SlideShare a Scribd company logo

Contextual Authentication

PortalGuard dba PistolStar, Inc.
PortalGuard dba PistolStar, Inc.

Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application. Tutorial: http://pg.portalguard.com/contextual_authentication_tutorial

Technology
1 of 11
Download to read offline
Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.
Tech Brief — Contextual Authentication PortalGuard Contextual Authentication A Multi-factor Approach Table of Contents Summary ................................................................................................. 2 The Basics............................................................................................... 2 PortalGuard Contextual Authentication (CBA) ......................................... 2 Contextual Authentication vs. Static Authentication ...................... 3 Features .................................................................................................. 3 Benefits ................................................................................................... 4 CBA Terminology .................................................................................... 4 How it Works ........................................................................................... 6 Analysis Mode .............................................................................. 6 Client-side Browser Add-on.......................................................... 6 CBA Process................................................................................ 6 Configuration ........................................................................................... 8 Deployment ............................................................................................. 8 IIS Install.................................................................................................. 8 System Requirements ............................................................................. 9 Supporting Videos ................................................................................... 9 Platform Layers ....................................................................................... 9 © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1
Tech Brief — Contextual Authentication Summary Increases in roaming user populations and remote access to organizations’ confidential data is becoming a larger security concern, leaving organizations with choices to make about how to secure these resources. A conflict of interest between business groups and IT security can create a struggle to maintain usability while increasing security. Although instituting better password policies is a preliminary option, organizations are often over steering towards rigid two-factor authentication solutions. Although these solutions are desirable for security, the barriers to entry for many organiza- tions are overwhelming. By applying stringent two-factor authentication to all users, it is not possible for the organization to adapt to all the different user access scenarios, usually resulting in poor user adoption and increased frustrations. Due to the size and structure of these solutions, integration usually requires dedicated IT resources and training, along with the potential of additional hardware. However, the biggest barrier is high total cost of ownership. The organization has the intention of increasing security but cannot handle the costs associated with the initial purchase and maintenance of a two-factor solution, rang- ing from hardware replacements to increased Help Desk calls. So you have to make a tough decision, do you institute better password policies? Or should you implement two-factor authentication across the whole company? Which makes you wonder…is there a midpoint between the two? The Basics The midpoint is referred to as “contextual authentication” which is focused on providing dynamic security to enhance usability for users and strengthen security to match your or- ganization’s policies and compliance standards. Contextual authentication works behind-the-scenes to prevent unauthorized access and applies the appropriate level of authentication based on the expected impact of the context around a user’s access request, including location, time, device, network and application. For example, users’ within your company’s four walls may only need to provide strong passwords whereas a traveling salesperson or roaming user must provide two-factors. However, a traveling salesperson now in the office only needs to provide a password to prove his identity due to his new situation when requesting access. PortalGuard Contextual Authentication (CBA) As an alternative to static authentication solutions, PortalGuard understands the midpoint and handles the challenges of remote user access scenarios. By taking a cost effective, flexible approach to authentication PortalGuard offers five methods of authentication (single sign-on, password-based, knowledge-based, two-factor authentication, and block a request) with the primary focus of the software platform being CBA. Using PortalGuard’s CBA, organizations can now gain insight into user access scenarios allowing them to make security and usability adjustments transparently to the user and dynamically adjust the authentication method to what is appropriate based on the user’s situation. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2
Tech Brief — Contextual Authentication Obtaining the user’s contextual data is optional with PortalGuard and all options can be configured down to the individual user, group or application levels. Features  Provides five different authentication methods – single sign-on, password-based, knowledge-based, two-factor, and blocking a request  Contextual Authentication (CBA) –applies the appropriate authentication method for each access request depending on the user’s context  Client-side browser add-on – optionally obtain users contextual data such as location, time, network, and type of device used  Provides two-factor authentication by delivering a one-time password (OTP) to a user via SMS, email, printer, or to their laptop in the form of a transparent token (i.e. the client -side browser add-on producing a cookie)  SAML single sign-on: can create a SAML token and enable SAML single sign-on to Cloud/Web-based applications to accept SAML tokens  Real-time Activity Alerts – alerting the admin or user to malicious activity or “did you know” information  Notifications – including emails to a user of access with their account from a new device  Reporting Tool – contextual data reports allow you to take real-time action on meaning- ful situations  All events are stored in a SQL database for easy auditing and reporting © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3
