The Identity & Access Management Blog: 2012

Friday, April 20, 2012

Bridging the Gap Between IDM & Healthcare

This week we're proud to feature a blog post from our sister company, GCA Technology Services. Today we're discussing Healthcare and how to optimize your existing solution for reduced error and compliance findings.

I recently read an article from local, technology-focused periodical that was recruiting nominees for “Technology Entrepreneur of the Year.” As I was reviewing last year’s winner, I noticed something intriguing. The winner works for a company that takes disparate spreadsheets of information from different software providers and connects them so there is one, complete view of the information on just one screen. I was shocked to see that this software company’s CEO first wrote the program in 2001.

What we do here at GCA is no different. We are expanding our sister site, Actionidentity.com to fully showcase our expertise in taking disparate systems and connecting them with a user provisioning solution. More on this later.

The company I was referring to in the beginning of this blog connects spreadsheets. Well, GCA connects healthcare applications (Cerner, AllScripts, Keane, McKesson to name a few) to a user provisioning solution so that new users or those that need to be modified can be managed easier.

Most healthcare organizations have to onboard and off-board new employees, contractors, temporary workers, and visiting employees from another hospital through a manual process. GCA has taken these manual workflows and made them a thing of the past.

GCA has the ability to reduce costs, provision users quicker, and provide transparency and audit-friendly reporting for any and all healthcare organizations. We have had tremendous success and can offer a universal solution for any healthcare application and for any user provisioning (NetIQ/Novell, CA, Oracle, etc) solution.

Interoperability is not a new concept for many people. Healthcare application and user administrators might feel that it is because until now, they were unable to join the two. I’m excited to be working on projects that are the first of their kind, bringing a better experience and a safer/more protected solution that meets HITECH/Meaningful Use/HIPAA regulations.

For more information or if you want to read a case study, go ahead and leave me a comment and I will e-mail you a PDF about the healthcare IDM successes we’ve had.

To learn more about identity management, please visit Action Identity. If you’d like to discuss an identity and access management solution for you, we invite you to contact us.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Tuesday, April 17, 2012

Password-Based Security Risks

Passwords and security risks are a major concern for a lot of growing businesses today, especially those who have or hold access to sensitive information such as police stations, court houses, hospitals and clinics. Many of these organizations use some sort of directory system like eDirectory or Active Directory to maintain their users’ authentication and authorization into the internal network and various databases. Each organization also maintains the password policies for their users (i.e. Expires every 45 days, Must be 7 characters, Must have one number, etc…). With a growing number of applications follows an increased number of passwords, which poses difficulties in managing.

It is common for people to write down their current password somewhere which makes losing it or having it stolen a higher risk for the security of the system. Brute Forcing of passwords is another risk of environments that solely rely on passwords for access to their systems. Brute Forcing is simply guessing the password, which has a high success rate because it’s common for people to use default passwords. Social Engineering to guess passwords is also growing to be a serious threat for systems protected only by user created passwords.

The CJIS Mandate is being put into effect for federal agencies that utilize federal resources to protect sensitive information from threats like the ones listed above. Two-factor authentication requires "something you have" and "something you know" in order to access the system. This eliminates the risk of only needing a password to gain access to important databases. Most agencies are already using some sort of smart card technology to access buildings, parking garages, and specific equipment. By utilizing biometric authentication or smart card authentication, organizations can add a layer of protection limiting improper access to domain resources and environments.

Thank you for your time in reading my blog about the risks of managing an environment solely protected by passwords. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

Vendors such as HID naviGO and Authasas have great software solutions to meet advanced authentication specifications. Read more about Authasas and the features it provides in Authasas: Software for Strong Authentication. To learn more about the CJIS Mandate and HID naviGO's features, check out CJIS Advanced Authentication Requirements and naviGO Software.

I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and password management, visit our website. To contact us directly, please click here. We look forward to hearing from you.

Interested in learning more? Check out these entries:
The Benefits of Using HID to Secure your Company
Becoming Compliant with the CJIS Security Policy
What is IDM?
View More...

Still have questions? Contact us!
Be sure to follow us on Twitter!

Learn about Password Management and CJIS Compliance!

