Indeed Access Manager

This product provides multi-factor authentication of employees and creates a sigle access point to the IT systems of a company

get presentation
prew-product

Relevance

Any information system relies on access policies for operations with named subjects (users) and objects (data, resources, and services). The two pillars of access and identity management are user identification and user authentication. Authentication bears particular significance, being the last security barrier for malicious users who were able to obtain a legitimate user ID.

Password-based authentication remains the most popular access management technology. However, this technology does have a number of important disadvantages:

  • You need a security incident to actually occur to learn that your password has been compromised. Intruders are less than likely to be willing to openly show their presence in your network. On the contrary, they will do their best to disguise their activity and the fact that authentication data has been compromised, as long as possible.
  • Remote work only increases the risk of having your passwords compromised since it permits access from any devices, including uncontrolled ones.
  • Passwords are highly vulnerable to social engineering techniques when various manipulations are used to coerce the users to directly or indirectly disclose their password to the intruder.
  • Access blocking after a specified number of failed attempts may be disabled for some corporate resources, especially for local sessions. This means that such systems and services may be vulnerable to various password-cracking methods.

Another weak point of password management software lies in the fact that each information system or service may use its own authentication subsystem. This may cause further problems and reduce labor productivity:

  • Users need to remember and enter multiple passwords.
  • System administrators have to address a number of tasks:
    • Keep all users and their authenticators under control.
    • Respond to failures in different user authentication subsystems.
    • Monitor access events across multiple subsystems.
    • Reset forgotten user passwords.

Another factor deserves special attention: foreign media constantly feature news about leaked user account databases (containing logins and passwords) that later become available for sale on private web resources.

All issues and vulnerabilities related to password-based authentication can be solved by introducing a single comprehensive authentication management system. Such systems should be able to perform the following tasks:

  • Support additional types of authentication (that do not share the weak points of password management systems).
  • Enable centralized management of authenticators and access to corporate resources.
  • Offer the same set of authenticators for all corporate resources.
  • Ensure centralized monitoring of all access-related security events.

Indeed Access Manager platform

The Indeed Access Manager (Indeed AM) platform belongs to a specialized class of IT solutions that incorporates the following functional modules:

  • Authentication Management
  • Multi-Factor Authentication Provider (MFA-Provider)
  • Enterprise Single Sign-On
  • Web Single Sign-On
  • Out-of-band (Mobile) Authentication

The Indeed AM platform draws on our company’s long-term expertise of developing information security products, specifically those that have to do with access management.

product-content-img

Indeed AM is a software and hardware system providing centralized identity management policies, a universal authentication technology for all corporate services, and various strong and multi-factor authentication scenarios.

The key advantage of Indeed AM is that it supports various strong authentication scenarios across multiple target resources and authentication protocols (via relevant integration modules). This system was designed to replace password management software with more secure technology for neutralizing the above threats across your entire corporate IT infrastructure. In this case, all authentication data is stored in a secure vault.

Access policies define access rules, specify the technology to be used in specific applications, and establish the scope of permissions for system operators and administrators.

Corporate users can use the web console to view information about their authenticators. In addition, users can issue new authenticators and disable existing ones in the web application.

The Indeed AM Administrator and Operator Console is a convenient web application to customize, manage and audit the centralized authentication system. Administrators can use it to manage the system’s integration with your IT infrastructure and set up role-based access control. The console also serves as a tool for managing user authenticators and granting access to target resources (directly or via authentication protocols).

Client software designed for workstations running Microsoft Windows can be used to enable strong authentication scenarios (Windows Logon) and Enterprise Single Sign-On for corporate applications and web applications on user workstations.

The Indeed Key mobile app ensures secure access to your corporate resources. Users confirm their access via the app on their smartphones, where they can also view their access information and the name of the system they are trying to log into. The system also supports one-time password technology (TOTP protocol).

Special integration modules enable strong authentication scenarios for various categories of target resources as they support both specialized authentication protocols (RADIUS, ADFS, etc.) and specific target systems (Windows-based workstations, Microsoft RDS terminal servers, etc.).

Thanks to the convenient Indeed AM role-based mechanism, you can set up user privileges for employees with various job duties. For example, you can use it to clearly divide the responsibilities of federal and regional security administrators.

Strong authentication

A series of technical and organizational measures is required for replacing password-based authentication with new technology that can ensure a higher security level across your entire IT infrastructure.