Tech Brief — Contextual Authentication Benefits  Increase Security without impacting the end-user experience  Increase Usability for authorized users while creating barriers for unauthorized users  Configurable – to the user, group or application levels  Lower Total Cost of ownership than token-based two-factor authentication alternatives  Proactive approach to reducing threats - block suspicious users in real-time before a login attempt is made  Gather Insight – analyze the contextual data reports PortalGuard provides CBA Terminology Authentication Methods: the type of authentication the user will be presented with:  Single Sign-on: username and password (single password for multiple systems)  Password-based: username and password  Knowledge-based: username, password and challenge question  One-time Password (OTP): username and OTP  Two-factor: username, password and OTP Credibility Score: the numeric value that is used to determine the appropriate authentica- tion method based on a set of ranges - determined from credibility policies Credibility Policy: configurable policies based on categories and identifiers to which you assign a score. A credibility policy can have multiple categories.  Category - collection of related identifiers (context); currently includes device, time, location, and network. A category can have multiple identifiers.  Identifier - individual attributes that are assigned scores based on their im- portance (Ex. Time: off hours, office hours, and weekend hours)  Weight (%) - an optional percentage for each category that adjusts the catego- ry’s impact on the credibility score versus other categories Application Realms: identifies an application and assigns a weight (%) to that application that adjusts the overall credibility score (Ex. The application realm is 50% and the current score is 100, after the realm is enforced, the user has a score of 50). © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4
Tech Brief — Contextual Authentication Credibility Policy Application Realms © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5
Tech Brief — Contextual Authentication How It Works Analysis Mode When implementing CBA it is recommended to run analysis mode first, to establish a baseline for the environment. This would run the CBA process in its entirety but stops short of adjusting the authentication method for the user. This allows you to establish a suitable configuration, collect reports, and determine the possible effects on your user community. After a recommended period, typically 60-90 days, the adjustment of the au- thentication method can be enforced to directly affect you user community. To turn on CBA, an administrator simply checks a box on the desired security policies which contain either individuals or groups of users. Client-side Browser Add-on In order to collect the contextual data around a user’s access request PortalGuard uses an installed browser add-on. This is installed using a standard MSI and can be pushed out silently. Although the add-on is optional, users without the client-side software installed are considered “unmanaged” and can be given a lower credibility score due to the lack of ac- tionable context data. CBA Process The following process is completed every time an access request is received. PortalGuard also supports CBA for password resets, recoveries, and account unlocks. Step 1: The user begins the login process by entering their username and clicking “Continue”. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6
Tech Brief — Contextual Authentication NOTE: Steps 2-4 happen behind the scenes, transparently to the user and within millisec- onds. Step 2: Contextual data is sent from the client-side browser add-on to the PortalGuard server. Step 3: The PortalGuard server identifies a user’s credibility policy and computes the fol- lowing:  Gross score for each category  Any category weight impact to the score  Net score from the policy and weights  Modification due to sensitivity of requested application Step 4: The PortalGuard server looks up the appropriate authentication method using the final credibility score and previously set ranges which the administrator configured. Step 5: PortalGuard enforced the appropriate authentication method for the user’s current access attempt. The user provides the required credentials to successfully complete their access request and login. Ex. Two-factor Authentication © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7
Tech Brief — Contextual Authentication Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility:  Enable or Disable CBA  Assign users or groups to individual credibility policies  Credibility Policies:  Client Type  Use Category Weighting  Enforce Application Realms  Display Scoring UI  Categories  Weight  Identifiers  Credibility Score  Default Ranges  Start and End Scores  Authentication Type  Alert On or Off  Application Realms  Application Name and URL  Modifier %  Servers Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required with contextual authenti- cation in the form of the browser add-on which is installed using a standard MSI and can be pushed out silently. IIS Install A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8
Tech Brief — Contextual Authentication System Requirements This version of PortalGuard supports direct access and authentication to cloud/browser- based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 PortalGuard works with Windows Terminal Services on Win2003 servers and Remote Desktop Services on Win2008 servers. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. Supporting Videos Please view the following videos to watch a demo of PortalGuard’s CBA Offerings: Welcome to the Platform: Discussing Contextual Authentication Consumerization Challenges: Discussing Device Management Platform Layers Beyond contextual authentication, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals:  Tokenless Two-factor Authentication  Self-service Password Reset  Real-time Reports / Alerts  Knowledge-based  Password Management  Single Sign-on © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9
Tech Brief — Contextual Authentication ### © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10

