aXsGUARD Gatekeeper Single Sign-On Utility (SSO) - Vasco

More documents

Recommendations

Info

aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Concept and Features 2.4 Purpose and Concept The purpose of the aXsGUARD Gatekeeper SSO Authentication Utility is to make Firewall and Web Access authentication transparent to users. Users only have to provide and remember a single set of credentials, for instance their Active Directory user name and password (see the image below). When successfully authenticated, users are granted aXsGUARD Gatekeeper Firewall and Web Access rights. Detailed information about Firewall and Web Access rights is provided in the aXsGUARD Gatekeeper Firewall, Authentication and Web Access How To guides, which can be accessed by clicking on the permanently available Documentation button in the Administrator Tool. The SSO Authentication Utility supports multiple user profiles. A profile contains a user's aXsGUARD Gatekeeper preferences and credentials, e.g. you can create a profile for the office in Boston and one for the office in New York. As explained in section 2.3, the SSO Utility can be configured to automatically adjust the user's Internet browser connection settings (Microsoft Windows only), so that the aXsGUARD Gatekeeper proxy server is used for Internet access. The aXsGUARD Gatekeeper Firewall and Web Access rights of the user are applied automatically and transparently. Image 1: Transparent User Authentication © 2009 - VASCO Data Security 12
aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Concept and Features 2.5 Installation Modes 2.5.1 Domain Mode The SSO Authentication Utility can be installed using the following modes: The Windows Domain Mode: Only applies to Windows clients. The Workgroup Mode: Applies to Windows and Linux clients. The aXsGUARD Gatekeeper SSO Authentication Utility is designed to be integrated with a Microsoft Windows Domain. aXsGUARD Gatekeeper Firewall and Web Access rights are granted based on the provided Windows Domain (AD) credentials. The user is automatically authenticated with the aXsGUARD Gatekeeper after successfully logging on to the Domain. The Windows Domain has to be be listed in the aXsGUARD Gatekeeper's allowed domains (see section 3.2). The Domain Mode can only be used on Windows clients. Note 2.5.2 Workgroup Mode In Domain Mode, the aXsGUARD Gatekeeper user name has to be identical to the Active Directory user name. The aXsGUARD Gatekeeper SSO Authentication Utility can also be used without a Microsoft Domain on Windows and Linux clients. This is referred to as Workgroup Mode. The SSO Utility allows you to create multiple profiles for different users and / or locations. You can set a default user profile, which is automatically activated after logging on to the PC. The Workgroup Mode offers several possibilities: You can store the user credentials in a user profile: The aXsGUARD Gatekeeper user credentials are stored locally on the PC. Enforce Password Authentication: If you company policy prevents you from storing passwords locally, you can leave the password field blank. As a result, the user is required to authenticate after logging on to Windows (see section). Enforce VASCO Digipass Authentication: Rather than using a regular password as explained above, it is much more secure to use a One-Time Password (OTP) generated by a DIGIPASS. For more information about Digipass Authentication, consult the aXsGUARD Gatekeeper Authentication How To, which can be accessed by clicking on the permanently available Documentation button. Caution Do not store the password in a user profile when using Digipass Authentication. © 2009 - VASCO Data Security 13
Page 1 and 2: aXsGUARD Gatekeeper Single Sign-On
Page 11: aXsGUARD Gatekeeper Single Sign-On
Page 47: aXsGUARD Gatekeeper Single Sign-On

aXsGUARD Gatekeeper Single Sign-On Utility (SSO) - Vasco

Create successful ePaper yourself

Delete template?

Save as template?