Multi-factor authentication

serves a vital function within any organization -securing access to corporate networks, protecting the identities of users, and ensuring that a user is who he claims to be.
Evolving business needs around cloud applications and mobile devices, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control.
The Need for Multi-Factor Authentication
New threats, risks, and vulnerabilities as well as evolving business requirements underscore to the need for a strong authentication approach based on simple service delivery, choice, and future-forward scalability. Today, organizations are asking:

- Can I address new demands of my business — like cloud and mobile devices?
- How do I map access control methods to business risk and the needs of my users?
- Can I centrally manage, control and administer all my users and endpoints?
- Who controls my user data?
- How can I incorporate additional security layers to help me further fortify against threats?
- And how do I keep it all practical and cost-effective?

More than ever, customers are looking for identity and access management solutions that deliver simplicity, automation, reduced TCO and choice.



Multi-factor authentication ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.
MFA can be achieved using a combination of the following factors:
-> Something You Know – password or PIN
-> Something You Have – token or smart card (two-factor authentication)
-> Something You Are – biometrics, such as a fingerprint (three-factor authentication)

Because multi-factor authentication security requires multiple means of identification at login, it is widely recognized as the most secure method for authenticating access to data and applications.
SafeNet's multi-factor authentication software delivers the protection you expect, while enabling customers with broader choice, improved visibility, and the ability to expand into the future. As a result, organizations using our MFA software have:
-> Better self-control of data - SafeNet enables customers with the option to create and control their own token data, so there is no reliance on a third-party vendor

-> Improved management and visibility – SafeNet's solutions deliver single-server management, providing full control, simple administration, and reduced cost and staff burden

-> Expanded options – SafeNet delivers the broadest choice when it comes to access security methods – so you can meet the needs of any user and any risk level (hardware or software, certificate-based authentication or traditional one-time-password, on-premise, or into the cloud)

-> Future-ready solutions - SafeNet provides new solutions that deliver MFA and single sign-on (SSO) for cloud applications as well as credentialing for mobile device management

-> Painless migrations - SafeNet offers seamless migration to cloud-based authentication, which maintain your existing investments and cause no disruption to end users
Strong authentication refers to systems that require multiple factors for authentication and use advanced technology, such as secret keys and encryption, to verify a user’s identity. The simplest example of is a consumer accessing funds via his or her ATM card. This requires something the user has (their card), and something they know (their PIN). Most people wouldn't want their bank to allow access to their checking account with just one factor.

Yet many organizations allow entrance to their valuable VPN, Citrix, and Outlook Web Access resources (often much more valuable than a single personal checking account) with only one factor—often a weak password. Strong authentication enables organizations to strengthen the protection of these vital resources.

While the decision to use multiple factors for verifying users' identities is clear cut, deciding on an approach is anything but. Today, there are hundreds of options, each presenting its own specific advantages and tradeoffs.
With the plethora of access control offerings available today, it is important for organizations to carefully evaluate the available solutions before making a decision on which solution to implement. When choosing a solution, organizations should take a number of factors into account. The following are some questions to consider:

-> Do I want to protect my internal network from unauthorized access? If so, consider two-factor authentication (2FA) solutions that enable flexible and comprehensive secure network access, both in the office and remotely if needed.

-> Do my users need to connect from remote locations? If so, consider portable solutions that enable secure VPN and web access for remote users, and that enable employees to secure their laptops and data while on the road.

-> Do my users need to access many password-protected applications? If so, consider solutions that provide single sign-on functionality, either by storing user credentials on the token or by integrating with external single sign-on systems.

-> I want my users to digitally sign and encrypt sensitive data or transactions? If so, consider smart card-based solutions that provide secure onboard PKI key generation and cryptographic operations, as well as mobility for users.

-> How sensitive is my business data? The more sensitive the data, the higher the priority on the robustness and security of the solution. -> Do I want to firmly protect data that sits on my users’ PCs and laptops? If so, consider token solutions that integrate with PC security products such as boot protection and disk encryption applications that require the use of a token to boot a computer or decrypt protected data.

-> Have I or do I want to implement a secure physical access solution? If so, consider token solutions that enable integration with physical access systems.

Authentication as a Service Overview

Cloud-based services adoption is increasing every year and more and more businesses embrace the benefits that derive from managing their data and applications in the cloud. In parallel, users access the organization data and applications from a growing number of devices, in different locations, opening the door to new threats. Authentication as a Service (AaaS) enables organizations to easily apply strong authentication onto multiple access points.

SafeNet Authentication Service delivers fully-automated, highly secure strong authentication with flexible token options that are tailored to the unique needs of your organization, substantially reducing the total cost of operation.

With no infrastructure required, SafeNet Authentication Service enables a quick migration to a multi-tier and multi-tenant cloud environment, and protects everything, from cloud-based and on-premise applications, to networks, users and devices.

