Hitachi ID Password Manager offers a unique set of technologies, collectively referred to as Self-Service, Anywhere™. Using these technologies, users can resolve problems with their passwords, smart cards, tokens or full disk encryption software both at the office and mobile, from any endpoint device.
Self-service, anywhere™ automates problem resolution in a number of technically challenging and business-critical scenarios:
Mobile users warned of password expiry
|
Problem
|
Solution
|
Business impact |
|---|---|---|
|
Mobile users are not notified by Windows when their passwords
are about to expire. Users who infrequently connect their laptop
to the office network, instead checking e-mail with a solution such
as Outlook Web Access, suffer regular password expiry and require
frequent password resets.
|
Hitachi ID Password Manager sends users e-mails warning of imminent password expiry.
Users change passwords using a web browser. An ActiveX control
refreshes the password on their laptop.
|
Fewer login problems that cause a work interruption. Lower IT call volume and support cost. |
Reset forgotten, cached password while away from the office
|
Problem
|
Solution
|
Business impact |
|---|---|---|
|
Laptop users sometimes change their password before leaving the office
and may forget the new password when they need to use it while not
attached to the corporate network. Without a technical solution,
the IT help desk cannot resolve these users' problem until they return
to the office. User laptops are rendered inoperable until they
return to the office.
|
A Password Manager client software component allows users who forgot their
primary, cached Windows password and cannot sign into their PC
to connect to the Internet over a WiFi hotspot or using an air-card.
Users locked out out of their PC login screen can also establish a temporary Internet connection
using their home Internet connection or a hotel Ethernet service.
Once the user's laptop is on the Internet, Password Manager establishes
a temporary VPN connection and launches a kiosk-mode (full screen, locked
down) web browser. The user steps through a self-service password
reset process and Password Manager uses an ActiveX component to reset
the locally cached password to the same new value as was set on the
network back at the office.
|
Forgotten passwords are a major work disruption for mobile users, since they cannot be resolved until the user visits the office. Password Manager allows users to re-enable their laptop in minutes. |
Unlock encrypted hard disk
|
Problem
|
Solution
|
Business impact |
|---|---|---|
|
Many organizations deploy full disk encryption software
to user PCs. This helps prevent data compromise in the event that
a laptop is lost or stolen.
Full disk encryption software is often configured to prompt the user to type a password before the OS boots up -- a very secure configuration. This password is often synchronized with the user's AD password. Unfortunately, when users forget their pre-boot password, the unlock process can be quite tedious, as it requires that the user calls the help desk, authenticate themselves and then exchange cryptographic challenge and response codes with the technician on the phone. These can be frustrating and costly IT support calls.
|
Most FDE packages include a key recovery process at the PC boot
prompt. This normally involves a challenge/response process between
the FDE software, the user, an IT support analyst and a key recovery
server. Password Manager can front-end this process using an integrated
telephony option, so that users can perform key recovery 24x7,
from any location, using their telephone and without
talking to a human help desk technician.
|
Key recovery is an essential IT support service for organizations that have deployed FDE. Password Manager lowers the IT support cost of key recovery by moving the process to a self-service model. |
Smart card pin reset
|
Problem
|
Solution
|
Business impact |
|---|---|---|
|
Organizations deploy smart cards to strengthen their authentication
processes. Users typically sign into their PC by inserting their
smart card into a reader and typing a PIN. If users forget their
PIN or leave their smart card at home, they cannot sign into their
PC. PIN reset is a complex support process since the new PIN has
to be physically installed on the user's smart card. This means
that IT support may trigger a physical visit to the help desk.
|
Password Manager allows users to access a self-service web portal from
anywhere, including from the locked out login screen of their
laptop, even away from the office (even using WiFi, as described earlier).
Once a user signs into the self-service portal, Password Manager can
download an ActiveX component to the user's web browser, to communicate
with the smart card and reset the forgotten PIN.
Password Manager can also be used to assign a user a temporary login
password (often a very long and random one) to be used in the event
that a user left his smart card at home.
|
While forgotten PINs are infrequent -- PINs are not usually set to expire -- when they do happen, they are extremely disruptive. Assigning temporary passwords is just as important for users who left their smart card at home, which happens quite often. |
Watch a Movie
Self Service Anywhere™
Content:
- A user forgot his primary Windows login password.
- The user is away from the office and the corporate AD password is cached locally.
- The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.
Key concepts:
- Users are increasingly mobile.
- Mobile users sign into their corporate laptops with cached domain credentials.
- If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
- Using Self-Service, Anywhere, Password Manager allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
- Without this technology, a remote user who forgot his password cannot user his PC until he returns -- a major business interruption.