The TriCipher Armored Credential System (TACS) provides strong multi-factor authentication for SalesForce.com by integrating with SalesForce.com through a single sign-on process. TACS offers various authentication methods from passwords to biometric scans. It seamlessly enhances SalesForce.com's security without changing the user experience.
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
In this webinar we will discuss the use of multi-factor authentication (MFA), and the new mandate in the latest version of PCI Data Security Standard, PCI DSS 3.2. MFA goes beyond traditional password-based approaches by combining multiple features, such as biometrics, behavioral patterns, and context information. In addition to covering these, the webinar will also address the problem of selecting the right combination of features for a business, given its unique priorities and circumstances. Learn how to comply with PCI DSS 3.2's MFA mandate for admin and user accounts.
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login practices. Requiring even more complex passwords is not recommended as users struggle to remember them – and write them down.
Multi-factor authentication has become best practice for strengthening login security and is now required by regulations such as the latest PCI Data Security Standard, the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500) and more. Watch this webinar to learn how multi-factor authentication can be implemented for IBM i users to strengthen security and meet compliance requirements.
You’ll learn:
• What true multi-factor authentication really is
• Authentication options and tradeoffs
• Tips on implementing multi-factor authentication for IBM i
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
In this webinar we will discuss the use of multi-factor authentication (MFA), and the new mandate in the latest version of PCI Data Security Standard, PCI DSS 3.2. MFA goes beyond traditional password-based approaches by combining multiple features, such as biometrics, behavioral patterns, and context information. In addition to covering these, the webinar will also address the problem of selecting the right combination of features for a business, given its unique priorities and circumstances. Learn how to comply with PCI DSS 3.2's MFA mandate for admin and user accounts.
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login practices. Requiring even more complex passwords is not recommended as users struggle to remember them – and write them down.
Multi-factor authentication has become best practice for strengthening login security and is now required by regulations such as the latest PCI Data Security Standard, the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500) and more. Watch this webinar to learn how multi-factor authentication can be implemented for IBM i users to strengthen security and meet compliance requirements.
You’ll learn:
• What true multi-factor authentication really is
• Authentication options and tradeoffs
• Tips on implementing multi-factor authentication for IBM i
Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application.
Tutorial: http://pg.portalguard.com/contextual_authentication_tutorial
Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application. Please see a link to live tutorial here: http://pg.portalguard.com/contextual_authentication_tutorial
2FA, Non Linear Authentication, MSK Security, Security for the Cloud on the Cloud
2 Factor authentication, SSO, IAM, HASP and Compliance
Hippa compliance Saas Hippa, Cloud Hippa, cloud secuirty, saas security, MSK Security, Cloud SSO, 2 factor authentication, HASP, Cloud computing, google apps security, Single Sign on, MITB, Man in the browser, Zeus malware, clampi trojan, clampi malware, zeus malware, msk security, non linear authentication,
urlzone malware, urlzone trojan, free two factor authentication, free password manager, free sso, free single sign on
This presentation talks about various access management topics in IAM domain like authentication, authorization, MFA, Password less authentication, certificate based authentication SSO protocols like SAML, OIDC.
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
Hitachi ID Password Manager:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
Integrated credential management for users:
passwords, encryption keys, tokens, smart cards and more.
PortalGuard’s Flexible Two-factor Authentication options are designed as strong authentication methods for securing web applications. PortalGuard leverages a one-time password (OTP) as a factor to further prove a user's identity. The OTP can be delivered via SMS, email, printer, and transparent token. Configurable by user, group or application this is a cost effective approach to stronger authentication security.
Tutorial: http://pg.portalguard.com/flexible_two-factor_tutorial
Managing credentials on-premise and in the cloud.
With over 12 million users worldwide, Hitachi ID Password Manager is the leading credential management solution. It lowers IT support cost and improves user service by eliminating problems and diverting resolution to self-service.
Password Manager includes password synchronization, single sign-on and self-service password reset.
http://hitachi-id.com/password-manager/
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
Hitachi ID Management Suite Demo:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.
