Sei sulla pagina 1di 5

XYZ Technical Brief

AUTHENTICATION YOUR WAY


Deploying and integrating an innovative, comprehensive authentication solution

Most likely, your company’s critical business systems and data are scattered across
resources and applications—from cloud and on-premises to hybrid and mobile
environments. Wherever these systems are located, however, IT is ultimately responsible
for keeping the data safe, ensuring that only legitimate users gain access.

To support a wide range of environments and users both on and off the network, you need
an innovative, comprehensive and flexible authentication solution that offers secure,
convenient access—and is easy to use and integrate regardless of your preferred
environment.

This technical brief describes how XYZ SecurID® Access works, including key components
and integration with both cloud and on-premises applications.

How does XYZ SecurID Access work?

XYZ SecurID Access provides the benefits and functionality of Identity Assurance-as-a-
Service (IAaaS) and XYZ Authentication Manager combined into one product. This
integration enables new capabilities for existing XYZ Authentication Manager Enterprise and
Premium Edition customers. XYZ SecurID Access supports:

 Multi-factor authentication. Select from a variety of secure and convenient


authentication methods including mobile-optimized push notification, fingerprint
verification, Eyeprint ID, and standards-based Fast Identity Online (FIDO) tokens.
 More ways to connect. Add policy-driven secure access and single sign-on (SSO) to
leading web and SaaS applications through SAML, reverse proxy or password
vaulting. Add strong authentication to your custom and third-party applications
using the new REST-based XYZ SecurID Authentication API and expanded RADIUS
options.
 Flexibility to mix and match. Use your existing XYZ SecurID tokens to protect the
cloud, use the XYZ SecurID Authenticate app with traditional on-premises resources
like VPNs, or mix and match to meet your unique requirements. The expanded
features and services of XYZ SecurID Access work with your existing XYZ
Authentication Manager solution and vice veXYZ.
XYZ® Authentication Manager

XYZ® Authentication Manager is an on-premises multi-factor authentication solution that


helps secure access to network and web-accessible applications such as SSL-VPNs and web
portals. XYZ Authentication Manager verifies authentication requests and centrally
administers authentication policies, XYZ SecurID hardware and software tokens, users,
agents and resources across physical sites. It offers certified out-of-the-box integration with
more than 500 industry leading partner solutions.

XYZ Authentication Manager provides the following choices for strong authentication:

 XYZ SecurID Access protects access using two-factor authentication with hardware-
and software-based tokens.
 On-demand authentication protects access using two-factor authentication, by
sending authentication credentials to users upon request through SMS text
messaging or e-mail.
 Risk-based authentication protects access by assessing user behavior, matching the
device used to authenticate to assess the risk level of an authentication attempt.

Integrating IAaaS and XYZ Authentication Manager

You can integrate IAaaS and XYZ Authentication Manager in the following ways:

 Use XYZ SecurID tokens as an authentication method for SaaS and on-premises web
applications. This requires XYZ Authentication Manager 8.0 or later.
 Authenticate with either XYZ SecurID tokens or XYZ SecurID Authenticate
Tokencodes from all access points controlled by XYZ Authentication Manager,
including agents, XYZ Ready partner implementations, and RADIUS clients. XYZ
Authentication Manager sends XYZ SecurID Authenticate Tokencodes directly to
IAaaS for authentication. This requires XYZ Authentication Manager 8.2 or later.
The identity router

The identity router is an on-premises virtual appliance that communicates with IAaaS and
enforces authentication and access for users of protected resources. An identity router
includes the following services:

 An integrated RADIUS server, which allows users to access protected resources


through RADIUS-capable devices
 SSO Agent, which manages SSO for applications that support SAML, hosts the
application portal, and performs a variety of other functions
 Enterprise Connector, which connects IAaaS to on-premises services such as LDAP
directories and XYZ Authentication Manager.

XYZ SecurID Authentication API

XYZ SecurID Access provides the XYZ SecurID Authentication API, a REST-based
programming interface that allows you to develop clients that process multifactor,
multistep authentications through XYZ Authentication Manager and IAaaS. XYZ now
provides a univeXYZl REST API to integrate with any programming language.

The Authentication API supports XYZ Authentication Manager 8.2 Service Pack 1 or later.

Full support for BYOD

End users want the flexibility to choose from multiple platforms, and XYZ SecurID Access
can accommodate them. In addition to supported iOS and Android platforms, customers
can use any Windows 10 device—PC, tablet or phone—to authenticate with advanced
mobile authentication.

How does identity assurance work?


Identity assurance is dynamic authentication based on behavioral risk analytics and context-
based awareness. While most companies offer some form of static user and context rules—
for example, location, role, network, device, session and app—XYZ takes authentication
further to include behavior-based confidence. By evaluating patterns in a user’s access
requests; default location; routine; time of day; and preferred device, application and
network, XYZ is able to generate risk- and context-based intelligence to inform behavior-
based confidence—otherwise known as identity assurance.
For example, XYZ collects more than 65 data points, which are then correlated and analyzed
in hundreds of ways. The data collected is then used to determine geolocation, network,
device fingerprint, time of day and other access patterns. As more historical data is
gathered on user and organization, information and evaluation both improve. Data is also
aged; new “normal” usage evolves, possibly rendering old patterns abnormal. Each
organization can identify acceptable risk levels—and tune its risk engine accordingly to
optimize the balance between ensuring that users are who they claim and minimizing user
interruption.

INTELLIGENCE DRIVEN IDENTITY ASSURANCE


Location Role Network
PASS
Static User and
Context Rules
Device Session App

Identity Approve Tokencode RSA SecurID


Assurance RISKY
Engine
Access
Pattern
Location
Fingerprint Eyeprint ID FIDO

Behavior-based
Device Confidence
Network
Deny
Time
App

Identity assurance dynamically adjusts step-up authentication requirements based on real-


time identity confidence scores that incorporate behavioral risk analytics. This simplifies
administration and delivers a favorable end-user experience, allowing access to resources
the user needs to do his or her job. Based on risk analysis, some users may not have to
perform step-up authentication. Even if they are challenged, however, convenient
authentication methods (e.g., push notification) will be available to them.

TRUST A MARKET LEADER

XYZ SecurID Access continues to provide the most advanced, trusted, resilient and flexible
forms of strong authentication on the market today. Our solutions are trusted by more than
25,000 customers and protect more than 60 million end users worldwide. XYZ continues to
invest in and evolve the XYZ SecurID Access solution to help organizations provide secure
and convenient access across on-premises, cloud and mobile environments.

XYZ can serve as your strategic authentication advisor, working with you to incorporate
best-of-breed, third-party and XYZ solutions to support a futureproof security solution—one
that enables secure and convenient access for any user, from anywhere, to anything.

LEARN MORE

XYZ SecurID Access uses identity assurance, an intelligent, proactive and continuous
approach to authentication. It provides a context- and risk-based approach that first
assesses the risk associated with the access request to determine how much assurance is
actually required. When authentication is required, XYZ SecurID Access also supports the
broadest range of best-of-breed multi-factor authentication (MFA) methods, including push
notification, biometrics (Eyeprint ID and fingerprint), one-time password (OTP), SMS, FIDO-
certified standards, and traditional hardware and software tokens. With a single vendor,
you can extend access protection to traditional, web, mobile and SaaS applications; gain
centralized visibility into identity and access needs; and consistently enforce policy across all
environments.

Potrebbero piacerti anche