One of the key tasks here is to select and introduce optimal strong authentication solutions. This is a relatively easy task when it comes to local access to corporate workstations. In this case, you can use Microsoft Windows built-in authentication tools, such as digital certificates or biometric scanners embedded in modern laptops.

However, this may prove increasingly more challenging if we are talking about strong authentication for remote access to corporate resources, when you need to assign specific authenticator sets to different categories of employees in line with their respective permissions.

product-content-img

The market offers multiple technologies for strong user authentication, including biometric authentication, push authentication, hardware-based authentication, digital certificates, or one-time passwords issued by local generators or sent by SMS or email. Every solution has both strong and weak points. Let’s consider a couple of examples.

  • Biometric authentication relies on the inherent and unique physiological and behavioral characteristics of users. However, such technology requires specialized scanners and can hardly be used for remote access from a potentially unlimited number of user devices.
  • User authentication relying on local one-time password generators (tokens or smartphone apps) supports scenarios for almost any type of target resource, both for local and remote sessions. It also does not require connection with corporate services. Yet, if a smartphone is used, there is always a risk that it may get hacked and taken over. On top of that, tokens must be purchased separately and may break down.

When choosing the right authenticator (or authenticators), one should consider a range of factors, such as:

  • Access scenario (local or remote access)
  • Device used (computer or smartphone)
  • Target resource (corporate application or public web service)
  • Users’ privileges and permissions

The Indeed AM platform is a universal tool that helps you select the optimal strong authentication types for your specific conditions.

Technological integration

During the migration to centralized access management, the main challenge lies in the fact that corporate services and applications may rely on several subsystems for user identification and authentication, and these subsystems are rarely interconnected. In some cases, a user may need more than one user account (login and password) to gain access to various services.

The following IT components can serve as target resources:

  • Workstations running Microsoft Windows
  • Application servers (Microsoft Windows Remote Desktop Server or Citrix XenServer)
  • Virtual desktop infrastructure (VDI)
  • VPN gateways for remote access
  • Public web services
  • Corporate local apps on user workstations

If we want to completely replace password-based authentication with other solutions, we may discover during implementation that password protection is the only type of authentication supported by some services.

product-content-img

The Indeed AM platform includes specialized modules offering extensive integration options.

Integration with authentication protocols:

  • SAML Identity Provider
  • ADFS Extension
  • NPS RADIUS Extension
  • OIDC Identity Provider

Integration with specialized servers:

  • RDP Windows Logon (Microsoft Windows Remote Desktop Server)
  • IIS Extension (Microsoft Internet Information Services)

Integration with local resources:

  • Windows Logon (workstations running Windows)
  • Enterprise Single Sign-On (desktop and web applications)

The platform also supports integration with the following types of access and identity management solutions:

  • Identity & Access Governance (IAG, IAM)
  • Physical Access Monitoring and Control System (AMCS)
  • Endpoint Security Suite (ESS)

Thus, you can use the Indeed AM platform to create a single authentication system encompassing all your corporate services.

Centralized authentication management and monitoring

As noted above, the main challenge of migration to centralized access management has to do with multiple subsystems used at the same time. More often than not, your IT infrastructure includes services, systems, and even devices with their own user directories, which means that all of them require separate user identification and authentication. This issue can be addressed by using relevant Identity Governance & Administration (IGA) software. However, IGA deployment is not an easy task. Building a unified access management model that correctly assigns user privileges will require extensive and resource-intensive R&D efforts.

In addition, each service has its own event log. In some cases, logins in different systems may even have distinct notation. When a security incident occurs, you may find it hard to quickly reconstruct the sequence of events since you will need to analyze multiple records from different logs. This problem can be solved by purchasing and deploying a Security Information & Event Management (SIEM) solution, but some companies may find that they are lacking the necessary resources.

If we take a closer look at the problems mentioned above, we may be tempted to conclude that only big companies possessing sufficient resources can hope to solve them, and the only way to do this is to buy expensive systems.

However, IGA and SIEM products may be redundant if centralized access management is your only task for today.

On the other hand, the Indeed AM platform does not offer centralized customization and management of user permissions in specific target systems, and neither can it collect and analyze data related to information security events.

What Indeed AM can do is help you address a set of tasks related to centralized access management that is best suited for your needs, keeping the required efforts and financial investments at a minimum. The Indeed AM platform can help you achieve the following results.

