Great eight: newest release of Indeed AM 8.0
We are pleased to announce the release of long-awaited Indeed Access Manager version 8.0. It is a new milestone in the product lifecycle which lays the groundwork for the development of the system as a complete integrated solution for managing access to all information systems of an enterprise.
What is new in Indeed Access Manager 8.0?
New server with WL and ESSO support
The main element of Indeed AM is the authentication and management server. In the new version, the server was transformed into a web application. This transition allows to more efficiently address modern authentication tasks: the deployment of fault-tolerant and high-performance server clusters with load balancing is now performed by using industrial approaches from web development.
Indeed AM 8.0 server now supports Windows Logon and Enterprise SSO authentication modules. So all integration modules work through a new authentication server with a single access log. Let us remind you of the full list of integration modules:
- Windows Logon
- Enterprise Single Sign-On
- SAML Identity Provider
- NPS RADIUS Extension
- ADFS Extension
- IIS Extension
- RDP Windows Logon
Indeed AM 8.0 uses a centralized model for user authentication management system, based on policy mechanism. Indeed AM policies are a continuation of the Enterprise SSO roles development and they contain all the user access parameters to applications:
- List of available applications
- Permitted authentication methods for each application
- Policy scope (set of users and groups covered by the policy)
- Policy administrators (employees who have rights to manage system settings within the specific policy)
The use of policies significantly simplifies system administration and access control. Now there is no need to configure access settings for each user individually, you just need to do it once at the policy level and include all necessary users or user groups in it.
Brand new management console
The new release includes a completely redesigned system management console. The new console is designed in accordance with modern approaches to UI and UX in web development. The main improvement in the new console is the appearance of a sidebar – a side navigation panel with all sections listed. In addition to the sidebar, the console includes new elements of management which make navigation and daily operations easier.
Example of a policy with added applications
Creation of MFA chains
In the new release, we have made it possible to combine a user’s domain password with any authentication method supported in Indeed AM to create an multi-factor authentication chain on the fly. The chains are created by simple system configuration without the necessity to develop or install additional components. For example, it is possible to configure access to a PC in the following ways:
- domain password and fingerprint
- domain password and contactless card
- domain password and push authentication
At the same time, the system administrator can restrict using each authentication method (factor) separately and allow using MFA mode only.
In the new release, we have improved the licensing policy of Indeed AM. The major changes are the following:
- Licenses are automatically distributed to users on the basis of policies. It is no longer necessary to manually distribute licenses.
- There has been developed a license cleaning service that allows withdrawing licenses from the users excluded from policies.
- Now each integration module has its own license key (there are no ‘common’ keys for several modules any more).
We have added the configuration wizard of Indeed AM server. In a convenient and graphic way, the wizard allows setting all the required parameters of configuration files to launch the server. The wizard also allows saving a backup copy of configuration files which simplifies deploying of additional servers and updating of current ones.
Indeed AM Configuration wizard
We have also added numerous not-so-big improvements:
- Support of push-authentication through AirKey in Windows Logon and eSSO;
- Support of trusted relationship between domains from different forests;
- Page with sign-in history has been added to the user’s profile;
- The name of the current operation (logon, password change etc) is specified in the authentication window of eSSO-agent.
- Ability to download eSSO template from AM server