Using automation and self-service to secure and automate user and entitlement management.
http://hitachi-id.com/
Two-factor Authentication: A Tokenless ApproachPortalGuard
PortalGuard is a software solution designed as a strong authentication platform, consisting of five layers including two-factor authentication, single sign-on, self-service password management, contextual authentication, and password synchronization, used for protect-ing browser-based applications which are hosted within an Intranet and/or outside the fire-wall, now commonly known as the Cloud.
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
Multifactor authentication
Multifactor authentication or MFA is a security system that requires more than on method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication combines two or more independent credentials: what the user knows like a password, what the user has the security token and what the user is like biometric verification. The goal of multifactor authentication is to create a layer of defense and make it more difficult for an unauthorized person to access a some like a physical location, network or database, or a computing device. If one of the factor is compromised, an attacker still needs at least one more barrier to breach before successfully breaking into the target.
Multifactor authentication cont…
Typical MFA scenarios include:
Swiping a card and entering a PIN.
Logging into a website and being requested to enter an additional one-time password OTP that the website’s authentication server sends to the requester’s phone, email address, or any other form.
Downloading a VPN client with a valid digital certificate and logging into the VPN before being granted access to a network.
Swiping a card, scanning a fingerprint and answering a security question
Attaching a USB hardware token to a Desktop that generates a one-time passcode and using the one-time passcode to log into a VPN client.
RSA Token/Symantec VIP Access
RSA token or security token is a two-factor authentication technology that is used to protect network resources. The authentication is based on two factors. The two factors are first something you know like your password or pin and the second factor is something you have the authenticator (RSA Token). The code that RSA Token produces changes every 60 seconds as an added form of security.
Symantec VIP Access is a software that protects your online accounts and transactions. The VIP credential provides a dynamic security code that you can use in addition to your user name and password for safe and secure account access. The code that VIP Access produces changes every 30 seconds as an added form of security.
How RSA Token/VIP software work
The way RSA Token and the VIP software work is when a user attempts to access a protected resource, he or she is prompted for a unique code. The code is a combination of their user’s password or pin and the code that is displayed on the authenticator token or VIP application at the time of logging in.
The user ID and pass code are intercepted by the RSA Authentication Agent and presented to the RSA Authentication Manager software which validates the pass code. The RSA SecurID system computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access. This is also the case with the VIP software.
Reference
http://www.webopedia.com/TERM/R/rsa_secure_id.html
https://idprote ...
PingID provides cloud-based, adaptive multi-factor authentication for Office 365, VPN, and all of your apps with mobile push and biometric authentication, one-time passcodes and more. Learn how Ping Identity enhances your security with MFA, without sacrificing the user experience.
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
Identity and authentication management, or IAM, represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, "If you spend more on coffee than on IT security, then you will be hacked." Many analysts concur that spending on strong authentication provides the greatest security return on investment. This educational white paper, written by Richard Stiennon, Chief Research Analyst at IT-Harvest and Executive Editor of securitycurrent, explores the concept of identity platforms.
• How to fix intrinsic weaknesses in authentication regimes that result in gaping and trivially exploitable vulnerabilities
• Explore the core features of an authentication and identity platform
• Examine specific features and components organizations should require in a software authentication platform
Secure and convenient strong authentication to protect identities and access to IT infrastructures is a key factor in the future of enterprise security. In the banking sector alone, Gemalto has contributed to large scale authentication rollouts for more than 3,000 financial institutions worldwide, with 50 million authentication devices delivered directly to our clients’ customers.
Through our knowledge and experience as the global leader in digital security, we have identified key steps to successfully implement strong authentication in your organization. The steps are presented in this guide.
Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application.
Tutorial: http://pg.portalguard.com/contextual_authentication_tutorial
Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application. Please see a link to live tutorial here: http://pg.portalguard.com/contextual_authentication_tutorial
2FA, Non Linear Authentication, MSK Security, Security for the Cloud on the Cloud
2 Factor authentication, SSO, IAM, HASP and Compliance
Hippa compliance Saas Hippa, Cloud Hippa, cloud secuirty, saas security, MSK Security, Cloud SSO, 2 factor authentication, HASP, Cloud computing, google apps security, Single Sign on, MITB, Man in the browser, Zeus malware, clampi trojan, clampi malware, zeus malware, msk security, non linear authentication,
urlzone malware, urlzone trojan, free two factor authentication, free password manager, free sso, free single sign on
This presentation talks about various access management topics in IAM domain like authentication, authorization, MFA, Password less authentication, certificate based authentication SSO protocols like SAML, OIDC.
