Password Synchronization


Published on

PortalGuard’s Password Synchronization offers a comprehensive solution which supports multiple directories including Microsoft Active Directory, Novell eDirectory, IBM System i, any LDAP v3-compliant directory and custom SQL user tables. Beyond being easy to implement and forcing user enrollment, PortalGuard enables self-service password reset, recovery and account unlock to manage forgotten passwords. PortalGuard helps reconcile any password complexity policies by enforcing a consistent set of password rules.


Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Password Synchronization

  1. 1. Understanding PortalGuard’sServer-based Password Synchronization: Managing Multiple Passwords Highlighting the Self-service Password Reset Layer of the PortalGuard Platform
  2. 2. By the end of this tutorial you will be able to… • How PortalGuard can help you • Understand password synch can be a midpoint between too many passwords and expensive SSO solutions • Learn about PortalGuard’s Server-based Password Synch • See the step-by-step Authentication Process • Know the technical requirements
  3. 3. The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Usability Security • Single Sign-on • Knowledge-based • Password Management • Two-factor Authentication • Password Synchronization • Contextual Authentication • Self-service Password Reset • Real-time Reports/Alerts
  4. 4. Before going into the details…• Configurable by user, group or domain hierarchy• Comprehensive solution supporting multiple directories• Enables self-service password reset, recovery and account unlock• Force user enrollment (optional)• Active Directory Password Filter (optional)• Cost effective and competitively priced• Easy to implement
  5. 5. Enterprise SSO
  6. 6. • Single password, single interface • Cost effective• Easier implementation • Flexible• Force enrollment • Server-based• No client-side software required • Self-service Password Reset Password Synch
  7. 7. The process of password synchronization… Correlates the passwords for multiple user accounts
  8. 8. Password Complexity Challenges Step One: Identifying Password Complexity Rules Rules differ from system to system causing a common hurdle to implementing password synch… Step Two: Change Password Rules on SystemsWARNING:Microsoft AD: no maximum password length or prevent specific charactersIBM System i: typically maximum length of 10 with special character limitations
  9. 9. Multiple Directories (including MS Active Directory, Novell eDirectory, IBM System i, LDAP v3-compliant, and custom SQL user tables ) Self-service Password Reset Real-time synch Consistent set of password rulesActive Directory Password Filter
  10. 10. Features:• Ability to link a user’s primary account to accounts on multiple systems/directories• All password changes, resets and account unlocks through PortalGuard flow to all linked systems in real-time• Aligns password complexity rules to reduce barriers to password propagation• Requirement to link accounts is policy driven which can be specific to the user, group or domain hierarchy• Account linking can be enforced or made optional• Supports multiple user account repositories
  11. 11. • Password Synch - eliminate the need for users to remember different passwords• Ease of Use - manage passwords from single consistent interface• Self-service - unlock accounts and reset passwords from one place• Seamless Integration - with existing logins using “sidecar” mode• Lower Costs - reduce password-related calls and required IT support• Increased Productivity - and user adoption for new services/websites
  12. 12. HOW IT WORKS
  13. 13. How to link an account…. Step 1: the user logs into a Windows workstation or an existing internal website. PortalGuard is notified of the logon and checks its policies to see if the user:• Is required to link to an account in another directory, and• If they have yet to do so
  14. 14. How to link an account….Step 2: Once the user provides the correct password, the secondary accountpassword will be immediately synched with the primary if necessary
  15. 15. Step 1:The user has forgotten their password and clicks “Forgot Password?” linkon the Windows logon screen or website logon page
  16. 16. Step 2:The user chooses to reset their forgotten password and proves their identityby correctly answering a series of challenge Q&A or entering an OTP
  17. 17. Step 3:The user enters a new password that satisfies all linked account systems. ThePortalGuard server resets all linked accounts to use this password andunlocks the accounts as well.
  18. 18. Step 4:Immediate feedback is given to the user that the password reset wassuccessful on all linked accounts.
  19. 19. Configurable through the PortalGuard Configuration Utility:• Password Synchronization • Password Policies:• Dictionary Words• Regular Expressions• Password History• Minimum Length• Maximum Length• Minimum: • Lowercase characters • Uppercase characters • Numeric characters • Non-alphanumeric characters• Enforce AD Complexity• Password Rule Grouping• Password Strength Meter
  20. 20. TECHNICAL REQUIREMENTSPortalGuard Desktop – for Windows workstationsSidecar Mode – enforce account linking on existing websiteAD Password Filter – enforce custom password policy fornative Ctrl+Alt+Del Windows password changes
  21. 21. A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authenticationto cloud/browser-based applications, only. • Microsoft Active Directory – Windows 2000 AD domain or later • Novell eDirectory 8.7 or later • IBM System i - V5R2 or later • Any LDAP v3-compliant directory • Custom SQL user tables • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2 • Windows Terminal Services on Win2003 • Remote Desktop Services on Win2008 • IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later
  22. 22. THANK YOUFor more information visit or Contact Us