WHAT TYPE OF SOLUTION ARE YOU LOOKING FOR?
Education organizations face unique challenges. Unlike corporations, academic institutions must create a campus community, recruit and retain students, simplify administrative processes, improve learning experiences, and support research agendas – all while adhering to an ever-evolving list of regulations. The balancing act between key governance and compliance initiatives need to be considered versus student and faculty “ease of use” considerations.
Whether you’re looking to automate your provisioning process for cost savings, enhanced security, or governance initiatives, or embarking on programs to federate identities, Aegis Identity has a solution for you.
- – Reset forgotten password
- – Change password, synchronize passwords
- – Manage challenge/response questions
- – Synchronize challenge/response question and answers from external source *Example: check number of last paycheck, final grade in CE 101, etc.
- – Force user to enroll and answer authentication questions
- – Automatic password expiration and notification of pending expiration
- – Help desk reset password
Aegis Identity TridentHE Identity Manager includes Password Management that is designed for rapid deployment, high availability and future scalability. The TridentHE Password Management requires less configuration to integrate as compared to a full identity management implementation and includes an account discovery function to import existing users and link accounts together across systems. The self service and help desk portals are a single place for password management including: change password, forgot password, challenge/response questions and password policy configuration.
For many schools Password Management is a first step to reaping the benefits of a full Identity Management (IDM) solution. The TridentHE Password Management deployment positions these schools perfectly to implement the power of TridentHE Identity Manager, our cost-effective and proven, higher education focused, open standards solution. TridentHE Identity Manager provides robust account provisioning, reconciliation, integrated workflow, delegation administration, auditing, reporting and enterprise-level functionality. All of this additional functionality while capitalizing on the investment in Password Management implementation and configuration.
PASSWORD MANAGEMENT CHALLENGES
In today’s digital marketplace, user access is everything. The average user accesses between five and fifteen IT systems on a daily basis, and many of those systems have their own password-based authentication system. Users are unlikely to remember fifteen passwords, leading to “manual” efforts to synchronize passwords, write down passwords, or choosing simple, easy to remember passwords. When users forget a password, calls to the help desk can take up to 20 minutes to resolve the issue, resulting in user frustration, increased costs, and lost productivity. Existing password reset mechanisms such as challenge/response questions are subject to increased risk when multiple applications in the organization implement siloed challenge/response with weak questions.
The typical cost of a help desk password reset across all applications is estimated at $30-$70 per support call. Single Sign On can’t provide a 100% simplification for users, especially those of stand alone, mobile or unsupported systems. Automating password management can help reduce this cost and the repetitive burden on help desk personnel while meeting security and compliance demands.
TRIDENTHE PASSWORD MANAGEMENT HIGHLIGHTS
TridentHE Password Management offers password management functions including central password policies, password change, reset, challenge/response, and help-desk delegation that allows users to reset their own passwords at their convenience from any web browser. It also helps administrators or help desk personnel to easily reset or change passwords and use authentication questions for identity verification.
Aegis Identity Software offers TridentHE Identity Manager’s Password Management functionality, stand-alone, for Higher Education organizations that need to solve unique password management challenges while providing a platform that scales to handle future IAM needs such as provisioning, single sign on, federated identify, and compliance.
- Password policy
- Sync passwords using TridentHE connectors
- Durable messages guarantee successful password change
- Password Change
- Password reset
- Challenge/Response questions
- Fine grained audit policy
- Uses rules engine
- Audit events are sent over ESB
- Capability to automate the create/update/delete functions of accounts based on action in an organization’s existing directory service (e.g. Microsoft Active Directory or LDAP)
- Ability for designated personnel to manually add/update/delete users through a set of web-based workflows
- Google Apps Education Edition
- Microsoft Live @EDU
- Microsoft Business Productivity Online Services (BPOS)
- SPML enabled cloud services
- Over 50 others supported with upgrade to full use TridentHE Identity Manager
Aegis TridentHE Cloud Identity Provisioning Virtual Appliance is an integrated software solution for provisioning and synchronization of identities and passwords to cloud service providers including Google Apps for Education and Microsoft Live@edu. The appliance is designed for rapid deployment, low risk, and future scalability. The appliance requires minimal configuration to integrate and leverages the existing credentials already in place.
