Aegis Password Management Appliance

Password Management Challenges 

In today’s digital marketplace, user access is everything. The average user accesses between five and fifteen IT systems on a daily basis, and many of those systems have their own password-based authentication system. Users are unlikely to remember fifteen passwords, leading to ‘manual’ efforts to synchronize passwords, write down passwords, or choose simple, easy to remember passwords. When users forget a password, calls to the help desk can take up to 20 minutes to resolve the issue, resulting in user frustration, increased cost, and lost productivity. Existing password reset mechanisms such as knowledge-based authentication (KBA) or challenge/response questions are subject to increased risk when multiple applications in the organization implement KBA reset differently.

The typical cost of a help desk password reset across all applications is estimated @ $30-$70 per support call. Automating password management can help reduce this cost and the repetitive burden on help desk personnel while meeting security and compliance demands. 

Password Manager Appliance Highlights
 

• Offers pre-built options to implement various password management functions (central password policy, password change, reset, challenge/response, delegation) that allow users to reset their own passwords at their own convenience from any web browser and administrators or help desk personnel to easily reset or change passwords and use authentication questions for identity verification.
• Provides the following functions:
       -Reset forgotten password
       -Change password, synchronize passwords
       -Change answers to authentication questions
       -Synchronize authentication question/answers from external source
             *Example: check number of last paycheck, final grade in CS 101, etc 
       -Force user to register and answer authentication questions
       -Automatic password expiration and notification of pending expiration
       -Help desk reset password
• AegisUSA’s Password Manager Appliance includes hardware and software that takes into account sizing, high availability (HA) and future scalability. The identity server requires minimal configuration to integrate. The AegisUSA Password Manager includes an account discovery function to import existing users and link accounts together across systems. The system then acts as a single place for password management, including: Change Password, Forgot Password, Change Authentication Questions, and Password Policy Configuration.
• The Password Manager solution is delivered on a best-in-class solution providing robust auditing, reporting, and enterprise-level functionality.

Account Discovery

Account Discovery is supported on over 50 resources, including systems such as:

• Active Directory
• Database Table
• LDAP
• Linux

Account Discovery uses correlation rule based on UserID or other primary key to link existing users from each password repository. Aegis USA Password Manager supports both the linking and unlinking of accounts as a users’ access to systems changes.

Three resources are configured as part of the standard appliance.  Additional resources can be added by customers or AegisUSA’s Professional Services team.

Change Password

The Change Password form and workflow allows the user to change their password at any time.  Passwords are immediately synchronized to each of the systems where the user has an account, but are not stored in the appliance.

Change Authentication Questions

The Change Authentication Questions form and workflow allows the user to change their authentication questions at any time. It will display the available questions and inform them of the number required to meet the organization’s security requirements.

Password Policy and Authentication Questions Configuration

Customers can choose from pre-configured password policies or build their own based on criteria such as length, complexity, expiration, and history. AegisUSA Password Manager’s default configuration supports a single password policy for all users, but can easily be expanded to apply different policies based on the type of user.

Auditing and Reporting

AegisUSA’s Password Manager supports the following audit and activity reports:

• User creations and deletes
• Account discovery linking and unlinking
• Password changes
• Challenge/Response question changes
• Logins and Logouts

Conclusion

AegisUSA’s Password Manager offers the solution organizations need to solve unique password management challenges while providing a platform that scales to handle future IAM needs such as Provisioning, Single Sign On, Federated Identity, and Compliance.