ActivIdentity

Solutions Home | Industry Solutions | Technology Solutions | Partner Solutions
Partner Solutions
Company
Investor Relations
Solutions
Products
Services
Partners
Newsroom
How to Buy
Contact



Register for the
ActivIdentity
newsletter here






ActivCard has changed its name to ActivIdentity. Stockholders approved the name change at the annual meeting in February 2006

 

4TRESS Kerberos Agent for Microsoft Internet Information Services

4TRESS™ Kerberos Agent for Microsoft® Internet Information Services (IIS) is an optional agent for 4TRESS™ AAA Server that protects Web resources running on Microsoft IIS Web servers, using secure One-Time Password (OTP) synchronous authentication. The Agent removes the need for end users to provide their Windows password in addition to the username / OTP combination.

4TRESS Kerberos Agent for Microsoft IIS supports two deployment scenarios:

  • Protection of Microsoft Outlook Web Access (in front-end or back-end mode)
  • Protection of static Web pages deployed locally on IIS

The Agent is a key delivery point in ActivIdentity’s overall strategy to enhance security, reduce cost and improve usability by reducing an organization’s dependency on static passwords.

Key Features

  • Compatible with 4TRESS AAA Server 6.x.
  • Minimal installation of a Logon Service and an ISAPI filter to the IIS server provides event notifications and Outlook Web Access authentication.
  • Configurable communication to the 4TRESS AAA server – for master and back-up servers.
  • Select which website and virtual directory corresponding to the resources you want to protect.
  • Advanced diagnostic tool to simplify trouble-shooting.
  • Strong one-time password authentication for any website running on IIS and for access to Microsoft Outlook Web Access.

Benefits

Enhanced security

Remote access to email via Microsoft Outlook Web Access often involves shared or borrowed laptops and workstations outside the regulated corporate infrastructure. A login process that requires a users to enter their Windows password is vulnerable to brute force attacks and malware which threatens data security and exposes the Active Directory domain controllers and Windows servers.

The 4TRESS Kerberos Agent 1.0 for Microsoft IIS, deployed in conjunction with ActivIdentity’s strong authentication solutions, enhances security by removing the need for users to know their Windows password when accessing Web resources. This is critical in high-investment smart card deployments designed to strengthen network access security and moving from single factor authentication (sole Windows password usage) to a multi-factor authentication (smart card plus PIN). The investment is undermined if end users are required to use a Windows password for remote access.

Reduced cost

The Agent reduces cost by removing the need for users to know their Windows password. Every password that a user is required to remember carries an operational cost associated with resetting forgotten passwords.

Improved usability

The Agent improves usability and ease of use by removing the need for users to know their Windows password. The login process becomes simpler and more streamlined when only a username and OTPis needed.

Alternative to Microsoft PKI

Using the Agent gives organizations a cost-effective alternative to PKI for strong authentication for Web services such as Microsoft IIS, Microsoft Outlook Web Access, or Microsoft SharePoint.

Technical Specifications

Web Server Compatibility

  • Compatible with Microsoft Internet Information Services (IIS) 6.0

Communications

  • RADIUS protocol between Agent and 4TRESS AAA Server

Supported Applications

  • Static Web pages deployed on the IIS server 6.0
  • Protection of Outlook Web Access 2003 (32-Bits Edition)

Supported Server Operating Systems

  • Microsoft Windows 2003 (32-Bits Edition)
  • Microsoft Windows Server 2003 x86 (no SP)
  • Microsoft Windows Server 2003 x86 SP1
  • Microsoft Windows Server 2003 x86 R2
  • Microsoft Windows Server 2003 x86 SP2

Prerequisites

  • Microsoft Active Directory 2003 needs to be configured in “native mode” (Kerberos delegation)
  • Microsoft Exchange 2003 needs to be configured and patched to support Kerberos delegation

Authentication Server Requirements

  • 4TRESS AAA Server for Remote Access v6.x

Availability

The Agent is distributed as part of 4TRESS AAA Server 6.6 and is backward compatible with 4TRESS AAA Server 6.0 and above. Future versions of the Agent will support Citrix® Presentation Server and Microsoft® SharePoint. Current Citrix environments will need to deploy ActivIdentity’s 4TRESS™ Agent 2.0 for Citrix® PS 4.5 – Web Interface.

Next Steps

Call 800 529 9499 Toll free US

Worldwide Contact

Request contact online

How to buy

Authentication Products

Related Solutions
 
Copyright © 2008 ActivIdentity, Inc. All Rights Reserved.
Code of Conduct  |  Legal Notice  |  Privacy Statement  |  508 Compliance