Thursday, April 5, 2012

OpenDJ - Cost Effective Directory Solution

Currently, if you want to run an organized business, you need a directory for your employees and perhaps your clients as well. If you’re an entrepreneur and starting a small business, you may not have the financial means for purchasing one of the big named directory services such as Active Directory or NetIQ’s eDirectory. OpenDJ is a great solution for getting your business off the ground, being that it is the most complete open source directory product. OpenDJ also provides plug-and-play installation, allowing your IT staff to set up the directory and move on to configuring your budding infrastructure. OpenDJ also runs on Java, providing multi-OS deployment, including virtualized environments.

If you’re worried about security, don’t be. Just because the product is open source doesn’t mean they skimp on securing your data with multiple degrees of authentication and authorization, password encryption, and password policies. OpenDJ also allows integrates seamlessly with any vendor specific code you might need/have. OpenDJ may be open source, but it definitely has what it takes to compete with the big dogs in the “closed source – proprietary” environment.

By utilizing the open source availability of this product, with a competent staff of developers, there is almost no limit to what can be implemented using this solution. Don’t fret about having to customize everything yourself though! There is a full suite of tools and management applications that come with your installation. Also, because it runs on the Java Virtual Machine, it can be run virtually on any operating system that supports java.

Thank you for taking time to read my blog. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, visit us here. If you'd like to contact us directly, please click here.
What is IDM? Get your Identity and Access Management questions answered here.

Interested in learning more about ForgeRock? Check out these other entries:

Stacking ForgeRock OpenIDM Up to the Competition
What is ForgeRock OpenAM?
ForgeRock's OpenIDM Open Source Identity Management
The Necessity of Identity Management
View more entries

Stacking ForgeRock OpenIDM Up to the Competition

Researching ForgeRock OpenIDM 2.0, and the website’s claim to being flexible and easy to use, has sparked my interest into what the product has to offer. ForgeRock is growing in popularity in the development community because of its open availability and the user community forums. Developers are working together to help improve the software and make a strong code base. OpenIDM 2.0 is designed to help provide businesses with a solution for business process handling and compliance and the product excels at this by using JSON for reconciliation, synchronization, and mapping, making the process of bulk importing users into a system more developer/administrator friendly.

Some key features of ForgeRock OpenIDM that I found interesting were features like its ability to integrate well with 3rd party legacy and cloud applications. OpenIDM leverages use of OpenICF (Open Source Identity Connector Framework), a set of connectors to a number of systems as well as offering the ability to extend with additional connectors. Just to re-emphasize, this product being Open Source and freely available to obtain and modify makes the value of using OpenIDM to meet a business’s Identity Management needs, a highly viable solution.

Identity Management isn't a new thing, and there are many other competing Identity Management products available. Some other similar products are NetIQ (formerly Novell) Identity Manager 4, Oracle Identity Manager 11G, or IBM Tivoli Identity Manager. For the purposes of this blog, I'll stick with NetIQ IDM 4, Oracle IDM 11G, and ForgeRock OpenIDM 2.0.

After learning about how easy to obtain OpenIDM was, I went ahead and downloaded a copy from the site and I'm now giving it a try in a test environment. The product is most certainly something to take a look into if you are interested in Identity Management. I'm excited to dig into ForgeRock OpenIDM, so keep checking back for a future blog on my ForgeRock OpenIDM 2.0 User Experience.

Thank you for taking time to read my blog. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, visit us here. If you'd like to contact us directly, please click here.
To get more information on Single Sign On Solutions, please click here.
What is IDM? Get your Identity and Access Management questions answered here.

Interested in learning more about ForgeRock? Check out these other entries:
What is ForgeRock OpenAM?
ForgeRock's OpenIDM Open Source Identity Management
The Necessity of Identity Management
View more entries

Benefits of Automated User Provisioning

User provisioning to company software such as payroll, commonly knows as identity management, has typically been a daunting task for database administrators or IT professionals. However, lately we have seen a new trend in automating the processes through means of a driver. Using drivers, the database administrator can create the user in the directory, or another program connected to the directory, and the user will be provisioned to all the programs he has access to and that are connected to the directory. This alleviates much of the mundane task of entering the same data in multiple positions and allows the database administrator to put it in one centralized location.

