Download - Context Based Authentication
![Page 1: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/1.jpg)
Contextual Authentication:
Highlighting the Multi-factor Authentication Layer of the PortalGuard Platform
A Multi-factor Approach
Understanding PortalGuard’s
![Page 2: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/2.jpg)
• Define PortalGuard
• Understand the barriers to increasing security
• Discover PortalGuard’s Contextual Authentication (CBA)
• See the Step-by-step Authentication Process
• Know the Technical Requirements
By the end of this tutorial you will be able to…
![Page 3: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/3.jpg)
The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a
balance between security, auditing and compliance for your web, desktop and mobile applications.
• Single Sign-on
• Password Management
• Password Synchronization
• Self-service Password Reset
• Knowledge-based
• Two-factor Authentication
• Contextual Authentication
• Real-time Reports/Alerts
Usability Security
![Page 4: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/4.jpg)
Before going into the details…
• Configurable by user, group or application
• Stop making assumptions about who is accessing your applications
• Gain insight into user access scenarios
• Adjust the authentication method dynamically with every access request
• Cost effective and competitively priced
• Tailored Authentication for an exact fit
![Page 5: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/5.jpg)
Remote Access
Security vs. Usability
=
![Page 6: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/6.jpg)
• Not able to adapt to different access scenarios
Two-factor Authentication for All Users = No Flexibility
• Requires dedicated IT resources and hardware
• High total cost of ownership
• Increased Help Desk calls due to user frustrations
Although desirable for security the barriers are overwhelming…
![Page 7: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/7.jpg)
Two-factor Authentication for All Users = No Flexibility
Is there a midpoint between passwords and two-factor authentication?
![Page 8: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/8.jpg)
Contextual Authentication is the Midpoint.
Apply the appropriate authentication level…
• Location
• Time
• Device
• Network
• Application
Password-based
Multi-factor
Password-based
![Page 9: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/9.jpg)
• Cost effective
• Flexible
• Five authentication methods: Single Sign-on
Knowledge-based
Contextual Authentication (CBA)
Password-based
Two-factor Authentication
• Two-factor authentication options – soft tokens
• SAML single sign-on
• Real-time activity alerts
• Notifications & Reporting
![Page 10: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/10.jpg)
![Page 11: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/11.jpg)
• Increased security – without impacting the user experience
• Increase usability for authorized users while creating barriers for unauthorized users
• Flexibility - configurable to the user, group or application levels
• Lower total cost of ownership than hard token two-factor authentication alternatives
• Reduce threats using a proactive approach
• Gather Insight – analyze contextual data reports
![Page 12: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/12.jpg)
Authentication Method:
• Single sign-on: username and password (single password for multiple systems)
• Password-based: username and password • Knowledge-based: username, password and challenge question • One-time Password (OTP): username and OTP • Multi-factor: username, password and OTP or contextual data
![Page 13: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/13.jpg)
Credibility Policy:
A numeric value that is used to determine the appropriate authentication method based on a set of ranges.
A configurable policy based on categories and identifiers to which you can assign a score.
Credibility Score:
![Page 14: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/14.jpg)
Weight:
An optional percentage for each category that adjusts the category’s impact on the credibility score versus other categories.
Application Realms:
Identifies an application and assigns a weight to that application that adjusts the overall credibility score.
![Page 15: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/15.jpg)
HOW IT WORKS
![Page 16: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/16.jpg)
Analysis Mode:
Recommended for a 60-90 day period to establish a baseline for the environment.
![Page 17: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/17.jpg)
Client-side Browser Add-on:
Optional to collect users contextual data and can be installed silently using a standard MSI.
![Page 18: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/18.jpg)
Step 2:
The user begins the login process by entering their username and clicking “Continue”.
Step 3:
• Gross score for each category • Any category weight impact to the
score • Net score from the policy and weights • Modification due to sensitivity of
requested application
The PortalGuard server identifies the user’s credibility policy and computes the following:
![Page 19: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/19.jpg)
Contextual data is sent from the client-side browser add-on to the PortalGuard server. The PortalGuard server looks up the appropriate authentication method using the final credibility score and previously set ranges.
Step 4:
PortalGuard enforced the appropriate authentication method for the user’s current access attempt. The user provides the required credentials to successfully complete their access request and login.
![Page 20: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/20.jpg)
Configurable through the PortalGuard Configuration Utility:
• Enable or Disable CBA • Assign users or groups to individual credibility policies • Credibility Policy:
• Client Type • Use Category Weighting • Enforce Application Realms • Display Scoring UI • Categories • Weight • Identifiers • Credibility Score
![Page 21: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/21.jpg)
Configurable through the PortalGuard Configuration Utility:
• Default Ranges: • Start and End Scores • Authentication Types • Alert On or Off
![Page 22: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/22.jpg)
Configurable through the PortalGuard Configuration Utility:
• Application Realms
![Page 23: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/23.jpg)
TECHNICAL REQUIREMENTS
![Page 24: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/24.jpg)
A MSI is used to install PortalGuard on IIS 6 or 7.x.
This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only.
• IBM WebSphere/WebSphere Portal v5.1 or higher • Microsoft IIS 6.0 or higher • Microsoft Windows SharePoint Services 3.0 or higher • Microsoft Office SharePoint Server 2007 or later
• .NET 2.0 framework or later must be installed • (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 (32 or 64-bit) • Microsoft Windows Server 2008 (32 or 64-bit) • Microsoft Windows Server 2008 R2
![Page 25: Context Based Authentication](https://reader034.vdocuments.us/reader034/viewer/2022042515/54b8de9c4a7959a61e8b4597/html5/thumbnails/25.jpg)
THANK YOU For more information visit PortalGuard.com or Contact Us