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
Hitachi ID Password Manager:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
Integrated credential management for users:
passwords, encryption keys, tokens, smart cards and more.
PortalGuard’s Flexible Two-factor Authentication options are designed as strong authentication methods for securing web applications. PortalGuard leverages a one-time password (OTP) as a factor to further prove a user's identity. The OTP can be delivered via SMS, email, printer, and transparent token. Configurable by user, group or application this is a cost effective approach to stronger authentication security.
Tutorial: http://pg.portalguard.com/flexible_two-factor_tutorial
Managing credentials on-premise and in the cloud.
With over 12 million users worldwide, Hitachi ID Password Manager is the leading credential management solution. It lowers IT support cost and improves user service by eliminating problems and diverting resolution to self-service.
Password Manager includes password synchronization, single sign-on and self-service password reset.
http://hitachi-id.com/password-manager/
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
Hitachi ID Management Suite Demo:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.
Using automation and self-service to secure and automate user and entitlement management.
http://hitachi-id.com/
Two-factor Authentication: A Tokenless ApproachPortalGuard
PortalGuard is a software solution designed as a strong authentication platform, consisting of five layers including two-factor authentication, single sign-on, self-service password management, contextual authentication, and password synchronization, used for protect-ing browser-based applications which are hosted within an Intranet and/or outside the fire-wall, now commonly known as the Cloud.
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
Multifactor authentication
Multifactor authentication or MFA is a security system that requires more than on method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication combines two or more independent credentials: what the user knows like a password, what the user has the security token and what the user is like biometric verification. The goal of multifactor authentication is to create a layer of defense and make it more difficult for an unauthorized person to access a some like a physical location, network or database, or a computing device. If one of the factor is compromised, an attacker still needs at least one more barrier to breach before successfully breaking into the target.
Multifactor authentication cont…
Typical MFA scenarios include:
Swiping a card and entering a PIN.
Logging into a website and being requested to enter an additional one-time password OTP that the website’s authentication server sends to the requester’s phone, email address, or any other form.
Downloading a VPN client with a valid digital certificate and logging into the VPN before being granted access to a network.
Swiping a card, scanning a fingerprint and answering a security question
Attaching a USB hardware token to a Desktop that generates a one-time passcode and using the one-time passcode to log into a VPN client.
RSA Token/Symantec VIP Access
RSA token or security token is a two-factor authentication technology that is used to protect network resources. The authentication is based on two factors. The two factors are first something you know like your password or pin and the second factor is something you have the authenticator (RSA Token). The code that RSA Token produces changes every 60 seconds as an added form of security.
Symantec VIP Access is a software that protects your online accounts and transactions. The VIP credential provides a dynamic security code that you can use in addition to your user name and password for safe and secure account access. The code that VIP Access produces changes every 30 seconds as an added form of security.
How RSA Token/VIP software work
The way RSA Token and the VIP software work is when a user attempts to access a protected resource, he or she is prompted for a unique code. The code is a combination of their user’s password or pin and the code that is displayed on the authenticator token or VIP application at the time of logging in.
The user ID and pass code are intercepted by the RSA Authentication Agent and presented to the RSA Authentication Manager software which validates the pass code. The RSA SecurID system computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access. This is also the case with the VIP software.
Reference
http://www.webopedia.com/TERM/R/rsa_secure_id.html
https://idprote ...
PingID provides cloud-based, adaptive multi-factor authentication for Office 365, VPN, and all of your apps with mobile push and biometric authentication, one-time passcodes and more. Learn how Ping Identity enhances your security with MFA, without sacrificing the user experience.
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
Identity and authentication management, or IAM, represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, "If you spend more on coffee than on IT security, then you will be hacked." Many analysts concur that spending on strong authentication provides the greatest security return on investment. This educational white paper, written by Richard Stiennon, Chief Research Analyst at IT-Harvest and Executive Editor of securitycurrent, explores the concept of identity platforms.
