Technology User Interfaces

Password Management User Interfaces

P-Synch® supports several access channels:

• Transparent password synchronization is initiated from a native password change on a variety of existing systems, including Windows NT, Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP, Oracle Internet Directory, Unix (various), OS/390 and OS/400 .

• P-Synch can prompt users to register and notify users of events relating to their profiles, by sending e-mails, by opening a web browser from a network login script or by sending Windows popup messages to users who have signed into a domain.

• Users can manage their passwords and authentication profiles using any web browser (desktop, PDA, cell phone), with a pure HTML web interface. The P-Synch web interface is compatible with all reverse web proxies and can be load balanced across a cluster of self-replicating P-Synch servers.

• Users who forgot their passwords can dial an IVR (interactive voice response) system with any telephone and initiate a password reset. Authentication using either touch-tone entry of personal secret information or using voice print verification is supported. Existing IVR (interactive voice response) systems can be extended using a P-Synch remote API (application programming interface), or ID-Telephony® -- a turn-key IVR (interactive voice response) system specifically designed for password resets -- can be acquired from Hitachi ID.

• Users who forgot their network login passwords can launch a kiosk-mode web browser from the desktop login screen. This can be done using one of two methods:
  • A global SKA (secure kiosk account): is domain-wide account, normally called "help", with an easy-to-remember or blank password, that uses a security policy to launch a locked down full-screen web browser instead of the Windows desktop. SKA (secure kiosk account) does not require a client software deployment. It is supported on any Windows or Unix workstation.

  • An LSKA (local, secure kiosk account): is a variant of the global SKA (secure kiosk account) that exists on a user's workstation rather than a domain. The LSKA (local, secure kiosk account) establishes a temporary network connection, launches a locked-down web browser and allows the user to authenticate and issue a password reset that applies to both local and network passwords. The LSKA (local, secure kiosk account) method does require a desktop component, including an ActiveX DLL.

  • A GINA (Graphical Identification and Authentication library) DLL: pushed out to all Windows desktops, which introduces a password reset button to the login screen. The GINA (Graphical Identification and Authentication library) DLL method does require a desktop component and is supported on Windows NT and later client operating systems.

© Hitachi ID Systems, Inc. 2008. All rights reserved.