Automated user provisioning allows tasks that would normally take days to enter mere hours. Another benefit is that it creates a single point of failure, leaving your environment more streamlined. If an attribute, i.e. last name has to change because the user got married or had another life changing event, the database administrator would only need to change it in one spot, and the drivers will go out to their applications and submit the change in all the software the directory is set up to communicate with.

Automated user provisioning is the next step for organizations to become more efficient and streamlined when handling new hires or edits to current users. There are many benefits to taking a more driver oriented approach to user provisioning, however they all boil down to simplicity and efficiency.

For more information on automated user provisioning, and to learn more about us, visit Action Identity. If you’d like to discuss an identity and access management solution for you, we invite you to contact us.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Benefits of Automated User Provisioning

Still have questions? Contact us!
Be sure to follow us on Twitter!

Authasas: Software for Strong Authentication

The primary push for acquiring strong, two-factor authentication is to satisfy the CJIS Mandate. Many state and local police departments require access to the NCIC (National Crime Information Center). In order to retain access to this information, all law enforcement agencies must comply with the CJIS Mandate’s demand for strong, two-factor authentication. The cut-off for this date is at the end 2012, meaning that all law enforcement departments who have not satisfied the requirements of the CJIS Mandate, but wish to retain access to the NCIC, shall be fined.

Authasas is a pure software vendor, who integrates closely with NetIQ (formerly Novell) products. Their software is compatible with a wide variety of strong authentication hardware, ranging from smart cards and proximity cards to biometrics. The beauty behind a vendor who specializes in nothing but the software is usually a good indicator of solid software. This instance is no exception to that.

Authasas supports three types of credential storage: Active Directory via schema extension, ADLDS (formerly ADAM), or eDirectory. The installer itself is very straightforward and a full server-client install takes no more than twenty minutes tops.

Notice the subtle changes to the login screen. In the picture above, we’ve configured the software on the client side only to allow for the traditional username and password or a card reader as login options. The picture displayed above is fully customizable during the installation process; allowing companies to place their own logos in place of the Authasas one.

The enrollment process can occur by an administrator on the server, or through the client by the user.

The picture above displays how to enroll a user through the Active Directory Users and Computers window. Notice how Authasas has its own tab, with the ability to customize functionality for each individual user. Logs are very straight forward, as well.

Authasas centralizes all of its logging within its own container in the Event Viewer. Authasas utilizes its own logging service to gather logs from all of the machines installed with the client on the network, tracking all logical access and access attempts.

The beauty behind Authasas is the incredible efficiency delivered by something seemingly simple. Deploying Authasas in your environment not only satisfies the requirements of the CJIS Mandate, but also satisfies the biennial FDLE audit for logical access.

If you are interested in an Authasas strong authentication demo, please contactus. For more information about how this specifically applies to the CJIS Mandate, CJISMandate.com.

Thank you for taking the time to read my blog about Authasas and the CJIS Advanced Authentication Mandate. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, and how we can assist in making your organization CJIS compliant, visit our website.

Interested in learning more? Check out these entries:
What is IDM?
Messaging Protocols SOAP vs. REST, Which One's Better?
View More...

Tuesday, March 6, 2012

NetIQ Sentinel 7 Log Manager - IDM's Greatest Assistant

With Identity Management becoming a more prevalent and a bigger part of your business, you’re going to want an application that can keep an eye on anything that might go wrong in your system. For that purpose, NetIQ Sentinel 7 Log Manager is the perfect tool. With its near plug-and-play installation, and one-click reporting, Sentinel 7 Log Manager can make the lives of your IT personnel easier, and make the cost of deployment, management, and storage shrink.

The first thing that caught my eye about NetIQ Sentinel 7 Log Manager was how simple it was to install. It comes built with SUSE Studio, and has so much functionality out-of-the-box, that you feel like you just plugged in another piece of hardware and kept going. Right off the line, you get event collection, autonomous updating, and work with the drivers you already have to send messages to Sentinel while watching the action on each driver. Talk about security and performance!

