in the secondary directory and the current password for that account. The user must know the account’s current password to link it to their primary account. Step 2: Once the user provides the correct password, the secondary account password will be immediately synchronized with the primary if necessary. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4
  • 6. Tech Brief — Server-based Password Synchronization Self-service Password Reset Process Step 1: The user has forgotten their password and clicks “Forgot Password?” link on the Windows logon screen or website logon page. Windows 7 Desktop Support Windows XP Desktop Support Step 2: The user chooses to reset their forgotten password and proves their identity by correctly answering a series of challenge questions and/or entering a One-time Password (OTP) sent to their mobile phone or email. Challenge Questions and Answers One-time Password (OTP) © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5
  • 7. Tech Brief — Server-based Password Synchronization Step 3: The user enters a new password that satisfies all linked account systems. The PortalGuard server resets all linked accounts to use this password and unlocks the ac- count as well. Step 4: Immediate feedback is given to the user that the password reset was successful on all linked accounts. The user is now able to login to all linked systems with the new password. Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Password Synchronization  Linked Repositories © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6
  • 8. Tech Brief — Server-based Password Synchronization Password Policies:  Minimum length  Maximum length  Minimum lowercase characters  Minimum uppercase characters  Minimum numeric characters  Minimum non-alphanumeric characters  Enforce Active Directory complexity (3 out of 4 character classes)  Password rule grouping (subsets)  Use of a visual password strength meter  Password history  Prevention of passwords containing dictionary words  Use of regular expression for custom rules © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7
  • 9. Tech Brief — Server-based Password Synchronization © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8
  • 10. Tech Brief — Server-based Password Synchronization © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9
  • 11. Tech Brief — Server-based Password Synchronization Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. To enforce account linking on Windows workstations, the PortalGuard Desktop must be deployed. This is done using a standard MSI which can be pushed out silently. To enforce account linking on an existing website login, PortalGuard Sidecar mode must be integrat- ed. To enforce custom password complexity rules for native Ctrl+Alt+Del Windows password changes, the Active Directory Password Filter must be installed on all Active Directory do- main controllers. This is also packaged as a MSI for easier deployment. This component is compatible with all versions of Windows Server and has separate MSIs for either 32-bit or 64-bit architectures. IIS Installation A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. System Requirements This version of PortalGuard supports direct access and authentication to cloud/browser- based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later PortalGuard can link the following accounts for password synchronization:  Microsoft Active Directory - Windows 2000 Active Directory domain or later  Novell eDirectory 8.7 or later  IBM System i - V5R2 or later  Any LDAP v3-compliant directory  Custom SQL user tables © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10
  • 12. Tech Brief — Server-based Password Synchronization The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 PortalGuard works with Windows Terminal Services on Win2003 servers and Remote Desktop Services on Win2008 servers. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. Platform Layers Beyond password synchronization, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals (visual on pg.12):  Contextual Authentication  Tokenless Two-factor Authentication  Real-time Reports / Alerts  Knowledge-based  Password Management  Self-service Password Reset  Single Sign-on © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 11
  • 13. Tech Brief — Server-based Password Synchronization ### © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 12