Recommended

Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based AuthenticationPortalGuard dba PistolStar, Inc.
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
test
testtest
testpixeldemo
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 

Recommended

Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based AuthenticationPortalGuard dba PistolStar, Inc.
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
test
testtest
testpixeldemo
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure webBen Abdallah Helmi
 
Injection techniques conversys
Injection techniques conversysInjection techniques conversys
Injection techniques conversysKrishnendu Paul
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
 
10. grid security
10. grid security10. grid security
10. grid securityDr Sandeep Kumar Poonia
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Profile based security assurance for service
Profile based security assurance for serviceProfile based security assurance for service
Profile based security assurance for serviceIESS
 
Msk security non linear authenticaiton
Msk security non linear authenticaitonMsk security non linear authenticaiton
Msk security non linear authenticaitonmsksecurity
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
status
statusstatus
statuspixeldemo
 
status
statusstatus
statuspixeldemo
 
ffv
ffvffv
ffvpixeldemo
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Password Management
Password ManagementPassword Management
Password ManagementPortalGuard dba PistolStar, Inc.
 

More Related Content

What's hot

Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Injection techniques conversys
Injection techniques conversysInjection techniques conversys
Injection techniques conversysKrishnendu Paul
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Profile based security assurance for service
Profile based security assurance for serviceProfile based security assurance for service
Profile based security assurance for serviceIESS
 
Msk security non linear authenticaiton
Msk security non linear authenticaitonMsk security non linear authenticaiton
Msk security non linear authenticaitonmsksecurity
 

What's hot (15)

Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
Injection techniques conversys
Injection techniques conversysInjection techniques conversys
Injection techniques conversys
 
76 s201923
76 s20192376 s201923
76 s201923
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
 
10. grid security
10. grid security10. grid security
10. grid security
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 
Profile based security assurance for service
Profile based security assurance for serviceProfile based security assurance for service
Profile based security assurance for service
 
Msk security non linear authenticaiton
Msk security non linear authenticaitonMsk security non linear authenticaiton
Msk security non linear authenticaiton
 

Similar to Contextual Authentication

Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
 
Dynamic Based face authentication using Video-Based Method
Dynamic Based face authentication using Video-Based MethodDynamic Based face authentication using Video-Based Method
Dynamic Based face authentication using Video-Based MethodIRJET Journal
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015sllongo3
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Information Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting EnvironmentInformation Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting Environmentwebhostingguy
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
A Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice RecognitionA Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice RecognitionIRJET Journal
 

Similar to Contextual Authentication (20)

Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
status
statusstatus
status
 
status
statusstatus
status
 
ffv
ffvffv
ffv
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Password Management
Password ManagementPassword Management
Password Management
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
Dynamic Based face authentication using Video-Based Method
Dynamic Based face authentication using Video-Based MethodDynamic Based face authentication using Video-Based Method
Dynamic Based face authentication using Video-Based Method
 
Saas security
Saas securitySaas security
Saas security
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
 
Information Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting EnvironmentInformation Assurance in an Enterprise Hosting Environment
Information Assurance in an Enterprise Hosting Environment
 
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
A Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice RecognitionA Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice Recognition
 

More from PortalGuard dba PistolStar, Inc.

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationPortalGuard dba PistolStar, Inc.
 

More from PortalGuard dba PistolStar, Inc. (7)

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Password management
Password managementPassword management
Password management
 
Make Your Employees More Security Aware
Make Your Employees More Security AwareMake Your Employees More Security Aware
Make Your Employees More Security Aware
 

Recently uploaded

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 

Recently uploaded (20)

