Context Based Authentication


Published on

Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application. Please see a link to live tutorial here:

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Context Based Authentication

  1. 1. Understanding PortalGuard’s Contextual Authentication: A Multi-factor ApproachHighlighting the Multi-factor Authentication Layer of the PortalGuard Platform
  2. 2. By the end of this tutorial you will be able to… • Define PortalGuard • Understand the barriers to increasing security • Discover PortalGuard’s Contextual Authentication (CBA) • See the Step-by-step Authentication Process • Know the Technical Requirements
  3. 3. The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Usability Security • Single Sign-on • Knowledge-based • Password Management • Two-factor Authentication • Password Synchronization • Contextual Authentication • Self-service Password Reset • Real-time Reports/Alerts
  4. 4. Before going into the details…• Configurable by user, group or application• Stop making assumptions about who is accessing your applications• Adjust the authentication method dynamically with every access request• Gain insight into user access scenarios• Cost effective and competitively priced• Tailored Authentication for an exact fit
  5. 5. Remote AccessSecurity vs. Usability =
  6. 6. Two-factor Authentication for All Users = No FlexibilityAlthough desirable for security the barriers are overwhelming… • Not able to adapt to different access scenarios • Requires dedicated IT resources and hardware • High total cost of ownership • Increased Help Desk calls due to user frustrations
  7. 7. Two-factor Authentication for All Users = No FlexibilityIs there a midpoint between passwords and two-factor authentication?
  8. 8. Contextual Authentication is the Midpoint. Apply the appropriate authentication level… • Location Password-based • Time • Device • Network Multi-factor • Application Password-based
  9. 9. • Cost effective • Flexible • Five authentication methods: Password-based Single Sign-on Contextual Authentication (CBA) Two-factor Authentication Knowledge-based• Two-factor authentication options – soft tokens• SAML single sign-on• Real-time activity alerts• Notifications & Reporting
  10. 10. • Increased security – without impacting the user experience• Increase usability for authorized users while creating barriers for unauthorized users• Flexibility - configurable to the user, group or application levels• Lower total cost of ownership than hard token two-factor authentication alternatives• Reduce threats using a proactive approach• Gather Insight – analyze contextual data reports
  11. 11. Authentication Method:• Single sign-on: username and password (single password for multiple systems)• Password-based: username and password• Knowledge-based: username, password and challenge question• One-time Password (OTP): username and OTP• Multi-factor: username, password and OTP or contextual data
  12. 12. Credibility Score:A numeric value that is used to determine the appropriateauthentication method based on a set of ranges.Credibility Policy:A configurable policy based oncategories and identifiers towhich you can assign a score.
  13. 13. Weight:An optional percentage for each category that adjusts thecategory’s impact on the credibility score versus other categories. Application Realms:Identifies anapplication andassigns a weight tothat applicationthat adjusts theoverall credibilityscore.
  14. 14. HOW IT WORKS
  15. 15. Analysis Mode:Recommended for a 60-90 day period to establish a baseline for theenvironment.
  16. 16. Client-side Browser Add-on:Optional to collect users contextual data and can be installed silentlyusing a standard MSI.
  17. 17. Step 2: The user begins the login process by entering their username and clicking “Continue”.Step 3:The PortalGuard serveridentifies the user’scredibility policy andcomputes the following:• Gross score for each category• Any category weight impact to the score• Net score from the policy and weights• Modification due to sensitivity of requested application
  18. 18. Step 4:Contextual data is sent from the client-sidebrowser add-on to the PortalGuard server.The PortalGuard server looks up theappropriate authentication method usingthe final credibility score and previously setranges.PortalGuard enforced the appropriate authentication method for theuser’s current access attempt. The user provides the requiredcredentials to successfully complete their access request and login.
  19. 19. Configurable through the PortalGuard Configuration Utility:• Enable or Disable CBA• Assign users or groups to individual credibility policies• Credibility Policy: • Client Type • Use Category Weighting • Enforce Application Realms • Display Scoring UI • Categories • Weight • Identifiers • Credibility Score
  20. 20. Configurable through the PortalGuard Configuration Utility:• Default Ranges: • Start and End Scores • Authentication Types • Alert On or Off
  21. 21. Configurable through the PortalGuard Configuration Utility:• Application Realms
  23. 23. A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authenticationto cloud/browser-based applications, only.• IBM WebSphere/WebSphere Portal v5.1 or higher• Microsoft IIS 6.0 or higher• Microsoft Windows SharePoint Services 3.0 or higher• Microsoft Office SharePoint Server 2007 or later• .NET 2.0 framework or later must be installed• (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)• Microsoft Windows Server 2000• Microsoft Windows Server 2003 (32 or 64-bit)• Microsoft Windows Server 2008 (32 or 64-bit)• Microsoft Windows Server 2008 R2
  24. 24. THANK YOUFor more information visit or Contact Us