  • Have a single log of all access events with personalized connection data that can be used for investigating security incidents. You will only need to review one event log that contains all required information.
  • Apply universal policies for managing user authentication and access to target systems. All you need to do is set up integration with target systems and assign access rights for specific user groups in relation to specific resources once and for all.
  • Introduce a single set of user authenticators. For each user group, you can set up a comprehensive set of authenticators required for access to all corporate resources for both remote and local sessions.

It is important to point out that the Indeed AM platform is not at variance with SIEM and IGA solutions and cannot replace them. Even if your company plans to purchase and deploy SIEM or IGA software in the future, having Indeed AM is still highly desirable since it can help you address the most burning issue in the field of information security. After that, you can start working on centralized permission management, as well as end-to-end monitoring and analysis of all security events, including access events.

Technical parameters

User directories

  • Active Directory
  • DBMS (SQL)

Target resources

  • Workstations running Microsoft Windows
  • Microsoft Remote Desktop Server
  • Microsoft Internet Information Services
  • Windows desktop applications
  • Web applications
  • VPN servers
  • Application servers
  • Virtual desktop infrastructure (VDI)

Integration mechanisms for target applications

  • RADIUS
  • ADFS
  • SAML
  • OpenID Connect
  • OAuth 2.0
  • Kerberos
  • Enterprise Single Sign-On

Authentication technology

  • Biometrics: fingerprints, palm vein pattern, and face geometry (2D and 3D)
  • Hardware devices: contactless cards, USB tokens, iButtons, and RFID cards
  • One-time passwords: TOTP/HOTP applications, OTP tokens, one-time password delivery via SMS, Telegram and email
  • Push authentication app (Indeed Key)

Removable hardware tokens

  • eToken, ID Prime, and iKey (Thales Group, the former SafeNet and Gemalto)

Third-party security solution integration

  • Workstation security solutions: Secret Net Studio
  • Permission and user account management tools: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
  • Public key infrastructure management tools: Indeed Certificate Manager
  • Tools for information security event monitoring and correlation: SIEM solutions
  • Access monitoring and control tools: Bastion, Orion, and Seven Seals
GET TECHNICAL DESCRIPTION

Watch product in work

  • Strong authentication of employees to access the Windows operating system
  • Single sign-on: your trusted way to multiple business applications
  • Enjoy the usability and simpleness of secured access with 2D face recognition technology

Request a free demonstration of our product to learn how to address the most challenging scenarios related to information security and passwordless authentication of employees.

SCHEDULE PRODUCT DEMO
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Indeed Identity. With Indeed Identity, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Indeed Identity’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Indeed Certificate Manager provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Indeed Identity quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Indeed Identity software as a Distributor for the EU and beyond. Often I met Indeed Identities CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Indeed Identity, like Indeed Access Manager, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Indeed Identity and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Indeed Identity products should certainly be on the Turkish market. Thanks to our partnership with Indeed Identity, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Indeed Identity products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Indeed Identity for more than 2 years already. I can confidently say that Indeed CM is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Indeed AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Indeed CM brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Indeed Access Manager is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.

prod-1.jpg

Indeed Key mobile app

Indeed Key mobile application transforms a smartphone into an easy-to-use security tool for authentication. It can be used for access to all enterprise resources: email, VPN, web-applications, PC, etc.With the use of the application Lorem ipsum dolor sit amet consectetur adipisicing elit. Quia, molestiae animi! Dolore similique fugit repellendus, tempore veritatis vero quia est, iure voluptate tenetur veniam distinctio? Illum itaque cum perspiciatis, temporibus mollitia, error deserunt amet sunt deleniti, necessitatibus dicta excepturi. Doloremque?
Order
prod-2

Fingerprint Scanner Futronic FS80

Futronic’s FS80 USB2.0 Fingerprint Scanner uses advanced CMOS sensor technology and precise optical system to deliver high quality fingerprint image. It can capture an almost un-distorted raw fingerprint image Lorem ipsum dolor sit amet consectetur, adipisicing elit. Aspernatur rem fuga magni officia excepturi sed molestiae reiciendis voluptate quas, nihil minima aperiam! Beatae numquam nobis ipsum quas? Ipsa excepturi placeat recusandae voluptatum, cum molestiae blanditiis provident corporis modi delectus! Odit.
Order
prod-3