Secondly, Sentinel Log Manager is extremely easy, yet vastly detailed with a one-click reporting module. Instead of defining each piece of data that you need in a report, you can go ahead and use text based queries, which are clickable fields in the trace data, or you have the option of using a GUI filter. When you query your log data using Sentinel Log Manager, you have the ability to turn that search into a repeatable report. Once you’re done finding what you need, Sentinel allows you to create your own template for the data, and you define what fields are required by each report.

With all this functionality in such an easy package, Sentinel is sure to increase the productivity of your connector management personnel drastically. Whether it’s bug finding, report generations, or just simply deploying and managing connectors, Sentinel is a friend to all. Sentinel also comes with a scalable appliance on SUSE Studio in order to take advantage of non-proprietary storage systems, so you can leverage existing ordinary or cloud infrastructure.

So, there you have it. With so many reasons and uses Sentinel Log Manager has, there’s no question any IDM environment can benefit from having this amazing product by its side.

I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and NetIQ Sentinel, visit our website. To contact us directly, please click here. We look forward to hearing from you.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Thursday, March 1, 2012

The Benefits of Novell Secure Login

Recently we reviewed Symplified’s Single Sign On client. Today, we'll look at another Single Sign On (SSO) application, Novell Secure Login. Novell Secure Login has a lot of the benefits many SSO applications boast, such as the ability to login once and have access to a plethora of applications you use every day for work. However, with Novell Secure Login, you also get the added ability to login from anywhere you choose and it will still feel as if you were right at your desk. Another added benefit to Novell Secure Login is its seamless integration to eDirectory or Active Directory as a user store.

With the growing technological influence on big business, users are required to login to an increasing number of applications, and countless passwords. This unfortunately leads employees to write down their passwords on sticky notes or notepads, which if left unsecured, increases the risk of unauthorized access. In order to eliminate this problem, Novell Secure Login has you login once to the application of your choice, and then it stores the password securely. Now, if you want to login to that application again, you just login to Novell Secure Login, click the application, and voila! You’re granted access! Novell Secure Login can work for upwards of 30+ applications at once, and you just have to remember one password, so no more passwords sprawled on sticky notes all over cubicles.

Novell Secure Login can also be used to enforce password policies and meet regulatory compliance. You can enforce strict password policies for your applications through Secure Login, and you can change the policies through Secure Login’s Interface at your convenience. Secure Login can also be used to enforce users to comply with regulatory compliances such as HIPPA, the Sarbanes-Oxley Act, and even the Gramm-Leach-Billey Act.

With Novell Secure Login, you have an astonishing amount of out-of-the-box functionality. Right away, you get support for Windows, Web, Java, and Terminal based applications. Not to mention the fact that it integrates effortlessly with Novell Identity Manager, Novell Access Manager, and Novell Sentinel. This allows you to have all your administrative duties normalized to one location or group of people. eDirectory can also be used as the user store for Novell Secure Login, as well as Active Directory.

Once again, SSO applications are becoming the wave of the future in this vastly expanding world of Web Based and application based enterprise workforces. With Novell Secure Login, you get what you would expect from an already dominant name in this field of identity management, with compliance, ease of use, and integration into so many prevalent enterprise applications.

For more information on Novell Secure Login, and to learn more about us, visit Action Identity. If you’d like to discuss an identity and access management solution for you, we invite you to contact us.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Tuesday, February 28, 2012

Oracle University Classes for Identity Management

Since our blog’s inception, we’ve covered Oracle OIM, OAM, and other identity and access management products. Previously we’ve had guest bloggers from GCA Technology Services lend their talents to feature posts related to training and various IDM training classes. Today we have the pleasure of featuring another collaborative entry by an Oracle awarded GCA instructor to highlight Oracle identity management courses available to you.

In addition to offering an impressive array of identity and access management solutions, Oracle University in partnership with GCA Technology Services offers classes to suit your IDM training needs. In the courses listed below, you could learn the essentials for OIM 11g, and learn to have a successful implementation and maintenance of an entire OIAM stack.

Oracle Identity Manager 11g: Essentials Course: D65160GC10

This class is a good introduction into the entire "OIAM Suite" of software products. It includes an overview of the structure of "Managed Servers" (such as OIM and OAM) on top of the Oracle 11g Weblogic Server. This concept is central to understanding the stack and applies to the entire "Fusion Middleware" infrastructure.

