This document outlines how Hitachi ID Password Manager can be integrated with an Interactive Voice Response (IVR) system, to enable:
- Self-service password reset from a telephone.
- Self-service token management from a telephone.
- Active enrollment of biometric voice print sample registration.
- Functional integration describes the business processes that a Password Manager / IVR integration can expose.
- Usability and internal marketing outlines the usability concerns that a Password Manager / IVR integration should address, and how the solution should be marketed to its intended users.
- User identification options describes options for uniquely identifying users when they sign into an IVR system.
- Authentication options describes options for verifying user identity prior to making sensitive functions available.
- Example processes illustrates the user view of some possible system configurations.
- Implementation options outlines the various options organizations have for sourcing the technology required to expose Password Manager functions to a telephony channel.
- Integration mechanisms outlines the detailed technical mechanisms exposed by Password Manager to enable IVR integration.
There are three basic sets of desirable functionality that may motivate an integration between Password Manager and an IVR system:
- Self-service password reset and password synchronization
- Self-service token management
- Biometric voice print registration
Self-service password reset
Allowing users who have experienced a password problem to access self-service from a telephone, and resolve their own problem, is advantageous for several reasons:
- It allows users who forgot their initial network login password
to resolve their own problem without any special measure to
make this available from the workstation login prompt.
- It allows users who forgot their remote access (RAS or VPN)
password to access self-service problem resolution without
first connecting to the network.
- It encourages the use of self-service password reset in organizations where users are accustomed to getting service primarily with a telephone.
Since user authentication, password generation and password resets are all processed by the Password Manager server, the telephone password reset automatically benefits from Password Manager's auto-discovery process, user profiles, password policy engine, e-mail integration and call tracking system integration.
Self-service token management
Users who sign into the network, or a remote access service, using a hardware token (most likely an RSA SecurID token) may experience problems and require service.
Possible SecurID token problems include users forgetting their PINs, losing their tokens, or users whose token clocks have drifted significantly away from the time reference on the ACE server.
These users may require service before accessing the network, so a telephony solution is desirable.
Biometric voice print registration
Organizations deploying a biometric voice print verification technology in their IVR infrastructure must acquire voice samples from the entire user population. Each voice print must be securely mapped to the particular user's user IDs in order to allow secure password reset.
Password Manager can facilitate an automated, reliable, secure and effective process to prompt users to register, authenticate users prior to registration, map users voice prints to their system IDs, and enable the IVR system to securely capture their voice prints.