• How to fix intrinsic weaknesses in authentication regimes that result in gaping and trivially exploitable vulnerabilities
• Explore the core features of an authentication and identity platform
• Examine specific features and components organizations should require in a software authentication platform
Secure and convenient strong authentication to protect identities and access to IT infrastructures is a key factor in the future of enterprise security. In the banking sector alone, Gemalto has contributed to large scale authentication rollouts for more than 3,000 financial institutions worldwide, with 50 million authentication devices delivered directly to our clients’ customers.
Through our knowledge and experience as the global leader in digital security, we have identified key steps to successfully implement strong authentication in your organization. The steps are presented in this guide.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Security 101: Multi-Factor Authentication for IBM iPrecisely
Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login password practices.
Multi-factor authentication has become a popular method for strengthening login security and is now required by certain regulations such as the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500).
During this webcast, you’ll learn more about:
• What multi-factor authentication means
• The difference between multi-step and multi-factor authentication
• Authentication options and tradeoffs
• How Syncsort can help
View this 15-minute webcast on-demand to learn the fundamentals of multi-factor authentication and how it can be implemented for IBM i users.
Entrust IdentityGuard Mobile is a family of identity applications that leverage existing mobile devices for greater security, including transaction verification, one-time-passcode (OTP) authentication and embedded mobile application security.
And Entrust IdentityGuard Mobile is available on today's leading smartphone platforms, including the Apple iPhone, Google Android, RIM BlackBerry, Microsoft Windows Mobile and Symbian.
E-Lock AdaptAuth is an AI-powered, Adaptive, Multi-factor Authentication solution that provides an advanced layer of protection in the form of Adaptive MFA. Adaptive authentication utilizes information such as IP addresses, geo-locations, device signatures and user behavior patterns to assess the risk and accordingly adapts the authentication flow.This is achieved by building a risk profile for every user by analyzing past authentication attempts and behavioral patterns. The extent of deviation from such patterns invokes additional MFA factors until desired levels of identity assurance are achieved.
Capabilities provided by AdaptAuth:
Basic Authentication
Two-factor authentication- App based OTP, Email/SMS OTP, Digital Certificate, Fingerprint, FIDO2 authentication
Multi-factor Authentication
Adaptive Authentication
Single-Sign on
The Best Shield Against Ransomware for IBM iPrecisely
Did you know a frequent vulnerability that is exploited to initiate a ransomware attack on your IBM i is a compromised password? The most frequent approach to compromise system access is Credential Stuffing where an intruder finds user ids and passwords that have been stolen from somewhere else, sold on the dark web and attempts to use them at another organization. This is often successful because many people re-use the same password they use at work at multiple other online sites.
Adding multi-factor authentication is the #1 action most enterprises can do to prevent cybersecurity incidents from occurring. Even in industries that do not currently require MFA for regulatory compliance, governments are taking cybersecurity more seriously as agencies and infrastructure are increasingly being targeted. Investing in an MFA solution is an effective way to secure your data from unauthorized access and protect your resources.
Assure Multi-factor Authentication’s advanced capabilities provide unique, flexible solutions to access control on the IBM i. With our new, powerful user interface, we are making MFA easier to implement and control. Watch this on-demand webinar to learn:
• How malware gets on to the IBM i system
• Tips on implementing MFA for the IBM i
• How our new interface can make deploying MFA even easier
SECURITY THE POWER OF MULTI-FACTOR AUTHENTICATIONProtected Harbor
The "Power of Multi-Factor Authentication" infographic highlights the enhanced security provided by MFA. It demonstrates how MFA combines various authentication methods, bolstering data protection. This visual tool underscores its effectiveness in preventing unauthorized access and data breaches. It's a valuable resource for anyone looking to bolster their cybersecurity. Download it today!