You’ll learn about the basic components of the OIM environment and how they work together. Also covered are best practices for starting/stopping/restarting the components in the correct sequence.

Oracle Identity Manager: Administration and Implementation Course: D52945GC10

This second-level OIM class delivers basic administration skills and more. Moving beyond a basic installation into the realm of customization, this class gives you a look into the working details of "connectors" -- the Java-based code that allows OIAM to communicate with literally any kind of external resource.

Many commonly-used resources can be configured using pre-defined connectors. Custom connectors can also be deployed for other resources using the GTC framework (Generic Technology Connector). All connectors can be deployed for provisioning, reconciliation or both.

Oracle Access Manager 11g: Administration Course: D63114GC10

Building upon the infrastructure described above, the OAM class gives you solid procedures for implementing "Access Management" -- that is, the ability to grant or deny access to websites/programs/severs of any type necessary. This requires a functional OIM environment, as OAM itself does not manage user data (it is not a stand-alone product), but must be used within the context of OIM.

This course presents a complete understanding of what is required to install, configure and deploy Oracle Access Manager utilizing WLS, WebAgents and mod_osso. Backward-compatibility for OAM 10g is also covered.

Oracle Directory Services 11g: Administration Course: D58676GC10

All OIAM services depend upon an LDAP server, typically OID. This class gives both an introduction into the concepts of LDAP as well as day-to-day specifics of managing OID/OVD. These are necessary core skills for the successful implementation and maintenance of the entire OIAM stack.

OID concepts and architecture are covered, as well as server replication procedures. Also covered are methodologies for the input and retrieval of data with the LDAP server including GUI, command-line tools, using LDIF files and bulk loading.

Oracle Identity Analytics 11g R1: Administration Course: D68340GC20

One of the main purposes for implementing OIAM is to provide centralized accounting and reporting of user access to resources. This class provides the learner with vital skills in analyzing and reporting that data.

Included are procedures on how to provide a complete view of access-related data that includes not only the user's access of a resource, but also the "who, why, how and where" of that access. Oracle Identity Analytics reduces operational risk exposure by providing a 360-degree view of user's access. This empowers an organization to make intelligent decisions about the type and level of access assigned to users.

Action Identity invites you to visit GCA.net/Oracle for a complete schedule of all Oracle University courses. We hope you found this information helpful and that you keep this in mind the next time you’re looking for identity and access management training. If you have questions, feel free to leave a comment below or contact GCA for further training information.

Action Identity specializes in business solutions involving technologies such as Identity and Access Management solutions. We are more than a technology company. We provide our customers with the strategic thinking, architectural vision, investment control, and practical solutions that save money, return value to the lines of business, and holistically implement solutions to preserve operations typically impacted by change and modernization. To learn more about us, visit our website. If you’d like to speak with us directly, please click here.

Still have questions? Contact us!

Thursday, February 16, 2012

A Smart Choice in Identity Management: CA IDM

Lately there has been a large influx of newly minted Identity Management products, and deciphering the overall grade of a product is undoubtedly a heavy undertaking. Simply put, it’s hard to weed the good from the bad. After wading through the different IDM solutions out there, one that stood out was CA. CA’s Identity Management Suite makes things faster, easier, and less error prone than having your IT department do it by hand. In fact, Gartner has consistently positioned CA in the exclusive “Leaders” quadrant for a variety of ranking. With CA you’re working with a trusted name in the industry.

CA Identity Management provides a lot more than just the common Identity Management solution. With this, user provisioning and removal, as well as any approval processes the user may need throughout his life-cycle, is automated. This allows for less human error by the IT department, preventing accidental access to services the user simply should not have. Workflows can schedule these events, and are completely customizable, allowing you to customize organization approvals and alerts. CA Identity management also supports customization on connectors without having to completely write, manage, and support custom code created by a technical consultant.

The CA Identity Management Suite also provides a core for the control of all users, roles, and policies you need for multiple identity services. You can collect and synchronize all users’ attributes, roles, and identity tasks to one hub, allowing for ease of access across your entire company. After aggregating all user data, users can login and update their personal information (i.e. street address, last name, postal address, password reset) on their own, freeing up your IT department for allocation on other pressing matters. They can also request access to certain privileges via the process of workflows, which can be approved by senior members of your team.

