It almost has become part of my periodic routine: call up Passlogix and ask “What's new?” It turns out that there always is something and it's always interesting. This new addition to the Passlogix product line is no exception. The v-GO Universal Authentication Manager (UAM) solves an important, but not always recognized, problem: low cost, universal strong authentication to Windows.
Strong authentication to Windows certainly exists already, but the problem is that it is neither universal nor is it inexpensive. The new v-GO product addresses that by providing middleware that, once the user is properly authenticated to it, fetches the user's credentials from Active Directory and, voila! The user is logged in.
But wait. There's more. UAM can accept credentials from many sources, some of which are not always associated with logging into computers. For example, how about using your employee ID badge? You know, the one with the mag stripe that you pass through the door locks to get into the building? That, plus a PIN number is strong authentication and UAM is quite happy to accept that. That saves a lot of money because no special tokens are required.
What Passlogix calls “ubiquitous devices” – those that already are in use within the organization – are all around. These devices represent an existing investment in security, so the Passlogix approach is to let them serve as a source of strong authentication for computers. Besides the mag stripe access cards, there are such things as the biometrics on some laptops. This represents a serious savings because no new devices need be purchased and installed.
That savings extends to the use of Windows Active Directory as an authentication server. Additionally, there is no need to restrict users to a single type of strong authentication. Multiple devices can be mixed across the enterprise. When the user is off the network, the authentication still works.
If the organization needs single factor authentication, the token – whatever that might be – can provide it. If two-factor authentication is the order of the day, a PIN can be added and the UAM manages the PINs.
This tool is policy-driven and centrally managed making it a true enterprise-class product. Further, it integrates cleanly with the v-GO Single Sign-On product. User enrollment is simple and enrollment is enforced so users cannot opt out of strong authentication. The management of credentials is performed by the UAM. That includes PIN management, device management and auditing, which is extensive.
Auditing for UAM covers all the bases. In addition to providing auditing for regulatory compliance, it also can forward events to other devices and systems allowing management of those events if desired. The logging is detailed and should meet virtually all regulatory requirements.
User interaction is minimal. There are only two screens that the user will see besides the usual login screens. Coupled with simple, self-service enrollment, that makes UAM extremely user-friendly. And, user-friendliness extends to administration. Because a separate infrastructure is not required to add strong authentication to the enterprise, administrative tasks are significantly reduced.
v-GO Universal Authentication Manager is very inexpensive, starting at $15 per user in low quantities and becoming more economical as quantities increase. The ability to use Active Directory means that there is no need to add an authentication server and its associated cost and administrative overhead. And, of course, the use of ubiquitous devices already in use in the enterprise helps keep costs way down.
Support is an additional 20 percent, and it includes Passlogix's typical 24/7/365 support. UAM works on any current version of Windows, both clients and servers using the .NET Framework for the administrator console. The UAM client also runs on Windows.
This is a product whose time has come. Enterprises are becoming more and more complicated and disbursed. There are a lot of authentication devices available in most enterprises and if there are not, a wide choice of inexpensive devices is available. Not being constrained by a narrow selection of expensive strong authentication devices and associated management tools is a very worthy objective.In short, this product enables strong authentication in enterprises where costs and administrative overhead have traditionally been insurmountable constraints. If you add other members of the v-GO family, you can create a very comprehensive authentication/single sign-on environment and that, for just about any organization, makes a lot of sense. For just about any organization, v-GO Universal Authentication Manager certainly is worth looking into.