Skip to main content

Open Architecture for Authentication

Hitachi ID Password Manager has an open authentication architecture, and can plug into existing password systems, corporate directories, two-factor authentication tokens, PKI certificates and biometric engines.

Users Authenticating for Self-Service

Users may authenticate into Password Manager as follows:

  • On the web portal:
    • By typing their current password to a trusted system (e.g., Windows/AD, LDAP, RAC/F, etc).
    • By answering security questions.
    • Using a security token (e.g., SecurID pass-code).
    • Using a smart card with PKI certificate.
    • Using Windows-integrated authentication.
    • Using a SAML or OAuth assertion issued by another server.
    • By typing a PIN that was sent to their mobile phone via SMS.

  • Using a telephone, calling an automated IVR system:
    • By keying in numeric answers to a series of security questions (e.g., employee number, date of hire, driver's license number).
    • By speaking one or more phrases, where the Password Manager server compares the new speech sample to one on record (biometric voice print verification)

  • Using a telephone, calling an IT support technician:
    • By answering a series of security questions, where the technician must type the answers into a web portal to authenticate the caller.

Authentication for Support Staff and Administrators

Users sign into the Password Manager web portal using any combination of the following methods (which sequences are available is a matter of policy, based on user context):

  • By typing their current password to a trusted system (e.g., Windows/AD, LDAP, RAC/F, etc).
  • By answering security questions.
  • Using a security token (e.g., SecurID pass-code).
  • Using a smart card with PKI certificate.
  • Using Windows-integrated authentication.
  • Using a SAML or OAuth assertion issued by another server.
  • By typing a PIN that was sent to their mobile phone via SMS.

Read More:

  • Open Architecture for Authentication:
    Password Manager can integrate with any authentication system and mechanism.
  • E-mail:
    Use of E-mail to prompt users to register and notify users of events relating to their Password Manager profiles.
  • Help Desk:
    Password Manager can automatically create, update and close tickets in a help desk application in response to over 100 events and alarms.
  • Web Portal:
    Password Manager can integrate with both support-centric and general-purpose web portals, to offer a seamless user experience.
  • Telephony:
    Password Manager allows users to reset their own passwords and PINs and to recover encryption keys using a telephone, through interactive voice response (IVR) integration.
page top page top