The technical FAQ relates to ID>Lock and ID>Pass.
It is gathered in several categories common to both solutions. Certain answers can be partially identical for the two solutions. If you do not find the answer to your question, contact us.
ID>Lock: authentification with 2 factors
Deployment
It offer is it adapted at SME of a few tens of stations?
Completely. ID>Lock is available in 2 versions: Corporate Edition for the companies wishing a high level of administration and Professional Edition for the companies wishing a solution lends to employment without impact on the infrastructure.
How does the deployment occur on several hundreds or thousands from stations?
Just ID>Lock out of standard certain functions which make it possible to simplify the deployment. For example, the administrator can personalize the tokens with a generic code PINE (e.g. 1234). He then sends it to the users: those will be obliged, with the first connection, to change this code PINE and to adopt a personnel of it.
Another function of ID>Lock makes it possible to record automatically the password Windows seized by the user: the administrator is thus not obliged to seize each password Windows for each token: it is the user who does it!
Lastly, the administrator can define a specific setup allowing, for example, to parameterize by defect the behavior of the station on pulling up of the token or to even insert the logo of the company in the software!
Can your solution it be integrated in a hardware or software third (OEM)?
Yes. IDactis carried already out this service and proposes versions OEM of its solutions bound for manufacturers of hardware (biometric sensor, smart cards, etc.) or various editors.
Is your solution it compatible Unix/Linux?
ID>Lock is currently available on platform Windows (installation only of customers).
User side
What does it do without in the event of loss or blocking the token by the user?
Slacken! The user is not entirely blocked since it has the possibility of opening an emergency session with the help of an authentification of the challenge/réponse type near an administrator of security.
The loss of a token requires to know the code PINE: however 3 codes PINE definitively block the token which becomes unusable. Then, for more security, it is enough to invalidate the account of the user on the level of the Windows server or LDAP and to recreate another badge to him.
If the token is blocked, an administrator can free it via specific code PUK to each token. Those thus should be preserved (codes PUK can be different or identical for each token according to your policy of security). Of course, only an authorized person must hold these codes.
What does it occur if a user leaves his station by leaving his token in the station?
First of all, it should be specified that this behavior constitutes a fault: it is thus strongly advised to accompany the deployment by our solutions by a strong sensitizing of the users to the security. The lapse of memory of a token in a station frequently arrives at the beginning of use of our solutions. It is thus necessary to parameterize a deactivation of a few minutes to mitigate this kind of behavior. Indeed, the day before implies a locking of session and a request for code PINE when the station is reactivated.
Which tokens is compatible with your solutions?
A broad variety of token is compatible with ID>Lock. Smart card or key USB of security: the common point is the standard PKCS#11 which makes it possible to interface our solutions and these tokens. The latter can embark certificates according to their size. We support the majority of the token of security of the companies Axalto (eGate, CryptoFlex), Safenet (iKey 2000 and 3000), Alladin (eToken Pro) or Activcard (Activkey).
The token of the Jean user can it unbolt a session locked by the token of Paul?
Nonsafe if you chose this option in the setup. A session locked by a token can be unbolted only by this token.
Is ID>Lock it available in a biometric version?
Yes. A version based on the recognition of the fingerprints is available. ID>Lock Bio functions with various sensors of print, but we particularly recommend the sensor of French company ID3 Semi-conductors: Certis.
http://www.id3semiconductors.com/produits/certis.htm.
How manage you to them wandering?
A token can store several accounts of Windows session. In disconnected mode, the nomads reach their station either with a local account, or with their account network available out of mask: it is you who decide!
What does it occur if one starts in mode without failure (F8)?
The mode without failure can be made inalienable via a specific functionality.
I have stations standardized in free consultation. Can the users they connect themselves from any station of the company with their token?
Yes. Information of connection (to use and password) are stored in the token. The stations must be simply equipped with ID>Lock: they are then accessible by any using laying out of a token (and its code PINE) in which figure the local account of the station and/or the account of the user.
