Implement centralized
authentication
amanagement

The Indeed AM solution integrates a single strong authentication scenario between different types of target resources

schedule product demo

Overview

Centralized access management systems have distinctive features that set them apart from the centralized control systems designed for other information security tasks. For example, in case of perimeter defense, all you need to do is buy a hardware and software unit from a single vendor and then use a single console for process management and monitoring. The same is true for other processes related to information security, such as protection against cyberattacks and viruses, or leak detection. For all these processes, there are standalone solutions with central management features.

So, in many cases you can purchase and use specialized technology solutions for various information security tasks, but when it comes to access management, you are most likely to already have a few elements in your IT infrastructure, as you may use isolated authorization systems for each individual service, desktop or web application, and operating system.

Not only are these systems self-sufficient in terms of identification, authentication, and access control procedures, but they may also have their own management consoles and event logs.

In this case, you may have to deal with a high level of fragmentation in terms of monitoring and management of user accounts, which makes it difficult to apply a uniform access management approach. Likewise, each service or system may have its own name notation and keep a log of its own information security events. This can make the investigation of access-related incidents rather challenging, especially if you do not use a Security Information and Event Management (SIEM) system.

If uniform access policies cannot be applied, this means that no uniform policies are in place for managing all the authenticators, including passwords. If your company relies on several services with isolated authorization systems, you may find yourself in a situation when your users are forced to use several authenticators (passwords).

One way to introduce centralized access and user account management in your company is by purchasing an Identity Governance & Administration (IGA) solution. However, the deployment of such solutions may prove extremely difficult, let alone the fact that some of them may not include authentication management modules or lack support for various strong authentication scenarios. The main purpose of IGA systems is to help you manage the lifecycle of your user accounts and related permissions across all target systems, devices, services, applications, and web applications.

Various issues that have to do with proper operation and administration of isolated authorization systems may cost your company time and money, as well as make it vulnerable to cyber threats. In this case, the optimal solution would be to use a specialized Access Management product designed for access security and control.

In order to build a centralized access security and control system, the first thing you need to do is integrate your Access Management platform with all the target resources.

The Indeed AM platform supports integration with the following types of target resources:

  • Workstations running Microsoft Windows
  • Application servers (Microsoft Windows Remote Desktop Server or Citrix XenServer)
  • Virtual desktop infrastructure (VDI)
  • VPN gateways for remote sessions
  • Public and corporate web resources
  • Corporate local apps on user workstations, etc.

The system integration enables the following uniform strong authentication scenarios:

  • Biometric authentication
  • Hardware authentication
  • One-Time password (OTP) authentication
  • Other authentication scenarios (for example, push authentication)

The Indeed AM platform offers several centralized access management features:

  • A single event log with personalized sessions, which can help you minimize your efforts required for investigating access-related incidents
  • Uniform policies for managing authentication and user access to target systems, which can help you minimize your efforts required for authentication management for connections to various corporate services
  • A single set of user authenticators, meaning that for each user group, you can set up specific authenticators which will be used for gaining access to all corporate resources (for both remote and local sessions)

All Indeed AM parameters can be customized via access policies. A relevant policy can be applied to a specific unit in your organizational structure (for example, an OU in Active Directory), and the settings for all users located in this unit or its child objects will be aligned with this policy. The scope of a given policy can be fine-tuned by filtering it with user groups.

The Indeed AM platform supports a deputy mode for individual users to be used in exceptional cases. For example, one of your employees who needs to monitor daily report submissions may be on a sick leave. You can use the Indeed AM Administrator to appoint another employee as their deputy. In this case, the deputy will use their own authenticators to complete authorization at their workstation on behalf of their sick colleague (which will be correctly displayed in the log) and perform all the necessary actions.

Integration with user directories

  • Active Directory
  • DBMS (SQL)

Target systems

  • Workstations running Microsoft Windows
  • Microsoft Remote Desktop Server
  • Microsoft Internet Information Services
  • Windows desktop applications
  • Web applications
  • VPN servers
  • Application servers
  • Virtual desktop infrastructure (VDI)

Integration mechanisms for target applications

  • RADIUS
  • ADFS
  • SAML
  • OpenID Connect
  • OAuth 2.0
  • Kerberos
  • Enterprise Single Sign-On

Authentication technology

  • Biometrics: fingerprints, palm vein pattern, and face geometry (2D and 3D)
  • Hardware devices: contactless cards, USB tokens, iButtons, and RFID cards
  • One-time passwords: TOTP/HOTP applications, OTP tokens, one-time password delivery via SMS, Telegram and email
  • Push authentication app (Indeed Key)

Types of access management operations

  • Operations with authenticators (register and deny, lock and unlock authenticators)
  • Operations with target systems (strong authentication methods, password management, and pass-through authentication)
  • Additional operations (deputy mode, policy application in line with the Active Directory groups, individual policies for each target system, service, or application)
  • A unified log of authentication events with personalized events (bound to users from the directory service)

Get the budget estimation of your project

get questionnaire

Industry about us

Get in touch with us

Indeed Identity key employees have more than 10 years of experience in the cybersecurity field. Our team has implemented hundreds of projects for companies of different industries: banks and financial institutions, telecommunications, energy, transportation, government and educational institutions.

Anton Shlykov

Head of Technical Support

Nikolay Ilin

Indeed AM expert

Vladislav Fomichev

Indeed AM expert

Denis Pavlov

Indeed AM expert

other solutions