1. TriCipher Armored Credential System™ (TACS)
Strong Authentication for SalesForce.com
Integration Benefits you know (such as a password or PIN),
TriCipher enhances SalesForce.com by something you have (such as an
seamlessly adding multi-factor functionality authentication token), or something you are
to the Username / Password method (biometrics, such as a retina scan, or
currently used today. Organizations will fingerprint). Consumers are used to a multi
continue to derive the benefits from factor authentication model with ATM cards
SalesForce.com and will now have the - the PIN being something you know, the
additional capability to transition their ATM card is what you physically have.
organizations from weaker password
protection to something much stronger. Employing Multi Factor authentication for
use online, however, is much more
Benefits challenging because it typically requires the
user to carry or present something physical.
Strong authentication for SalesForce.com
that prevents identity theft and fraud Historically, traditional Multi-Factor
authentication methods have been too hard
Prevents man-in-the middle (MITM) and to deploy and manage for large consumer
complex phishing attacks bases, due not only to the high costs
associated with initial purchase, but also the
Seamless integration with a transition path overhead of initial deployment,
from weak password systems to strong lost/replacement, management and
authentication customer support. Add to this the fact that
many users are not yet ready or prepared
Choose from an array of strong multi factor to deal with hardware tokens, scratch cards,
authentication methods from the TriCipher client software downloads and extra
Authentication Ladder. authentication steps, even if it protects their
bank account and identity information.
Compliance with stringent audit and
TACS Solution
regulations such as FFIEC, HIPAA, GLB, etc.
The TriCipher Armored Credential System™
(TACS) provides a comprehensive
Multi Factor Authentication infrastructure that can be used to address
Multi factor authentication by definition is many of these risks. Its unique Multi-part
the use of a combination of more than one credential and Flexible Factor technologies
factor for the purpose of user enable a single infrastructure to issue
authentication. A “factor” can be something credentials of different strengths. This
2. allows the enterprise to tailor the type of download strong authentication solution. In
credential to the specific level of risk B2F, the 2nd factor in the form of an
without having to deploy multiple costly encrypted cookie or a browser certificate is
infrastructures. transparently given to the users’ browser.
Also, as a part of the activation process, the
The system architecture is designed to allow user selects an image or a secret text
TACS to be easily deployed for external phrase they will recognize when they come
Software as a Service (SaaS) applications back to the web site. TriCipher is unique in
like SalesForce.com and also to protect this clientless offering by going up the
internal web applications. Servicing some of ladder with the B2F Certificate option (as
the highest volume financial services cookies are susceptible to certain attacks
applications for demanding customers, and can be deleted or copied).
TACS provides high reliability, availability
and scalability. In addition B2F has advantages as:
• Requires no change in user behavior.
TACS provides a variety of Multi Factor The user is completely unaware of
authentication options (see TriCipher the change and migration to his type
Authentication Ladder below), allowing you of credential from a password-only
to balance security, cost and ease of use system is transparent (even their
based on the results of your risk password remains the same).
assessment.
• No client software. Browser 2 factor
requires no client side software.
• Phishing protection. Browser 2 factor
protects against phishing attacks
whose aim is credential theft.
• Authenticate your web site. Showing
a welcome message reassures the
user that they have reached your
site, not a phisher's replica.
Device 2 Factor (B2F) strong
authentication
Perhaps the easiest to use, deploy and
manage is using the login device as second
factor. With this type of credential, the
Browser 2 Factor (B2F) strong second factor is stored securely on the PC.
authentication
The user has nothing new to carry, but does
The Browser 2 Factor rung of the TriCipher
need a small piece of client side software,
Authentication Ladder offers a zero
3. the TACS ID Tool. The device 2nd factor Additional credential types
provides strong protection against all types TACS provides for other credential types,
of phishing including man-in-the-middle. including smart cards and using three or
The client software also provides the more authentication factors.
additional benefit of performing an optional
security presence check before TriCipher Authentication Gateway
authentication. Device 2 factor is often used (TAG) strong authentication
for high net worth consumers, business The TAG is an integral part of the TriCipher
banking customers, active traders, Armored Credential System (TACS), The
administrators at individual branches (or at TriCipher Authentication Gateway (TAG)
client companies) and channels such as acts as a services layer for web applications.