Administrator side
Can an administrator reach with his token the whole of the stations users?
Yes. It is enough to position, on the level of each station, a single account administrator. Then, it is enough to record this account in the token. Of course, this operation is applicable possibly by administrator and user group according to your policy of security.
Modify you to it GINA Microsoft?
Not, our ID-Lock is a surcoûche GINA from Microsoft. Its behavior is thus completely preserved.
ID>Pass: Single Sign One
Deployment
It offer is it adapted at SME of a few tens of stations?
Completely. ID>Pass is available in 2 versions: Corporate Edition for the companies wishing a high level of administration and Professional Edition for the companies wishing a solution lends to employment without impact on the infrastructure.
Can your solution it be integrated in a hardware or software third (OEM)?
Yes. IDactis carried already out this service and proposes versions OEM of its solutions bound for manufacturers of hardware (biometric sensor, smart cards, etc.) or various editors.
Is your solution it compatible Unix/Linux?
ID>Pass is currently available on platform Windows (installation only of customers).
User side
What does it do without in the event of loss or blocking the token by the user?
The user does not have any more access automatically to his applications. However, it can reach it manually if it knows its accounts of login.
The loss of a token requires to know the code PINE: however 3 codes PINE definitively block the token which becomes unusable. Then, for more security, it is enough to invalidate the account of the user on the level of the Windows server, the servers of applications or LDAP and to recreate another badge to him.
If the token is blocked, an administrator can free it via specific code PUK to each token. Those thus should be preserved (codes PUK can be different or identical for each token according to your policy of security). Of course, only an authorized person must hold these codes.
What does it occur if a user leaves his station by leaving his token in the station?
First of all, it should be specified that this behavior constitutes a fault: it is thus strongly advised to accompany the deployment by our solutions by a strong sensitizing of the users to the security. The lapse of memory of a token in a station frequently arrives at the beginning of use of our solutions. It is thus necessary to parameterize a deactivation of a few minutes to mitigate this kind of behavior. Indeed, the day before implies a locking of ID>Pass session (not of Windows) and a request for code PINE when the station is reactivated.
Which tokens is compatible with your solutions?
A broad variety of token is compatible with ID>Lock. Smart card or key USB of security: the common point is the standard PKCS#11 which makes it possible to interface our solutions and these tokens. The latter can embark certificates according to their size. We support the majority of the token of security of the companies Axalto (eGate, CryptoFlex), Safenet (iKey 2000 and 3000), Alladin (eToken Pro) or Activcard (Activkey).
Is ID>Pass it available in a biometric version?
Yes. A version based on the recognition of the fingerprints is available. ID>Pass Bio functions with various sensors of print, but we particularly recommend the sensor of French company ID3 Semi-conductors: Certis.
http://www.id3semiconductors.com/produits/certis.htm.
The token of the Jean user can it unbolt a session locked by the token of Paul?
Nonsafe if you chose this option in the setup. A ID>Pass session locked by a token can be unbolted only by this token.
I have stations standardized in free consultation. Can the users they connect themselves from any station of the company with their token?
Yes. Information of connection (to use and password applicatifs) are stored in the token. The stations must be simply equipped with ID>Pass: the applications are then accessible by any using laying out of a token (and its code PINE) in which figure the rights of the user.
Administrator side
Must one install agents on the servers of applications?
Not. No agent server is to be deployed. The recognition is made according to the windows login. The advantage, in addition to the weak impact on the infrastructure, is the possibility of putting in SSO external applications to the company.
Is ID>Pass it compatible with the emulators?
ID>Pass recognizes out of standard the applications Windows and HTML, is the majority of the applications. With regard to the emulators of the type 3270 or 5250, either they are able to simulate windows Windows and they will be recognized automatically, or we provide you API specific.
IDactis - Copyright All rigths reserved - Legal notice