- Automates everything: to reduce overheads and maximize effectiveness
- Protects everything: networks, applications and cloud services APIs
- Protects everyone: and provides choices: tokens, policies and customization
- Easy migration: move from an existing solution whilst protecting the current investment
- Saves money: on infrastructure and resource investments



- Broad Coverage
   - Extensive APIs for authentication and administration, self-service, web services free with platform
   Broad set of use cases
   Vendor and form-factor agnostic
- Extensive Automation
   Reduces the time and cost of provisioning, administration, and management of users and tokens
- Flexibility to Support Enterprise Wide Deployment
   - 24x7 availability
   - No hardware requirements
   - Grows with your organization’s requirements
- Multi-tier/Multi-tenant Environment
   - Easy to support different clients, regions and groups
   - Centrally managed policies
- Customizable
   - Complete definition and control of your users authentication journey
   - Multilingual support for user self-service, approval workflow and enrollment
   - Customize and brand the overall infrastructure and user experience so it is unique to the specific organization

- Low Total Cost of Operation
   - Simple, low, per-user pricing model with no hidden or additional costs br    - Cloud platform, reduced helpdesk expenses, lowered management time by 90%
   - Large-scale automation, user provisioning, and user self-enrollment
- Quick Cloud Migration
   - Smooth transition from an existing third party RADIUS authentication server
   - Maintain current token investment while immediately benefiting from lower operational costs
   - Automated processes significantly reduce administration and management overheads
- Peace of Mind
   - Robustness, availability and protection, in a trusted cloud environment


SafeNet Authentication Manager provides organizations with a comprehensive platform to manage the full
authentication life cycle across the enterprise and extend strong authentication to the cloud using a single, integrated system.


SafeNet Authentication Manager’s context-based authentication capabilities allow organizations to achieve convenient, cost-effective secure remote access with unobtrusive strong authentication, while maintaining the flexibility and agility to add protection with stronger methods of security when required.

With its “step-up” authentication capabilities, SafeNet Authentication Manager makes it easier for users by requiring an additional authentication factor only if they don’t meet pre-defined policy rules determined by IT administrators.

ncreasingly, more corporate applications are migrating to cloud computing environments and using Software as a Service (SaaS) based applications, necessitating a flexible and extensible strong authentication solution ensuring that corporate data and applications remain secure while also enabling easy user access to these cloud-based services.

SafeNet Authentication Manager addresses this challenge by providing a seamless, consistent strong authentication and SSO experience for enterprise users who need to securely access Office 365 and SaaS applications, such as GoogleAppsandSalesForce.com (SFDC).

Employees are increasingly using non-IT sanctioned consumer devices to gain access to sensitive corporate and customer data. IT departments are struggling to enforce security policies on these devices exposing businesses to serious security vulnerabilities in the form of data breaches and unauthorized access.

SafeNet Authentication Manager addresses this challenge by offering credential life cycle management and over-the-air certificate provisioning for mobile devices, ensuring that only authenticated users with a trusted device can access corporate information and applications. With SafeNet Authentication Manager, organizations have the tools to authenticate users via a private trusted certificate that is stored on the device, ensuring that employees can safely access corporate resources with either their personal device or those issued by the enterprise.

Supported SafeNet Authenticators:

Supported SafeNet Authenticators:

-> eToken 3400
-> eToken 3500
-> eToken 4100
-> eToken 5100
-> eToken 5200
-> eToken GOLD
-> eToken NG-FLASH
-> eToken NG-OTP
-> eToken PASS
-> eToken PRO
-> eToken PRO Anywhere
-> eToken PRO Smart card
-> eToken Virtual
-> MobilePASS



Supported Operating Systems:

-> SAM Server and Management: Windows Server 2003/R2, Windows Server 2008/R2 (32-bit and 64-bit)
-> Client: Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server 2003/R2, Windows Server 2008/R2 (32-bit and 64-bit), Mac OS
-> Mobile Clients: BlackBerry, iOS, Windows Phone, J2ME, Android


User Repositories:

-> Microsoft Active Directory
-> ADAM
-> MS Microsoft SQL Server
-> Open LDAP
-> Novell eDirectory


Features

-> Support for step-up authentication

-> Supported Authentication Methods:
-> Context-based authentication
-> OOB
-> OTP software
-> OTP hardware
-> Certificate-based hardware and software

-> Secure Remote Access For:
-> SaaS applications via support for SAML
-> Office 365
-> iOS devices accessing network resources
-> VPNs
-> OWA and Web-based portals
-> Citrix solutions
-> VDI solutions



-> Local Network Logon
-> Support for OTP and certificate-based local network access in connected and off-line mode

-> Comprehensive Management Capabilities: -> Separation of duties and role-based authorization
-> Cross-domain management plus multi-forest Active Directory support
-> Credential provisioning and management for iOS devices
-> Automatic user provisioning for SaaS applications
-> Self-service portals that allow user self-enrollment and token management
-> Reporting
-> Authenticator assignment, enrollment, and update



