Hitachi ID Password Manager User Interfaces
Hitachi ID Password Manager supports several user interface mechanisms:
- Transparent password synchronization is initiated from a native
password change on a variety of existing systems, including
Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP,
Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).
- Password Manager can invite users to register and notify users of
events relating to their profiles, by sending e-mails, by
opening a web browser from a network login script or by
sending Windows popup messages to users who have signed into
a domain.
- Users can manage their passwords and authentication profiles
using any web browser (desktop, smart phone, tablet, etc.), using an
HTML web interface. The Password Manager web interface is compatible
with reverse web proxies and can be load balanced across a
replicated Password Manager servers.
-
Users who forget their passwords can dial an IVR system with any
telephone and initiate a password reset. Authentication using either
touch-tone entry of personal secret information or using voice print
verification is supported. Existing IVR systems can be extended
using a Password Manager remote API or Hitachi ID Telephone Password Manager -- a turn-key IVR
system specifically designed for password resets.
- Users who forget their network login password can launch a
kiosk-mode web browser from the desktop login screen. This
can be done using any of several methods:
- A domain secure kiosk account (SKA): is an Active Directory user,
normally called "help", with an easy-to-remember or blank password.
A security policy (GPO) is applied to this user, to launch
a locked down full-screen web browser instead of the usual Windows
desktop. The SKA does not require a client software deployment.
It is supported on any version of Windows.
- A LSKA: is a variant of the domain
SKA, but where the special user is defined on each user's
workstation rather than the domain.
The LSKA has the added capability of launching a temporary
VPN connection, to enable remote users to access self-service
password reset despite being off-site and off-line initially.
- A GINA service: this is a service installed on Windows XP clients,
which adds elements to the login screen.
This includes both an "I forgot my password" button on the
main login dialog and a "Reset password / clear intruder lockout" button
on error dialogs. Note that a GINA DLL is not installed,
but instead the native GINA UI is extended on the fly. This makes
the GINA service a much less dangerous component than GINA DLLs.
A temporary VPN option is available to assist off-site users.
- A credential provider DLL: this is a service installed on
Windows Vista/7/8 clients, which adds elements to the login
screen. This allows users who forgot
their password or triggered an intruder lockout to access self-service password reset.
A temporary VPN option is available to assist off-site users.
- A domain secure kiosk account (SKA): is an Active Directory user,
normally called "help", with an easy-to-remember or blank password.
A security policy (GPO) is applied to this user, to launch
a locked down full-screen web browser instead of the usual Windows
desktop. The SKA does not require a client software deployment.
It is supported on any version of Windows.