Products
Home > Products > Technology Overview > Technical Specifications

Technology: Technical Specifications

Encentuate® IAM is the first end-point identity & access management (IAM) solution that allows enterprises to simplify, strengthen and track access at the enterprise end-points without any changes to your existing infrastructure.

Enterprise Single Sign-On Support

Encentuate IAM works out of the box with a variety of applications. Single sign-on support can be auto-generated through AccessStudio with no need for elaborate scripting. Sample applications supported include:

Windows Log On

  • Windows 2000/XP/Server 2003
  • Active Directory Login
  • NT Domain
  • Novell Client
  • Kerberos/NTLM
  • Option to enhance Microsoft's GINA

Web and Thin-Client Applications

  • Out of the box support for applications based on Microsoft Internet Explorer or built for thin clients
  • Support for complex web pages including form based, pop up sign-on, dropdown lists, radio buttons, pop up dialogs, and checkboxes

TTY and Mainframe Applications

  • Pre-configured for commercial and custom terminal emulators such as Putty, Secure CRT, Reflections, Rhumba, etc.
  • Support for commercial and custom mainframe applications such as Care Manager and Meditech
  • Supports multiple log on and password screens

Example Desktop and Client Applications

  • Cerner
  • JD Edwards
  • Lawson
  • Lotus Notes
  • Oracle
  • PeopleSoft
  • SAP
  • Microsoft Exchange
  • Microsoft Sharepoint

Example Dialup, Networking and VPN Support

  • Cisco
  • Checkpoint
  • Nortel
  • Microsoft VPN
  • Microsoft dial-up networking
  • iPass
  • GRIC
  • Fibrelink
  • Citrix Nfuse

Session Management & User Switching

For situations where multiple users might be sharing one workstation, Encentuate IAM's session management capabilities can be deployed to enable fast user switching. Encentuate IAM supports different modes that can be tailored, area-by-area, to streamline workflow on shared workstations. Various options for session management offered by Encentuate include:

Fast user switching on private desktops

  • Maintains multiple unique user desktops per workstation
  • Preserves user's applications, documents, and network drive mappings
  • Supports single instance applications
  • Supports both Win2K and WinXP

Fast user switching on roaming desktops

  • Provides unique user desktops that “roam” across workstations - leverages Windows Terminal Server or Citrix
  • Preserves user's applications, documents, and network drive mappings

Fast user switching on shared desktops

  • Uses one generic Windows desktop per workstation
  • Personalizes generic desktop using session logon/logoff scripts

Multiple Authentication Options

Strong Passwords

  • Generation of one-time passwords for authentication
  • Scheduled password change policies for longer randomized passwords

Support for Multiple Authentication Factors

  • Encentuate USB Key
  • Encentuate iTag (smart labels and other sticker labels)
  • Proximity cards: HID Prox, HID iClass, Indala
  • Smart cards
  • Biometric devices (fingerprint, etc.)
  • One-time password tokens (RSA, VASCO, OATH, cell phones, and PDAs)

Certificate-Based Authentication

  • Built in certificate authority allows for industry standard X.509 v3 digital certificate for authentication

Industry Standards for Strong Security

  • Individual user credentials are encrypted using AES or 3DES and decrypted on the fly as needed
  • Communication between the AccessAgent and IMS Server is encrypted using SSL
  • FIPS 140-2 Level 2 certified smart card security level
  • Cryptographic algorithms: RSA 1024 and 2048, AES, 3DES, SHA-1 and MD5
  • Open Authentication (OATH) standards for OTP tokens.
  • Interface standards: MS CAPI, PKCS#11 v 2.01, PC / SC and SSL v3

Directory Support

No directory schema change or replication is required for Encentuate IAM to work with the following directories:
  • LDAP
  • Active Directory
  • Sun One Directory
  • NIS (Network Information Systems)
  • Novell eDirectory

Security Highlights

  • HTTPS between agent and server - The communication channel between server and client is encrypted.
  • Mutual certificate authentication - The AccessAgent authenticates to the IMS Server using certificates, and vice versa.
  • The Encentuate password is only half the secret to liberate the Wallet - The Encentuate password can be combined with a second factor of authentication, such that only a combination of the two can unlock a user’s Wallet.
  • The Encentuate password is not stored anywhere - The Encentuate password is not stored anywhere in the system, either in the clear or in encrypted form. Not even the system administrator can look at a user’s Wallet data as it is indirectly protected by the Encentuate password which is only known to the user.
  • The Encrypted Wallet - The Wallet data, whether backed up in the Encentuate database, stored on a smart card, or cached on a disk is always protected by strong encryption.
  • Tamper-Evident Logging - Audit logs written by our sytem (either to the SQL database or to a system log server) are protected by a hash-chain and checkpoint-signing mechanism. This ensures that the logs are tamper-evident and any compromise of integrity can be detected.

Other Key Features

Unified Access for Physical and Digital Systems

  • Integrates with existing proximity devices such as HID and RFID
  • Supports custom Encentuate USB Proximity Key that combines smart card for digital access and RFID for physical access

Centralized Installation, Administration and Policy Management

  • Central installation or upgrade using existing push installation software such as Microsoft's System Management Server (SMS), Altiris Software Delivery Solution, Microsoft Active Directory's Group Policy Object (GPO) or custom MSI installers
  • Support for group-based policies

Comprehensive Audit Logs

  • Comprehensive logging of user authentication events
  • Tamper-evident audit logs for even higher compliance assurance

Complete Mobility for Users

  • Users can roam to any workstation in the network
  • Multiple users can easily and securely share the same workstation
  • Users have support for secure remote access

Platform Support

Encentuate AccessAgent

  • AccessAgent is available for Microsoft Windows 2000 or XP, Citrix, Terminal Services, and Web portals
  • Internet Explorer 5.5 or higher with 128-bit encryption

Encentuate IMS Server

  • Microsoft Windows 2000, or Server 2003


Featured Whitepaper
Learn how Encentuate provides identity management and single sign-on at your organization's end-points

Download our product whitepaper
Learn More!
Visit our resources section to download our whitepapers, data sheets, case studies

Look at resources
Customer Success
Our customers say great things about us

Read what our customers say

Products
» Strong Authentication
  • iTag
» Identity & Access Management
  • Single Sign-On & Workflow Automation
  • Session Management
  • Audit and Compliance
  • User Provisioning
» Secure Remote Access
» Technology Overview
  • Key Components
  • Benefits and Features
  • Technical Specifications
View a demo
Get started right away
Get more information
Download More Info
Enterprise Single Sign-on Data Sheet
Encentuate ESSO
Secure Remote Access Solution Sheet
Encentuate Remote Access
Whitepaper
Encentuate Product Overview

"Encentuate has the makings of a great company. It has a proven and visionary entrepreneur and an innovative technology solution that addresses a large customer pain point."

Vivek Mehra
General Partner
August Capital