OneSign Technology | Security
Imprivata OneSign is a robust, easy to install appliance designed to provide non-intrusive, strong authentication and single sign-on functionality for the entire enterprise application portfolio. OneSign’s layered approach to security mitigates many well-known enterprise security vulnerabilities in networks, applications, in-transit data, and on client PCs.
OneSign’s multiple layers of security ensure secure client, server, and data transmission. Unauthorized access would require the virtually impossible simultaneous cracking of numerous, integrated OneSign security layers including: device stripping and hardening, authenticated agent and application code, PKI, SSL, and AES encryption -- all using different one-time keys and all built around the delivery of obfuscated, encrypted, digitally-signed database information.
Enabling Stronger Levels of Security
1. Strong Password Policy
OneSign primary authentication can be tightly integrated with Windows domain and/or Novell Netware authentication. Since one password is easier to secure than multiple passwords, OneSign administrators can implement clear and straightforward security policies across all SSO applications based on the users’ primary authentication. Imprivata’s Secure Exchange (ISX) technology ensures the security of the primary authentication and all OneSign data transport.
2. Password Changes
To further increase security, OneSign can cycle complex application passwords behind-the-scenes on the users’ behalf according to an organization’s policy rules on a per-application basis. This enables rapid implementation and enforcement of a stronger set of password policies without additional training or burden on the user. Users no longer know their application passwords and must gain access only via a OneSign-enabled PC. OneSign makes a strong centralized application password policy a reality while decreasing help desk costs.
3. Policy Formats
OneSign can generate stronger passwords that conform to any unique application requirements. Custom masks can be created on a per-application basis to allow administrators to configure a password length, mix of characters, specific characters or types of specified locations in the array, and more.
4. One-Click User Lockout
Administrators can disable any user from all SSO-enabled enterprise applications and the network desktop logon with a single click. If OneSign automated password policies have been implemented, users no longer know their various strong passwords to back-end applications and cannot use out-of-band connections to gain access.
3. Authentication Options
OneSign supports major forms of strong authentication out of the box - without any custom integration with device vendors. Administrators decide which users should have which modes of authentication and can easily add further authentication options over time. Authentication options include OTP tokens, smart cards, proximity cards and finger biometrics. Initially, administrators might choose to roll out passwords and eventually add stronger forms of authentication.
4. Leverage Existing Investments in RSA and Secure Computing
Sites that have deployed Secure Computing Safeword or RSA Security SecurID for strong authentication can leverage their investments. OneSign includes built-in support for Secure Computing Premier Access Server, SafeWord Remote Access, and RSA Authentication Manager Server as a primary form of desktop authentication. OneSign provides a truly seamless single desktop login using two-factor one-time passcodes for login to all SSO-enabled client/server, web, and legacy applications from any OneSign-enabled desktop.