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 

Contextual Authentication

  • 1. Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com © 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.
  • 2. Tech Brief — Contextual Authentication PortalGuard Contextual Authentication A Multi-factor Approach Table of Contents Summary ................................................................................................. 2 The Basics............................................................................................... 2 PortalGuard Contextual Authentication (CBA) ......................................... 2 Contextual Authentication vs. Static Authentication ...................... 3 Features .................................................................................................. 3 Benefits ................................................................................................... 4 CBA Terminology .................................................................................... 4 How it Works ........................................................................................... 6 Analysis Mode .............................................................................. 6 Client-side Browser Add-on.......................................................... 6 CBA Process................................................................................ 6 Configuration ........................................................................................... 8 Deployment ............................................................................................. 8 IIS Install.................................................................................................. 8 System Requirements ............................................................................. 9 Supporting Videos ................................................................................... 9 Platform Layers ....................................................................................... 9 © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1
  • 3. Tech Brief — Contextual Authentication Summary Increases in roaming user populations and remote access to organizations’ confidential data is becoming a larger security concern, leaving organizations with choices to make about how to secure these resources. A conflict of interest between business groups and IT security can create a struggle to maintain usability while increasing security. Although instituting better password policies is a preliminary option, organizations are often over steering towards rigid two-factor authentication solutions. Although these solutions are desirable for security, the barriers to entry for many organiza- tions are overwhelming. By applying stringent two-factor authentication to all users, it is not possible for the organization to adapt to all the different user access scenarios, usually resulting in poor user adoption and increased frustrations. Due to the size and structure of these solutions, integration usually requires dedicated IT resources and training, along with the potential of additional hardware. However, the biggest barrier is high total cost of ownership. The organization has the intention of increasing security but cannot handle the costs associated with the initial purchase and maintenance of a two-factor solution, rang- ing from hardware replacements to increased Help Desk calls. So you have to make a tough decision, do you institute better password policies? Or should you implement two-factor authentication across the whole company? Which makes you wonder…is there a midpoint between the two? The Basics The midpoint is referred to as “contextual authentication” which is focused on providing dynamic security to enhance usability for users and strengthen security to match your or- ganization’s policies and compliance standards. Contextual authentication works behind-the-scenes to prevent unauthorized access and applies the appropriate level of authentication based on the expected impact of the context around a user’s access request, including location, time, device, network and application. For example, users’ within your company’s four walls may only need to provide strong passwords whereas a traveling salesperson or roaming user must provide two-factors. However, a traveling salesperson now in the office only needs to provide a password to prove his identity due to his new situation when requesting access. PortalGuard Contextual Authentication (CBA) As an alternative to static authentication solutions, PortalGuard understands the midpoint and handles the challenges of remote user access scenarios. By taking a cost effective, flexible approach to authentication PortalGuard offers five methods of authentication (single sign-on, password-based, knowledge-based, two-factor authentication, and block a request) with the primary focus of the software platform being CBA. Using PortalGuard’s CBA, organizations can now gain insight into user access scenarios allowing them to make security and usability adjustments transparently to the user and dynamically adjust the authentication method to what is appropriate based on the user’s situation. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2
  • 4. Tech Brief — Contextual Authentication Obtaining the user’s contextual data is optional with PortalGuard and all options can be configured down to the individual user, group or application levels. Features  Provides five different authentication methods – single sign-on, password-based, knowledge-based, two-factor, and blocking a request  Contextual Authentication (CBA) –applies the appropriate authentication method for each access request depending on the user’s context  Client-side browser add-on – optionally obtain users contextual data such as location, time, network, and type of device used  Provides two-factor authentication by delivering a one-time password (OTP) to a user via SMS, email, printer, or to their laptop in the form of a transparent token (i.e. the client -side browser add-on producing a cookie)  SAML single sign-on: can create a SAML token and enable SAML single sign-on to Cloud/Web-based applications to accept SAML tokens  Real-time Activity Alerts – alerting the admin or user to malicious activity or “did you know” information  Notifications – including emails to a user of access with their account from a new device  Reporting Tool – contextual data reports allow you to take real-time action on meaning- ful situations  All events are stored in a SQL database for easy auditing and reporting © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3
