skip navigation
Chat Now
Chat Now
 


Whitepapers
Whitepapers
Read Now: A More Secure Front Door-- ESSO and Strong Authentication



Case Studies
Case Studies
Parkview Adventist Medical Center Clinicians Get Security at Their Fingertips



Custom Widgets
OneSign Authentication Managment Flash Demo
» View Now



Join Us In the Social Media World
Facebook > Become a fan on Facebook
Twitter > Follow us on Twitter
LinkedIn > Become a OneSign User Group Member





Products:

Strong Authentication

Imprivata OneSign supports major forms of authentication out of the box — without any custom integration with device vendors. Administrators decide which users should have which modes of authentication, and whether they should upgrade their authentication options over time. Initially, administrators might choose to roll out passwords and eventually add stronger forms of authentication such as biometrics or proximity cards. Authentication options are set by the OneSign user security policy and applied to users based on existing directory group memberships, or globally, or individually. Prior to authentication use, OneSign users need to enroll each token, smart card, or proximity card.

One-Time Password (OTP) Tokens

OneSign delivers support for VASCO DIGIPASS tokens out-of-the-box and embeds VASCO’s VACMAN middleware within the OneSign appliance. There is no separate token management server to purchase or maintain, saving cost and removing complexity. Additionally, sites that have deployed Secure Computing SafeWord or RSA Security SecurID strong authentication tokens can leverage these existing investments. OneSign includes built-in RADIUS integration to Secure Computing’s Premier Access and Remote Access Servers and RSA’s Authentication Manager for desktop authentication. OneSign can provide a truly seamless single-step desktop login using two-factor one-time passcodes for login to any SSO-enabled client/server, web, or legacy application from any OneSign-enabled desktop.

Finger Biometric Authentication

Imprivata OneSign embeds a set of secure, high performing finger biometric capabilities within the OneSign appliance – at no added cost beyond the fingerprint readers. With finger biometric authentication, fingerprint matching confirms that a user is who s/he says s/he is.

Finger Biometric Identification (Optional Module)

OneSign optionally supports finger biometric identification. This differs from standard authentication in one critical way. With finger biometric identification, the matching algorithm establishes the user’s identity from the database of all enrolled users without need for the user to enter a username…no typing is needed

Finger Biometric Support with the ThinkPad T42, Dell D Series, Others

OneSign supports the ThinkPad that includes the UPEK finger biometric swipe reader to execute a Windows login. Users enroll and authenticate locally and then can use any UPEK-enabled PC to authenticate with just a swipe of their finger.

Active Proximity Cards

OneSign natively supports Xyloc proximity cards from Ensure Technologies. Xyloc is an active RF product that allows users to identify themselves merely by approaching a proximity-enabled PC. OneSign automatically locks the PC when the user departs. This feature is natively supported and requires no additional software or server to operate, saving costs and removing complexity. Xyloc cards will interoperate with the OneSign single-user agent or the shared workstation agent options.

Passive Proximity Cards

OneSign customers can take advantage of pre-existing, low-cost passive facility access cards as a familiar, easy authentication option without re-issuing cards to users. OneSign supports integration for the proximity physical access cards from HID and Motorola/Indala. No OneSign-to-access-card-panel interface is required. Mapping of the existing card to a OneSign user identity is automated via the pcProx-USB card reader from RFIdeas, Inc. Access card mode may be combined with password or finger biometrics to provide strong, two-factor authentication, if desired.

Smart Card/USB Tokens

OneSign supports the use of x.509 v3 digital certificates for Windows login in MS Active Directory environments. A smart card authentication grants the user network access and an SSO session in a single step. OneSign is fully compatible with MS Active Directory certificate services and can use any smart card or USB token that contains a MS-compatible login certificate and compatible CSP middleware for MS Active Directory environments using Windows 2000 or XP professional desktops. Smart cards that comply with the U.S. Department of Defense (DOD) Common Access Card standard are also supported for use in MS Active Directory desktop authentication and SSO in a single step.

Kerberos Authentication for MS Active Directory Passwords

OneSign supports the choice between native username/password authentication with or without Kerberos for MS Active Directory environments. Kerberos mode offers enhanced authentication speed and additional encryption for password users in OneSign.

© 2010 Imprivata, Inc. all rights reserved | Sitemap

Identity Access Management

Imprivata OneSign is an identity and access management platform that offers single sign on active directory. OneSign allows for two factor authentication including biometric authentication, proximity cards, smart cards, many national and government ID cards, One-Time-Password tokens. OneSign also offers a self service password reset feature that reduces password reset calls to the help desk.

Imprivata OneSign also offers password policy management utilizing active directory single sign on (also referred to as active directory SSO), through its identity management solution which improves password security. Imprivata One Sign is a comprehensive and robust identity access management solution.