ActivIdentity NMAS Method
Strong two-factor authentication for Novell networks
For Novell customers concerned with
securing user access to their networks,
ActivIdentity NMAS Method provides
organizations an extra layer of security.
ActivIdentity® NMAS Method replaces
weak static passwords with token-based
one-time passwords enabling
strong two-factor authentication.
Native integration with Novell Modular
Authentication Service (NMAS), Novell
eDirectory™, and Novell iManager enables
easy deployment, management, and
broad application coverage for all login
scenarios (i.e. LAN, VPN, Web).
Key Features
Secure Novell login
- Users login using a password that is
valid only once, generated for each login
by an ActivIdentity handheld token.
- Two-factor authentication, based on “something you have” (authentication
device) and “something you know” (PIN).
- ActivIdentity one-time password
authentication is based on a patented
three-variable algorithm: time, event
counter, and cryptographic key.
Native Novell integration
- All user and device information is stored
in Novell eDirectory with no additional
server required.
- Authentication policies are based on
eDirectory and applied to users via
directory inheritance.
- User and device management is
performed in Novell iManager using built
in controls.
- Automatically supports any new NMAS enabled application.
- Compatible with Novell SecureLogin®:
administrators have built-in options
to enforce one-time password login
to sensitive applications; one-time
password login enables user access to all
single sign-on enabled applications.
- Compatible with Novell iChain®, BorderManager®, and Access Manager
for organizations to secure access
to web-based and remote corporate
resources in addition to LAN login.
Device lifecycle management
- Users and devices are managed centrally
using the iManager management console
for increased efficiency.
- Lifecycle management of hardware
tokens including user assignment, device
unlock, and PIN management.
Benefits
Increases security and usability
- Increases protection of corporate
resources by replacing the use of
static passwords for user access with
non-repeatable one-time passwords.
- Reduces employee frustration
associated with complex static
passwords; instead complexity is
concealed within the token.
- Accommodates different levels of
security and usability such as device
plus PIN or device only user logins.
Easy setup and management
- Simplifies deployment by leveraging
existing eDirectory installation for
user and device management.
- Eases distribution and enforcement
of policies via directory inheritance
capabilities.
- Empowers administrators with
new capabilities built directly
into iManager’s management
console; avoids the need for a new
management console paradigm.
- Aligns with existing workforce
practices by supporting all login
scenarios.
Low cost of ownership
- Minimizes cost of ownership as
no additional server or database
is required nor the associated
configuration, maintenance, and
training costs.
- Speeds ROI of existing and future
Novell investments through
interoperability with all Novell
applications based on NMAS.
Technical Specifications
ActivIdentity NMAS Method
components
Login Server Module
- Integrated into NMAS Server running on
Novell® eDirectory™ installation
- Validation of one-time password
based on device information stored in
eDirectory
Login Client Module
- For Novell Netware®: Integrated into
NMAS Server, compatible with Chain® and BorderManager®
- For Microsoft® Windows®: Integrated
into NMAS Client running on user’s
desktop (with Novell Client)
- Interface provided for end-user to enter
a one-time password which is then
forwarded to the Login Server Module
iManager plug-in
- Integrated into iManager providing
device management services
Security services
User authentication services
- ActivIdentity synchronous one-time
password, based on Time and/or Event
Counter and/or Key Derivation
- X9.9 Challenge/Response
Personal Identification Number (PIN)
validation
- PIN validation on the device (hardware
tokens with keypad)
- PIN validation on the server (hardware
tokens without keypad)
- Device locking after incorrect PIN
entries
- Device disabling after incorrect onetime
password entries
Authentication device options
- ActivIdentity Mini Token AE
- ActivIdentity Keychain Token
- ActivIdentity Token
- ActivIdentityPocket Token
- ActivIdentity Desktop Token
Management services
- Automatic device resynchronization – performed at each synchronous
authentication, reduces the need for
help desk calls
- Manual device resynchronization
- Device unlock
- Device PIN setup
- Device Import – enables customers to
easily and rapidly deploy pre-initialized
hardware tokens to end-users
- Device assignment/ unassignment to
eDirectory users
- Device enabled/disabled
- Authentication policies applicable
to eDirectory objects (Organization,
Organizational Unit, Users).
- Directory inheritance inside eDirectory
facilitates policy distribution and
enforcement for corporate deployments
Compatible applications
- Novell eDirectory
- Novell iManager
- Novell Modular Authentication Service
(NMAS)
- Novell Access Manager
- Novell Client™
- Novell iChain
- Novell BorderManager
- Novell SecureLogin
Industry standard compliance
- Data Encryption: DES, 3DES, AES
- Challenge/Response: ANSI X9.9
System requirements
Server
- eDirectory 8.7.3 SP8 or 8.8 running on
Windows 2000 Server SP4, Windows
Server 2003 or on Netware 6.5 SP5
- Novell Modular Authentication Service
3.1.1 (included in Novell Security
Services 2.0.2)
Management Console
- Novell iManager 2.6
- Browsers: Internet Explorer®, Mozilla®,
Firefox®
Client
- Windows 2000 SP4, Windows XP SP2,
- Windows Server 2003
- Novell Client 4.91 SP2
Register for the