Benefits

-> Achieve granular control with context-based authentication:
-> SafeNet Authentication Manager leverages configurable policy rules to offer granular control over the level of authentication required each time a user logs on to an online resource.
-> Extend secure access to cloud environments: Secure access, single-sign on, and automatic user provisioning for Office 365 and SaaS applications from a single authentication back-end.
-> Extend secure access to mobile endpoints: Credential provisioning and authentication management for iOS devices ensures that only employees with trusted devices can access corporate resources.
-> Address different risk levels: Complete support for OTP, certificate-based authentication, transaction signing, software, and out-of-band, as well as advanced security applications, in a single system allows organizations to address numerous risk profiles.
-> Flexibility to grow: Evolve your authentication infrastructure to include OTP and CBA solutions, as well as advanced security applications Improve Productivity: Reduce the workload of IT staff with an integrated IT infrastructure, automated processes, and intuitive self-service tools.
-> Reduce support costs: Automated processes, over-the air activation and installation for software tokens, and intuitive self-service tools ensure extensive support for end users and lower helpdesk costs.
-> Maintain compliancy : Comprehensive auditing and reporting features enable compliance with privacy regulations.

SafeNet Authentication Manager Express (SafeWord 2008)

SafeNet Authentication Manager Express (formerly SafeWord 2008) is an out-of-the-box one-time password (OTP) two-factor authentication solution that enables secure remote access to your organization’s most sensitive and confidential resources.

Image

With the push of a button, SafeNet Authentication Manager Express authenticators generate a highly secure, one-time password that can never be re-used, hacked, or compromised. The password’s two-factor authentication mechanism ensures that only properly authenticated users can access critical applications and data whether they reside in your data center, the cloud or virtualized environments.


SafeNet Authentication Manager Express offers both hardware and mobile authenticators, as well as management software and maintenance, in an all-in-one OTP authentication solution that is easy to install, use, and manage.

SafeNet Authentication Manager Express allows you to seamlessly extend secure access to cloud-based Software as a Service (SaaS) applications such as GoogleApps and Salesforce.com using the same easy-to-install and maintain management software and authenticators that you use for secure VPN and Citrix access.

SafeNet Authentication Manager Express provides seamless integration with Active Directory and enables organizations to leverage existing Windows environments to implement a simple and straightforward authentication solution including user self-help and enrollment capabilities, facilitating simplified deployment and maintenance.

Additional management capabilities are available with the Enterprise Solution Pack (ESP) which lets you manage users outside of Microsoft Active Directory.

Image

Supports Hardware and Mobile Authenticators


SafeNet Authentication Manager Express supports a range of hardware and mobile authenticators that can be deployed side by side or incrementally as needed. These include:

eToken PASS (Time-sync and Event-based hardware token) MobilePASS (Software OTP and OOB solution) GOLD (Challenge Response OTP device)



Image

Supported Solutions


-> Secure remote access for employees
-> Secure remote access for partners and customers
-> Transaction security


System Requirements
Operating Systems

Server OS: 32 or 64-bit Windows Server 2003 (R2 SP2), Windows 2008 (R2 SP1), or Windows Server 2012 (R2)
Desktop OS: 32 or 64-bit Windows XP (SP2), Windows 7, and Vista

CPU

Pentium IV or AMD @ 1.8 GHz (minimum), 2 GHz (recommended)

RAM

1 GB (min) 4 GB (recommended)

Disk Space

3-5 GB (min) 10 GB (recommended) on NTFS-formatted drive

Benefits


-> Secure remote access for leading VPNs, SaaS applications, Citrix applications

-> Embedded cloud support lets you extend secure access to SaaS applications using the same platform

-> Tailor the authentication method to users’ needs with a variety of hardware and software authentication options

-> Fast and easy installation: up and running in minutes - no technical training required

-> Recognized as the easiest solution to administer, manage and use for Windows environments

-> Enables compliance with privacy regulations

-> Lifetime Replacement Policy: SafeNet Authentication Manager Express authenticators never expire and come with a lifetime token replacement policy. (Customers should have a current support contract for all users to be eligible).

Image


SafeNet MyID smart card/token management system is a Web-based authentication and digital credential management solution for enterprises that is used to issue, manage, and support SafeNet cryptographic smart cards and SafeNet iKey® USB devices for identity-based applications throughout the organization.

How It Works


SafeNet MyID gives enterprise customers a powerful, interoperable, and secure system that reduces the cost of deploying and supporting smart cards and iKeys. Through innovative, policy-based enrollment features, SafeNet MyID significantly reduces the time an enterprise spends issuing and managing smart cards/tokens for geographically distributed users.

SafeNet MyID makes it easier to perform a wide range of critical digital management activities - everything from requesting or renewing a user's digital credentials to revoking or reissuing these credentials.



SafeNet MyID Features & Benefits


-> Web-Based: Makes it easy to roll out enterprise-wide
-> Fully Customizable: Fits into corporate security policies and business rules
-> Enterprise-Controlled Card/Token Deployment: Designed to immediately issue authentication devices at the enterprise, so no need to wait for card delivery from a service bureau
-> Secure Authentication to Servers: Can be accessed over a public network
-> PKI Independent Digital Credential Management: Manage keys, certificates, and data on cards/ USB devices
-> PIN Management: Reduces calls to your support desk due to forgotten PINs
-> Broad Credential Support: Includes support for digital certificates, keys, passwords, biometrics, etc.