mortgage brokers. The TAG reduces the time to deploy strong
authentication, increases authentication
Portable 2 Factor
performance, and ensures the security of
Portable 2 factor takes advantage of the
the login process by providing a single
security of multi-part credentials to use
standardized strong authentication service
commodity storage products or consumer
for use by every application within an
electronics as a 2nd factor for
organization. The TAG, based on patent
authentication. Users can choose something
pending technology, manages the
they carry already such as an MP3 player or
authentication for every level of the
USB memory stick, or the financial
TriCipher Authentication Ladder including
institution can issue something branded.
passwords, browser cookies/certifications,
The 2nd factor in this case is protected by
PCs, portable devices, tokens, smart cards
rolling key technology to defeat would-be
and biometrics to provide a unified
thieves. Portable 2 Factor provides strong
authentication infrastructure. When users
protection against all types of phishing
log into any web application, they are
including man-in-the-middle. The TACS ID
handed off to the TAG to manage the entire
Tool is required for this type of credential
authentication process and verify the
and provides the additional benefit of
credentials of each user with the ID Vault.
performing an optional security presence
Once authenticated through the ID Vault,
check before authentication.
the TAG delivers a SAML token to the SaaS
Armored Token 2 Factor solution like SalesForce.com which either
Armored Token 2 factor protects one time validates the SAML assertion or passes it via
password tokens from man-in-the-middle a back trusted channel to the TAG for re-
attacks. This type of credential also requires validation and then provides the user the
the TACS ID Tool and provides the option of appropriate level of access.
a security presence check. Armored Token 2
How does the integration work?
factor is often used to protect existing one
time password deployments.
The TACS solution consists of the TAG and
the ID Vault. The solution can either be
4. hosted internal to the organization or as a 2) User then strongly authenticates to TAG.
hosted service. TAG validates the users’ strong
authentication credentials with the ID Vault.
Users are initially given a strong credential
before the single sign-on feature for 3) Once the TAG authenticates the users’
SalesForce.com is turned on. This involves strong credential, it submits the user id and
batch loading the users into the TriCipher a SAML token (as password) to
system and generating a one-time-use SalesForce.com.
activation code that can be sent to the
users via email, SMS or even a phone call. 4) SalesForce.com then validates the user id
and then sends a SOAP/XML message with
Based on the type of licensed user id and SAML token (the one we passed
SalesForce.com Edition you may need to them in step 3) to a web service on the
request SalesForce.com to turn on single TAG.
sign-on (SSO) AFTER your users have
registered for strong authentication. The 5) TAG then validates the SAML token and if
Enterprise and Unlimited Editions are more valid it returns a SOAP/XML message
flexible and allow you to turn on single sign- confirming the user authentication to
on on a per user basis by creating a new SalesForce.com
profile for SSO. You can turn on SSO before
the users register and enable SSO 6) SalesForce.com then allows the user to
individually for each user by clicking on a access (single sign-on) to their
checkbox in SalesForce.com SalesForce.com application.
Users go through a registration period
where they login to the TAG and are given
their second factor for strong
authentication. On the cut-over day, single
sign-on is turned on for the users and they
are provided the HTTP link to login to
SalesForce.com – this can be on an internal
customer portal where users click on a URL
to login to SalesForce.com securely.
The process flow for the user to login to
salesforce.com is as below:
1) User clicks on the URL for Strong
Authentication to SalesForce.com. User
lands on TAG and inputs their username. Users are now required to login to
5. SalesForce.com using TriCipher strong
authentication. Users that try to go directly
to SalesForce.com will not succeed as they
are required to login securely via TriCipher.
Summary
The TriCipher solution gives organizations
powerful, seamless and flexible strong
authentication capabilities to secure access
to SalesForce.com. Customers can further
leverage this central authentication
infrastructure to secure access to internal
and external web applications.
Contact
TriCipher Headquarters:
750 University Avenue, Suite 260
Los Gatos, CA 95032
Phone: +1.650.372.1300
Fax: +1.650.376.8301
TriCipher US sales:
Email: sales@tricipher.com
Phone: +1.650.376.8326
Fax: +1.650.376.8301
TriCipher EMEA sales:
Email: emea@tricipher.com
Phone: +44 (0) 1223 451 075
Fax: +44 (0)1223 451 1