FAQs

5.0

1

Frequently asked questions

Password Management & Password Synchronization

What LDAP’s does Password Express support?

How does Password Express capture passwords that are changed directly on Active Directory? E.g.End-user could directly change Windows password using “Alt-Ctrl-Del” mechanism or Admincould use Active Directory admin console to directly change/reset users password?

Can Password Express capture passwords that are changed directly on target applications besides Active Directory?

How does Password Express synchronize passwords across multiple systems, applications, and cloud-based services?

Can Password Express synchronize passwords for user accounts that don’t exist on Active Directory?

Can Password Express sync passwords if the username naming conventions on Active Directoryand target applications are different?

Can we make password synchronization connector to custom or homegrown applications?

Typically how long does it take to develop a password synchronization connector and what skill-set is needed?

What different channels are available to end users for password self-service options?

How password complexity that is different across different applications is handled?

How password history requirements that is different across different applications is handled?

How password expiry period requirements that is different across different applications is handled?

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

1

2

Frequently asked questions

Administration

Enterprise Integration

How long does it take to deploy Password Express?

If an end-user has to call into the Service Desk to access their account,can password securitybecome promised?

What kinds of report are available from Password Express from compliance perspective?

Does Password Express have any graphical dashboard that summarizes the password related activities in an enterprise?

How many target systems can Password Express connect for password synchronization?

I have an existing IAM solution but it’s integrated to few applications where it does password synchronization. Can Password Express extend password synchronization to other applicationsnot integrated with IAM solution?

I have a lot of different systems and applications within myt echnology infrastructure. Can Password Express be integrated into the maswell?

Will Password Express integrate with my existing Service Desk ticketing system?

Does Password Express support multi-factor authentication?

Does Password Express store user’s password in its database?

What encryption algorith ms does Password Express use?

What data-center based certifications are offered by ILANTUS when Password Express is made available on cloud in SaaS mode?

1.

2.

3.

4.

5.

1.

2.

3.

1.

2.

3.

4.

2

3

Security4

QUESTION:What LDAP’s does Password Express support?ANSWER:Password Express supports all versions of Microsoft LDAP – Active Directory 2003, Active Directory 2008, Active Directory 2012, ADAM and Active Directory LDS

QUESTION:How does Password Express capture passwords that are changed directly on Active Directory? E.g. End-user could directly change Windows password using “Alt-Ctrl-Del” mechanism or Admin could use Active Directory admin console to directly change/reset users password?ANSWER:Password Express employs reverse synchronization capabilities.Password Expressreverse sync agent sits a top your Active Directory, andwhen changes are made to the Active Directory passwords, they are pushed to Password Express which then integrates the changes with targeted systems and applications based on role - based authorization definitions.Password synchronization can include targeted systems, applications, and cloud-based services that reside outside the scope of your current IAM solution.

3

Password Management & Password Synchronization1

QUESTION:Can Password Express capture passwords that are changed directly on target applications besides Active Directory? ANSWER:No, Password Express can capture passwords from Active Directory only and not from other target applications (please see previous FAQ also).

QUESTION:How does Password Express synchronize passwordsacross multiplesystems, applications, and cloud-based services?ANSWER:Password Express has an engine based out of an Enterprise Service Bus (ESB). Using this ESB, Password Express does pass word synchronization across all connected target systems.

1.

2.

3.

4.

Questions & Answers

4

QUESTION:Can Password Express synchronize passwords for user accounts that don’t exist on Active Directory? ANSWER:Password Express uses Active Directory as authentication source and synchronizes user’s Active Directory password to all other accounts of the user on configured target applications. Hence it’s mandatory that the user account should be present on Active Directory for password synchronization and for password management activities based out of Password Express.

QUESTION:Can Password Express sync passwords if the username naming conventions on Active Directory and target applications are different?ANSWER:Yes, Password Express provides several features and capabilities to sync passwords even when users have different usernames on Active Directory and other target applications. Eg. John’s username on Active Directory is john.doe and John’s username on e-Business Suite is jdoe. In this case Password Express can still synchronize password for John.

