Users’ identity may reside in many locations. Some users may be in one or more Active Directories, while other users are in LDAP or conventional databases. Some users may be coming from clients and/or partners that have implemented single sign-on using SAML WS-Federation, OpenID or OAuth. IDM 360™ determines which authentication is appropriated for each users and transparently directs them to the appropriate directory source. Your users see a single authentication screen unaware that multiple sources of identity have been consolidated by IDM 360™.
Increasingly, simple password-based authentication is no longer sufficient for today’s secure applications. IDM 360™ provides multi-factor authentication using a variety of mechanisms including one-time PIN, time-based one-time password (TOTP), secret questions, client certificates and CAC cards. Second factor data can be generated and sent to mobile devices or it can be read from the user’s profile (e.g. birth date and month). Time based passwords assure authorization can take place even if mobile phones/devices cannot connect to the network. MFA can be required for entry into one, some or all applications protected by IDM 360™.
Users may have the option of resetting or changing their passwords via self service. This includes resetting passwords via secret questions or email confirmation as well as changing passwords that are about to expire. Users can receive configurable warnings when their passwords are getting ready to expire.
If permitted, users may self-register with IDM 360™. This can be via a registration form or via attributes passed in an assertion/claim from a single sign-on customer/partner. If IDM 360™ has been pre-loaded with customer data, auto-registration can include a verification step to confirm user identity based on profile data.
Users on a Windows domain have the option to authenticate via Integrated Windows Authentication. This mechanism allows users to transparently sign-on using their windows credentials. IDM 360™ extends this capability via single sign-on to allow users to log into both Windows and non-windows applications for a truly seamless experience.
IDM 360™ introduces micro-sites: mini authentication sites that provide a branded experience for customers. Each customer can view a custom login page complete with colors, disclaimers, contact information and logos. Micro-site pages can be hosted in IDM 360™ or they can be delegated to any existing application (e.g. Liferay) for ease of maintenance.
For more details on the product technology visit here.