View
2.086
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Contextual Authentication, also known as Risk-based Authentication, is matching the level of authentication to the expected impact of the surrounding events. Simply put, contextual authentication dynamically establishes the level of credibility of each user in real-time and uses this information to change the level of authentication required to access an application. Please see a link to live tutorial here: http://pg.portalguard.com/contextual_authentication_tutorial
Citation preview
Contextual Authentication:
Highlighting the Multi-factor Authentication Layer of the PortalGuard Platform
A Multi-factor Approach
Understanding PortalGuard’s
• Define PortalGuard
• Understand the barriers to increasing security
• Discover PortalGuard’s Contextual Authentication (CBA)
• See the Step-by-step Authentication Process
• Know the Technical Requirements
By the end of this tutorial you will be able to…
The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a
balance between security, auditing and compliance for your web, desktop and mobile applications.
• Single Sign-on
• Password Management
• Password Synchronization
• Self-service Password Reset
• Knowledge-based
• Two-factor Authentication
• Contextual Authentication
• Real-time Reports/Alerts
Usability Security
Before going into the details…
• Configurable by user, group or application
• Stop making assumptions about who is accessing your applications
• Gain insight into user access scenarios
• Adjust the authentication method dynamically with every access request
• Cost effective and competitively priced
• Tailored Authentication for an exact fit
Remote Access
Security vs. Usability
=
• Not able to adapt to different access scenarios
Two-factor Authentication for All Users = No Flexibility
• Requires dedicated IT resources and hardware
• High total cost of ownership
• Increased Help Desk calls due to user frustrations
Although desirable for security the barriers are overwhelming…
Two-factor Authentication for All Users = No Flexibility
Is there a midpoint between passwords and two-factor authentication?
Contextual Authentication is the Midpoint.
Apply the appropriate authentication level…
• Location
• Time
• Device
• Network
• Application
Password-based
Multi-factor
Password-based
• Cost effective
• Flexible
• Five authentication methods: Single Sign-on
Knowledge-based
Contextual Authentication (CBA)
Password-based
Two-factor Authentication
• Two-factor authentication options – soft tokens
• SAML single sign-on
• Real-time activity alerts
• Notifications & Reporting
• Increased security – without impacting the user experience
• Increase usability for authorized users while creating barriers for unauthorized users
• Flexibility - configurable to the user, group or application levels
• Lower total cost of ownership than hard token two-factor authentication alternatives
• Reduce threats using a proactive approach
• Gather Insight – analyze contextual data reports
Authentication Method:
• Single sign-on: username and password (single password for multiple systems)
• Password-based: username and password • Knowledge-based: username, password and challenge question • One-time Password (OTP): username and OTP • Multi-factor: username, password and OTP or contextual data
Credibility Policy:
A numeric value that is used to determine the appropriate authentication method based on a set of ranges.
A configurable policy based on categories and identifiers to which you can assign a score.
Credibility Score:
Weight:
An optional percentage for each category that adjusts the category’s impact on the credibility score versus other categories.
Application Realms:
Identifies an application and assigns a weight to that application that adjusts the overall credibility score.
HOW IT WORKS
Analysis Mode:
Recommended for a 60-90 day period to establish a baseline for the environment.
Client-side Browser Add-on:
Optional to collect users contextual data and can be installed silently using a standard MSI.
Step 2:
The user begins the login process by entering their username and clicking “Continue”.
Step 3:
• Gross score for each category • Any category weight impact to the
score • Net score from the policy and weights • Modification due to sensitivity of
requested application
The PortalGuard server identifies the user’s credibility policy and computes the following:
Contextual data is sent from the client-side browser add-on to the PortalGuard server. The PortalGuard server looks up the appropriate authentication method using the final credibility score and previously set ranges.
Step 4:
PortalGuard enforced the appropriate authentication method for the user’s current access attempt. The user provides the required credentials to successfully complete their access request and login.
Configurable through the PortalGuard Configuration Utility:
• Enable or Disable CBA • Assign users or groups to individual credibility policies • Credibility Policy:
• Client Type • Use Category Weighting • Enforce Application Realms • Display Scoring UI • Categories • Weight • Identifiers • Credibility Score
Configurable through the PortalGuard Configuration Utility:
• Default Ranges: • Start and End Scores • Authentication Types • Alert On or Off
Configurable through the PortalGuard Configuration Utility:
• Application Realms
TECHNICAL REQUIREMENTS
A MSI is used to install PortalGuard on IIS 6 or 7.x.
This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only.
• IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later
• .NET 2.0 framework or later must be installed • (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2
THANK YOU For more information visit PortalGuard.com or Contact Us