Open architecture for authentication
Hitachi ID Password Manager (formerly P-Synch) has an open authentication architecture, and can plug into existing password systems, corporate directories, two-factor authentication tokens, PKI certificates and biometric engines.
Users Authenticating for Self-Service
(1)Users may authenticate into Password Manager as follows:
- On the web portal:
- By typing their current password to a trusted system (e.g., Windows/AD, LDAP, RAC/F, etc).
- By answering security questions.
- Using a security token (e.g., SecurID pass-code).
- Using a smart card with PKI certificate.
- Using Windows-integrated authentication.
- Using a SAML assertion issued by another server.
- By typing a PIN that was sent to their mobile phone via SMS.
- Using a combination of these mechanisms.
- Using a telephone, calling an automated IVR system:
- By keying in numeric answers to a series of security questions (e.g., employee number, date of hire, driver's license number).
- By speaking one or more phrases, where the Password Manager server compares the new speech sample to one on record (biometric voice print verification)
- Using a telephone, calling a (human) analyst on the help desk:
- By answering a series of security questions, where the analyst must type the answers into a web portal to authenticate the caller.
Authentication for Support Staff and Administrators
Users sign into the Password Manager web GUI using one of the following methods (which ones are available is a matter of policy):
- By typing their current password to a trusted system (e.g., Windows/AD, LDAP, RAC/F, etc).
- By answering security questions.
- Using a security token (e.g., SecurID pass-code).
- Using a smart card with PKI certificate.
- Using Windows-integrated authentication.
- Using a SAML assertion issued by another server.
- By typing a PIN that was sent to their mobile phone via SMS.
- Using a combination of these mechanisms.