CA Identity Management also supports cloud applications in addition to the on-premises apps other identity management suites proudly boast. Connecting to cloud applications via CA Identity Management allows for your business to manage everything from a single point of access. CA Identity management has out-of-the-box connectors to interface with applications such as SAP, Active Directory, and Salesforce.com.

After reviewing the facts, CA Identity Management appears to be a sublime IDM solution. With cloud application support, automated user management, and user self-servicing, CA Identity Manager provides your company with everything you need to create a more optimized, efficient, and resource saving solution for all your businesses compliance and identity management needs.

The Importance of Aggregating Data

What do you do when integrating Identity Management with your enterprise and your company’s applications, and there are applications or services that require data that your identity vault does not contain? Often the solution is to put workflows into place to get the data that you need into your directory. When you go this route however, you’ve added man hours back into the provisioning process that cuts into the benefits you see from this kind of management service. As many of you have no doubt already determined, the best practice would be to already have this information in your vault, but where does it come from?

Most organizations use some kind of payroll or human capital management (HCM) software to keep track of human resources, salary, positions, and even information about your departments, facilities, and divisions with some solutions. Often when writing connectors/drivers only the information that is thought to be necessary at that time is aggregated and pulled into the IDM vault. However, in the future it is hard to tell what applications you will integrate or what those applications will need in order to provision or update identities. So when presented with a system like a payroll application, it is always in the best interest of your project to pull in all possible data. Even if you don’t have a reason to contain something like a “secondary state work license number”, a field may need that value in the future and it’s always going to be easier to pull the information in when you’re developing a connector/driver the first time, then to come back later and extend its schema.

I hope you found this information helpful and that you keep this in mind the next time you’re looking at a connector/driver to a system that contains extra data. If you have questions about this, feel free to leave a comment below or contact us directly.

Novell SecureLogin 7 and Securing Sensitive Authentication Information

Single sign-on, or SSO, is a type of access control for software systems to use to authenticate users’ credentials when accessing secure systems. SSO helps reduce password phishing and password fatigue by allowing the users to only enter their password once. This extra form of authentication also supports conventional authentication like Windows Credentials, and allows a company using SSO to reduce the costs of IT help desk calls regarding forgotten passwords. There are many vendors out in the marketplace for Single Sign-on software, but one that is exceptional and easy to integrate into most Windows based systems is Novell SecureLogin 7.

Novell SecureLogin 7 supports eDirectory, Active Directory, ADAM Directory, and other LDAP v3 directories, and also has a web wizard to enable SSO for websites. All SSO data can be backed up and restored using Novell SecureLogin making it much easier to maintain and secure user credentials. Many companies today are using smart-card access for door entry as well as computer access to help with security of important information. SecureLogin also offers support for smart-cards, biometric software, and integrates well with Card Management Systems.

Novell SecureLogin provides the highest standard of security and protection by using Triple DES (Data Encryption Standard) and AES (Advanced Encryption Standard) algorithms for the encryption of sensitive user data. The software can even capture an audit trail of SSO activity in Novell Sentinel so the events can be viewed through Windows Event Viewer. Also, implementation of SSO no longer requires administrators to learn complex scripting languages to implement SSO functionality, with SecureLogin, the wizard will automatically generate the scripting for them. This will decrease the amount of time it normally takes to enable a mixed-infrastructure from weeks to mere days.

A favorite success story for Novell SecureLogin involves a medical group based out of central Florida. In this success story, which can be read here, the medical group deployed Novell SecureLogin and Novell Modular Authentication Service to help safeguard electronic medical records and help with lowering cost of support. They also integrated SSO with a fingerprint biometric solution to ensure maximum protection of the records being stored in their databases. Securing and maintaining sensitive information about patients and medical histories is important to any medical company, so having authentication software in place can help with strengthening security over access to records. Not only did integrating SSO help with maintaining security for the medical group, but it also helped with reducing their IT costs and improving employee productivity.