  • 5. Tech Brief — Contextual Authentication Benefits  Increase Security without impacting the end-user experience  Increase Usability for authorized users while creating barriers for unauthorized users  Configurable – to the user, group or application levels  Lower Total Cost of ownership than token-based two-factor authentication alternatives  Proactive approach to reducing threats - block suspicious users in real-time before a login attempt is made  Gather Insight – analyze the contextual data reports PortalGuard provides CBA Terminology Authentication Methods: the type of authentication the user will be presented with:  Single Sign-on: username and password (single password for multiple systems)  Password-based: username and password  Knowledge-based: username, password and challenge question  One-time Password (OTP): username and OTP  Two-factor: username, password and OTP Credibility Score: the numeric value that is used to determine the appropriate authentica- tion method based on a set of ranges - determined from credibility policies Credibility Policy: configurable policies based on categories and identifiers to which you assign a score. A credibility policy can have multiple categories.  Category - collection of related identifiers (context); currently includes device, time, location, and network. A category can have multiple identifiers.  Identifier - individual attributes that are assigned scores based on their im- portance (Ex. Time: off hours, office hours, and weekend hours)  Weight (%) - an optional percentage for each category that adjusts the catego- ry’s impact on the credibility score versus other categories Application Realms: identifies an application and assigns a weight (%) to that application that adjusts the overall credibility score (Ex. The application realm is 50% and the current score is 100, after the realm is enforced, the user has a score of 50). © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4
  • 6. Tech Brief — Contextual Authentication Credibility Policy Application Realms © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5
  • 7. Tech Brief — Contextual Authentication How It Works Analysis Mode When implementing CBA it is recommended to run analysis mode first, to establish a baseline for the environment. This would run the CBA process in its entirety but stops short of adjusting the authentication method for the user. This allows you to establish a suitable configuration, collect reports, and determine the possible effects on your user community. After a recommended period, typically 60-90 days, the adjustment of the au- thentication method can be enforced to directly affect you user community. To turn on CBA, an administrator simply checks a box on the desired security policies which contain either individuals or groups of users. Client-side Browser Add-on In order to collect the contextual data around a user’s access request PortalGuard uses an installed browser add-on. This is installed using a standard MSI and can be pushed out silently. Although the add-on is optional, users without the client-side software installed are considered “unmanaged” and can be given a lower credibility score due to the lack of ac- tionable context data. CBA Process The following process is completed every time an access request is received. PortalGuard also supports CBA for password resets, recoveries, and account unlocks. Step 1: The user begins the login process by entering their username and clicking “Continue”. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 6
  • 8. Tech Brief — Contextual Authentication NOTE: Steps 2-4 happen behind the scenes, transparently to the user and within millisec- onds. Step 2: Contextual data is sent from the client-side browser add-on to the PortalGuard server. Step 3: The PortalGuard server identifies a user’s credibility policy and computes the fol- lowing:  Gross score for each category  Any category weight impact to the score  Net score from the policy and weights  Modification due to sensitivity of requested application Step 4: The PortalGuard server looks up the appropriate authentication method using the final credibility score and previously set ranges which the administrator configured. Step 5: PortalGuard enforced the appropriate authentication method for the user’s current access attempt. The user provides the required credentials to successfully complete their access request and login. Ex. Two-factor Authentication © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7
  • 9. Tech Brief — Contextual Authentication Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility:  Enable or Disable CBA  Assign users or groups to individual credibility policies  Credibility Policies:  Client Type  Use Category Weighting  Enforce Application Realms  Display Scoring UI  Categories  Weight  Identifiers  Credibility Score  Default Ranges  Start and End Scores  Authentication Type  Alert On or Off  Application Realms  Application Name and URL  Modifier %  Servers Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required with contextual authenti- cation in the form of the browser add-on which is installed using a standard MSI and can be pushed out silently. IIS Install A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8
  • 10. Tech Brief — Contextual Authentication System Requirements This version of PortalGuard supports direct access and authentication to cloud/browser- based applications, only. PortalGuard can be installed directly on the following web servers:  IBM WebSphere/WebSphere Portal v5.1 or higher  Microsoft IIS 6.0 or higher  Microsoft Windows SharePoint Services 3.0 or higher  Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:  .NET 2.0 framework or later must be installed  (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms:  Microsoft Windows Server 2000  Microsoft Windows Server 2003 (32 or 64-bit)  Microsoft Windows Server 2008 (32 or 64-bit)  Microsoft Windows Server 2008 R2 PortalGuard works with Windows Terminal Services on Win2003 servers and Remote Desktop Services on Win2008 servers. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. Supporting Videos Please view the following videos to watch a demo of PortalGuard’s CBA Offerings: Welcome to the Platform: Discussing Contextual Authentication Consumerization Challenges: Discussing Device Management Platform Layers Beyond contextual authentication, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals:  Tokenless Two-factor Authentication  Self-service Password Reset  Real-time Reports / Alerts  Knowledge-based  Password Management  Single Sign-on © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9
  • 11. Tech Brief — Contextual Authentication ### © 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10