Creative Intel RealSense™ camera

Creative Intel RealSense™ camera is used for authentication with 2D and 3D face recognition. This allows for obtaining of highly accurate face image (in IR band as well) and thus for higher authentication Lorem ipsum dolor sit amet consectetur adipisicing elit. Est, eveniet repellat! Quisquam provident et non velit voluptate accusantium repellendus asperiores voluptatem, nemo doloribus ipsam officiis delectus temporibus magni ullam pariatur quia voluptas. Temporibus itaque facere nemo, consequatur praesentium quod pariatur?
Order
prod-4

Fujitsu PalmSecure

Fujitsu PalmSecure technology is a palm vein based authentication solution that utilizes industry-leading vascular pattern biometric technology. The Fujitsu PalmSecure sensor uses near-infrared light to capture Lorem ipsum dolor sit, amet consectetur adipisicing elit. Nam tempore consectetur eveniet eaque, cupiditate, deleniti earum in iusto facilis minima aperiam exercitationem ipsa non dicta perspiciatis et necessitatibus recusandae. Porro quos officiis autem distinctio expedita sapiente corporis corrupti nihil eos.
Order
prod-5

Gemalto eToken PASS

eToken PASS is a compact and portable one-time password (OTP) strong authentication device that allows organizations to conveniently and effectively establish OTP-based secure access to network resources Lorem ipsum dolor sit, amet consectetur adipisicing elit. Laudantium voluptates mollitia animi eaque itaque ea omnis sint molestias assumenda velit eum facere voluptas fugit nobis necessitatibus maiores voluptatibus ex veritatis a, optio laboriosam tempore libero minima! Explicabo ullam aspernatur repellat.
Order
prod-6

HID® OMNIKEY® 5427 CK

The OMNIKEY® 5427CK is available in two product variants. The OMNIKEY® 5427 CK standard reader is the ultimate choice to support a broad variety of low and high frequency credentials such as iCLASS Seos®, iCLASS Lorem ipsum dolor sit amet consectetur adipisicing elit. Ullam qui voluptatum recusandae adipisci numquam ut inventore atque, esse eum quae ratione nemo necessitatibus cupiditate incidunt iusto quos obcaecati voluptate fugiat? Obcaecati autem saepe alias aspernatur aperiam quia fugiat tenetur voluptatibus!
Order
prod-7

HID® OMNIKEY® 6121 Mobile USB

HID Global’s OMNIKEY® product brand, one of the world’s leading manufacturers of innovative smart card readers, has developed a portable USB smart card reader. The OMNIKEY 6121 is a fully functional smart card reader for Lorem ipsum dolor sit amet, consectetur adipisicing elit. Consectetur commodi sed non nemo modi aut ullam laboriosam odio optio, aspernatur ipsam delectus neque nulla laborum blanditiis eligendi minima pariatur cumque exercitationem corrupti voluptatibus, reiciendis magnam labore sequi. Qui, nobis necessitatibus!
Order
prod-8

Gemalto IDBridge CT30

The IDBridge CT30 (formerly the GemPC Twin/TR) USB desktop reader from Gemalto integrates high quality and functionality with a contemporary design. This reader is fully PC/SC and EMV Level 1 compliant and supports all Lorem ipsum dolor sit, amet consectetur adipisicing elit. Rem, eligendi quia deleniti voluptatibus consequuntur, illum incidunt aut saepe omnis, magnam earum! Molestiae voluptate a nemo repellat quod autem fugit, ipsum enim praesentium necessitatibus quis expedita accusamus. Perspiciatis voluptas nisi iure.
Order
prod-9

HID® OMNIKEY® 5025 CL

Designed for ease-of-use, the OMNIKEY® 5025CL reader works with existing low frequency physical access control cards such as HID Prox®, enabling smooth implementation of logical access applications using ID Lorem ipsum dolor sit amet consectetur adipisicing elit. Obcaecati soluta unde, ut suscipit aspernatur sed a tempore similique nesciunt doloribus et dignissimos fuga neque magnam pariatur! Alias eius, nostrum earum ipsa repellat animi nemo praesentium doloribus iure sequi ullam vero?
Order
prod-10

Indoor KIOSK for biometric authentication

This model can be manufactured in stainless steel or painted steel (available in all RAL colours) using steel plate of 1,5 mm to 2,5 mm which ensures the stability and rigidity of the structure. Lorem ipsum dolor sit amet consectetur adipisicing elit. Error similique nobis dolore fuga in libero nulla sed excepturi harum. Ratione harum expedita cumque odio libero repudiandae ad! Et ipsam possimus pariatur quod, ut neque? Minima velit voluptatibus ipsum veniam illum!
Order