Attachmate acquired Novell in 2011. Since its acquisition, the Novell brand has had its products split distributed into four different companies. The identity, security and compliance products from Novell are now under the NetIQ brand name. Action Identity references these products as "NetIQ" products in place of its former name, "Novell." The products that are rebranded include Novell Compliance Management Platform, Novell Privileged User Manager, Novell Sentinel, Novell Secure Login, Novell Access Manager (Novell iChain) and Novell Identity Manager.

Action Identity will continue to be a preferred, Platinum Identity, Security and Compliance partner with Novell Identity Management products, even as they fall under the NetIQ brand name. NetIQ will continue to develop and provide excellent support around the Novell suite of identity, security and compliance products. Action Identity is here to answer any questions you have about NetIQ/Novell. We are able to support and offer services for existing Novell customers as well as guide those new and prospective NetIQ customers.

Look forward to more blogs in the future on the ease of integration of Novell SecureLogin as well as more success stories from companies utilizing Single Sign-on for their businesses. The security policies for systems, applications, and websites can be easily and quickly enforced with products like Novell SecureLogin.

I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and Novell SecureLogin, visit our website. To contact us directly, please click here. We look forward to hearing from you.

Interested in learning more? Check out these entries:

Novell Secure Login: A Premier Single Sign On Solution

Novell Cloud Security Systems

Thursday, February 2, 2012

CJIS Advanced Authentication Requirements and naviGO Software

Introduction to CJIS Requirements and naviGO Software

Local, state, federal law enforcement and criminal justice agencies have started to comply with the recent mandatory authentication policy requiring advanced authentication when accessing the Criminal Justice Information System (CJIS) database. This system provides agencies with access to information such as fingerprint records, criminal histories, and sex offender registrations to name a few. The advanced authentication that is being put into place requires users to provide two forms of identification, physical and “something you know”, in order to access the highly sensitive information stored in the database. Physical identification would be when a contactless smart card is placed on a reader, and “something you know” would be when the user has to input a password or PIN number.

Many organizations today are already making use of new technology for access to parking garages, buildings, and computers. For the project I am currently working on, a HID OMNIKEY RFID contactless card reader is being used to demonstrate the strong authentication methods of naviGO software. NaviGO software, in combination with both contact and contactless readers, simplifies deployment of strong authentication and works well with Windows operating systems.

NaviGO’s Ease of Use

Many people today are already becoming familiar with contactless card technology whether for work, school, or at their local gym. Contactless readers are being installed in entrance ways and gates to regulate access to only those who have an active account with the organization. There are many different types of contactless cards, most common are the types that are similar to the standard credit card or ID. The NaviGO Server works with many types of smart cards including Crescendo, digital certificates, iClass, Prox, and Knowledge Based Authentication (KBA). Some new types of smart cards include some that can be put on a key ring, or stickers that can be used to grant access into buildings and computers.

Using naviGO software, administrators can control user credentials issued via contactless cards. The naviGO Administrator's Portal gives the ability for strong authentication to be customized based on policies or rules set by each organization. NaviGO can use information stored in Microsoft’s Active Directory to issue smart card credentials and apply user roles based on the group permissions (i.e. Administrators with Full Access, Users with Limited Access). Since many organizations are already using contactless cards for building access, this software will make use of the existing access cards to provide two-factor authentication.

Since most people are already familiar with access cards, they won't have to learn anything new or rely on calling a help desk to use the same card that let them enter the building to logon to their computer. This will make the transition for following the new authentication policies painless and less confusing.

Closing Remarks about Security

An administrator can setup default PINs for new employees as well as a default set of Emergency Access questions. A number of questions are predefined in the naviGO Workstation, but unique questions can be made and added to the system depending on the administrators’ preferences. Additionally, rules for setting a PIN can be customized for added security. Email alerts can be setup using the naviGO Administrator’s Portal to keep users informed of PIN or Password expirations and Unintended access.

NaviGO Software has helped make advanced authentication much easier for small and large companies. For more information about how this specifically applies to the CJIS Mandate, CJISMandate.com.

Thank you for taking the time to read my blog about naviGO Software and the CJIS Advanced Authentication Mandate. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, and how we can assist in making your organization CJIS compliant, visit our website.

Interested in learning more? Check out these entries:
What is IDM?
Messaging Protocols SOAP vs. REST, Which One's Better?
View More...