QUESTION:Can we make password synchronization connector to custom or homegrown applications? ANSWER:Yes, Password Express comes along with a simple SDK using which Password synchronization connectors could be easily developed.

QUESTION:Typically how long does it take to develop a password synchronization connector and what skill-set is needed?ANSWER:Typically it takes couple of days to develop password sync connector. There are only 3 API’s needed for this connector and anyone with basic Core Java skill-set could develop this connector.

5.

6.

7.

8.

Questions & Answers

5

QUESTION:What different channels are available to end users for password self-service options?ANSWER:Users will have the ability to reset theirpasswordsor unlocktheiraccounts fromanywhere, at any time, using any Web-enabled pcor mobile device (tablet, smart phone).In a matter of minutes(nolongerhours), users can reset pass word so run lock access right from their log-onscreens (Windows XP, Vista, Windows 7/8).Password Express uses a GINA-based agent for X Panda credential provider-based agenton Vista and Windows 7/8.The user interface is built using the latest Web 2.0 technologies (Bootstrap and HTML5.0) to ensure smooth and seamless access from any smart-phone and tablets.

9.

10. QUESTION:How password complexity that is different across different applications is handled?ANSWER:We could achieve this by defining an enterprise password complexity policy that’s the least common denominator of various password complexities defined in different applications.For example, if complexity rules in Application A and Application B set as,Complexity rules on Application A: - At least two upper case - Starts with alphabet - Min. 7 charactersComplexity rules on Application B: - Atleast one upper case - Starts with alphabet - Min. 9 characters - Two special characters - Atleast one lowercaseComplexity rules we should define on Password Express policy to support above defined complexity rules - Atleast two upper case - Starts with alphabet - Min. 9 characters - Two special characters - Atleast one lowercase

Questions & Answers

QUESTION:How password expiry period requirements that is different across different applications is handled?ANSWER:We could achieve this by defining an enterprise password expiry policy that’s the least common denominator of various password expiry polices defined in different applications.. For example, if the password expiry days in Application A and Application B set as,

Password expiry days in Application A: Min. password age is 2 Max. password age is 45

Password expiry days in Application B: Min. password age is 1 Max. password age is 60

Password expiry days we should set on Password Express policy Min. password age is 2 Max. password age is 45

6

11. QUESTION:How password history requirements that is different across different applications is handled?ANSWER:We could achieve this by defining an enterprise password history policy that’s the least common denominator of various password history polices defined in different applications. For example, if the history requirement in Application A and Application B set as,

History requirement for Application A Remember four old password usedHistory requirement for Application B Remember 10 old password usedHistory requirement we should set on Password Express policy

Questions & Answers

12.

Administration2

QUESTION:How long does it take to deploy Password Express?ANSWER:Password Express has an automated installer using which in 4-clicks the tool gets installed in few mins only. And because of its user-friendly attributes, users require no training; adoption if fast. And becauseof intuitive administrative wizards,system administrators can master the solution in no time.

QUESTION:If an end-user has to call in to the Service Desk to access their account,can password security be compromised?ANSWER:Not at all.In those extenuating circumstances where an end-user has to call the Service Desk, an intuitive administrative interface with a wizard-driven dash board enables Service Desk personnel to confidently and securely verifya user’s identity prior to resetting a password or unlocking an account.

QUESTION:What kindsof report are available from PasswordExpress from compliance perspective?ANSWER:Each event on PasswordExpress tool is audited. There are several kinds of report available on the tool such as total password resets by end users,total password resets byhelp desks, total password changes by end users, total unlock accounts by end users and several more.

1.

2.

3.

7

QUESTION:Does Password Express have any graphical dashboard that summarizes the password relatedactivities in an enterprise?ANSWER:Yes, PasswordExpress has strong graphical dashboard for Administrators and Compliance officers that shows in an easy way how password management activities are happening within an enterprise.by end users, total unlock accounts by end users and several more.

