Technology Platform Support Databases

Database Integration

P-Synch®, a component of Hitachi ID Management Suite®, is enterprise password management software. It reduces the frequency of help desk calls, improves user productivity and strengthens security with password synchronization, self-service password reset, help desk password reset and simplified administration of other authentication factors, such as hardware tokens and biometric samples. P-Synch includes connectors to manage passwords on over 70 types of systems.

Oracle Database Integration

P-Synch can bind to any Oracle Database server (any version) using SQL*Net and issue PLSQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (ALTER USER, UPDATE or invoke a stored procedure).

The P-Synch administrator can specify alternate SQL commands, and so can manage application passwords as well as database connect passwords.

Sybase ASE Database Integration

P-Synch can bind to any Sybase ASE database server (any version) using TDS and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (sp_password, UPDATE or invoke a stored procedure).

The P-Synch administrator can specify alternate SQL commands, and so can manage application passwords as well as database connect passwords.

SQL Server Database Integration

P-Synch can bind to an MSSQL server, running version 7.x, 2000 or later, using its native TDS protocol. Once connected, P-Synch can list users, validate current passwords and administratively reset passwords by issuing SQL commands and/or calling stored procedures (SELECT, SP_PASSWORD, UPDATE, etc.).

Default SQL commands are included to update MSSQL passwords, while P-Synch administrators may specify alternate commands to manage passwords in application tablespaces.

No agent software is installed on the SQL server.

IBM UDB/DB2 Database Integration

P-Synch can bind to any DB2/UDB database server (any version) using the DB2/UDB client software and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (UPDATE or stored procedure).

The P-Synch administrator can specify alternate SQL commands, and so can manage application passwords as well as database connect passwords.

Storing P-Synch user profile data in an external database

P-Synch normally stores Q-A (Question-and-Answer) data, used to authenticate users who forget their passwords, in its internal identity cache. The questions and answers are encrypted using 128-bit AES using a secret key. Alternatively, P-Synch can be tied to an external repository (e.g., LDAP, AD, Oracle, etc.) where it reads and writes Q-A (Question-and-Answer) data and login ID profiles.

P-Synch includes batch data loading programs (e.g., to load user profiles, Q-A (Question-and-Answer) data, login ID aliases) and data extraction programs (e.g., to dump the contents of any table as a CSV file).

P-Synch also includes a number of plug-in points that allow it to look up user profile data in an external database or directory at run-time, as required. These are used to externalize user profile data -- for example, to an LDAP directory, to Active Directory or to an database.

Finally, P-Synch includes a number of plug-in points that allow it to update user profile data, such as user attributes, login ID reconciliation or Q-A (Question-and-Answer) information, on an external directory or database, at run-time. Such updates are normally the result of user registration processes.

Putting this flexibility together, an example deployment might authenticate users signing into P-Synch using their LDAP login ID and password and store user profile data, such as a list of login IDs to various systems and personal Q-A (Question-and-Answer) data, in the same or another LDAP directory.

© Hitachi ID Systems, Inc. 2008. All rights reserved.