The TridentHE Cloud Identity Provisioning Appliance is built upon TridentHE Identity Manager. The TridentHE is a cost-effective, proven, higher education focused, open standards solution providing password management, compliance, workflow and auditing capabilities across all identity repositories.
User provisioning services provide a compelling solution for higher education institutions to outsource collaboration tools including email, calendar, and collaborative team sites, for low or no cost. Aegis’s TridentHE Identity Provisioning Solution provides the infrastructure needed to automatically add, modify, and delete accounts by extending existing directory services and provisioning infrastructure already in place in higher education institutions. This gives universities the opportunity to quickly migrate their collaborative services to the cloud by leveraging existing identity infrastructure, accounts, and passwords without having to manage or provide help desk support for new identity repositories.
One question that must be addressed prior to migrating to cloud services is “How will we manage external accounts?”. The TridentHE Provisioning Solution provides a full set of account management tools through real-time secure interfaces and APIs provided in the solution.
Contractor and guest access registration/ sponsorship forms are included in the TridentHE solution. This ensures that all create, update, and delete actions of user accounts on cloud services follow the organization’s policies.
For example, a rule can be easily applied to a contractor needing access to cloud based services for one week that will automatically disable the account at the appropriate time. TridentHE’s provisioning capability is an efficient and secure account management solution initially targeted for cloud services but scales to handle future IAM needs such as provisioning, single sign-on, and compliance with an upgrade to a full use TridentHE license.
The Aegis TridentHE Identity Provisioning Solution offers the solution organizations need to migrate identities and synchronize passwords quickly and efficiently to cloud services. The platform integrates with clients existing infrastructure and automatically detects all add/modify/delete actions. The solution provides a platform that scales to handle future IAM needs such as internal account provisioning, single sign on, other federated identify, and compliance.
- Integrates with existing authentication systems such as Microsoft Active Directory™ and LDAP, allowing the user to have a single login identifier that works with third party applications through the InCommon FederationKnowledgable and professional implementation and support
– Rapid install
– Built on Shibboleth, the standards based, open source software
– Integrates with TridentHE Identity Manager Software to provide a complete IAM solution:
provisioning, password management, and single-sign-on
THE INCOMMON FEDERATION
Aegis Identity Software provides consultation and implementation services for Federated Single Sign-on (SSO) via the InCommon Federation based on Shibboleth, a standards based, open source software package designed for the specific needs of Higher Education. Aegis Identity uses information gathered through multiple Shibboleth implementations to package best practices, tuning settings, and configurations into the appliance making it a plug and play installation.
The Federated Identity implementation from Aegis Identity provides an opportunity for universities to quickly expand their reach by providing key infrastructure necessary for enabling federated / external SSO to InCommon Federation’s member service providers. Universities are continually challenged to provide students, faculty, and staff with access to protected external resources such as Apple iTunesU, Turnitin, external libraries and other collaborative resources. Federated identity, also known as external single sign-on, eliminates the need for organizations and partners to manage accounts, passwords, and credentials for this external access through the use of single sign-on using existing, internal university credentials. Federated SSO consists of Identity Providers (IdPs) and Service Providers (SPs). An identity provider handles the authentication of the user to validate that they are indeed an active member of the IdP’s organization. A Service Provider represents an organization wishing to allow external users to access their resources (e.g., Microsoft Dreamspark).
In the U.S., the research and education community has established the InCommon® Federation through which higher education institutions and their service provider partners agree on a set of shared policies, processes, and technology standards. One of those standards is a process for single sign-on, so one set of credentials provides access to resources from any service provider in the Federation, without the need for another user ID or password. InCommon Federation provides a valuable service to both universities and their partners by acting as a hub for multiple federation partners. Without InCommon Federation, each university would need to create a point-to-point federation with each service provider, increasing cost and complexity for both the universities and the service providers.
The Aegis Identity Software Federated Identity consultation for Higher Education provides an opportunity for universities to quickly expand their reach by providing turn-key infrastructure necessary for enabling federated/external SSO to InCommon Federation’s member service providers.