4.

Questions & Answers

8

QUESTION:How many target systems can PasswordExpress connect for password synchronization?ANSWER:PasswordExpress has connectors to various popular target applications, platforms on both Enterpriseand Cloud. Please contact us for specific information.

5.

Enterprise Integrations3 QUESTION:I have an existing IAM solution butit’s integrated to few applications where it does password synchronization. CanPasswordExpressextend password synchronization to other applications not integrated with IAM solution?ANSWER:Yes.Password Expresshas been designed to seamlesslyintegrate with popular IAM solutions from IBM/Oracle/NetIQ/CA and complement the same. Password Express provides password synchronization for targeted systems and applications that reside outside the scope of your current IAM solution.

QUESTION:I have a lot of different systems and applications within my technology infrastructure. Can Password Express be integrated into them as well?ANSWER:Absolutely.Password Expresshas been crafted on open-architecture(ESB), which means it is OEM- ready,and can be integrated within-house ERPs (SAP,Oracle);systems like Linux and Windows; Active Directory and most other LDAPs; and count lesson-premise applications

1.

2.

3. QUESTION:Will Password Express integrate with my existing Service Desk ticketing system?ANSWER:Yes.This seamless integration with most ServiceDesk ticketing systems means all password management - related ticketing activities are automated and can be subsequently audited.

Questions & Answers

9

QUESTION:Does Password Express support multi-factor authentication?ANSWER:Yes, Password Express has built in support for multiple multi-factor authentication schemes such as SMS based one-time-passcode (OTP) and smart phone (iOS, Android, Blackberry and Windows OS are supported) based soft-token generator built on HMAC-SHA1 algorithm.With multi-factor, the 2ndstepverificationaddsanextralayer of security for Password Express solution by requiringuserstoenteraverificationcode sent on a mobile device that they own. In addition, Password Express has an SDK using which it could be integrated with 3rd party multi-factor solutions from RSA, Entrust etc

QUESTION:Does PasswordExpress store user’s password in its database?ANSWER:No, PasswordExpress doesn’t store user’s password persistently in its database. User’s password is picked up dynamically during change/reset password operation and in encrypted fashion this password is synchronized to all target applications.

Security4 1.

2.

QUESTION:What encryption algorithms does Password Express use?ANSWER:All sensitive user information such as challenge response answers is encrypted using AES symmetric-key block cipher with 256 bit key.

QUESTION:What data-center based certifications are offered by ILANTUS when Password Express is made available on cloudin SaaS mode?ANSWER:ILANTUS hosts the solution ata data-center whichhas the following accreditations:1. GartnerMagicQuadrant Leader inHosting/IaaS solutions2. Accreditedwith SSAE 16/ ISAE 3402 Certified Type II SOC and Safe Harborcertified3. Strict hardware/network/software SLA’s

3.

4.

Questions & Answers

This document contains con�dential information and is solely meant for internal circulation. If you are not the named addressee you should not disseminate, distribute or copy the data.

ILANTUS is a pioneer in identity and access management for more than a decade in the industry delivering the most comprehensive identity solutions through its uniqueIdentity Lifecycle Management Solution (ILMS) approach. The ILMS solutions is built on a unique framework that enables components from multiple vendors of your choice to be intergrated into a unified solutions, delivered in cloud or on-premise, and managed by you or ILANTUS.All major Identity & Access Management components-Identity & Access Governance, UserAdministration & Provisioning and Identity & Access Intelligence are incorporated in the ILMS framework.

Gartner,Inc. Cool Vendors in India, 2012 written by analysts Asheesh Raina, Arup Roy,Biswajeet Mahapatra, Ansul Gupta and published 19 April 2012. Gratner does not endose any vendor, product or service depicted in its research publication, and does not advise technology users to select only those vendors with the highest ratings. Gartner researchpublications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.