Authentication Client
ActivIdentity Authentication Client (AAC) provides organizations with alternative methods to access Windows workstations, adding functional enhancements as well as increasing the flexibility for deployment options.
For deployments of Smart Employee ID, AAC provides temporary emergency access in the event that the smart card is unavailable. This functionality helps organizations provide users with tools to solve common authentication issues. For example, a user that leaves a smart card at home can access the workstation using AAC, even when on the road, without requiring assistance from the help desk.
For deployments of Enterprise SSO, AAC provides two important enhancements to the solution. The first function is the emergency access functionality, which can be used by SSO deployments using either password or smart-card as the primary authentication method. The second function is smart card password login, which saves time and money by providing the ability to deploy smart-card based authentication without requiring a public key infrastructure.
The services provided by ActivIdentity Authentication Client include:
- Emergency Access for Windows login. Emergency access is available through question & answer-based authentication (also known as knowledge-based authentication). Before performing an emergency access, users enroll by providing answers to a number of questions (as determined by the administrators). During emergency access, AAC asks the user for the answers to one or more questions, based on policy, before granting access to the workstation. Emergency Access is available whether the user is online or offline.
- Self Service Password Reset for Windows login. After successful authentication through the emergency access method, users may reset their password in order to resolve their forgotten password issues.
- Smart Card Password Login. Instead of using traditional PKI-based authentication for smart-card access to workstations, AAC provides an alternative method for two factor authentication. AAC authenticates users to Windows using the password securely stored in the PIN-protected smart card.
AAC can be deployed in conjunction with Active Directory in order to provide emergency access to users who have more than one workstation. Users can roam from their workstations (such as a desktop at the office and a laptop at home), and use the same enrolled answers to the emergency access questions in the event that temporary secondary authentication is needed.
Key Features
- Knowledge-based authentication provides temporary alternative access in the event that the primary authentication method is inaccessible.
- Provides emergency access to multiple Windows authentication scenarios, including:
- Windows login
- Windows screen unlock
- Windows Vista fast user switching
- Windows Remote Desktop Connection login to workstations or Terminal Servers
- Windows login through Citrix Presentation Server
Benefits
- Reduces help desk costs by providing users with self service password reset options to solve common authentication issues. Help desk operators spend less time performing password resets.
- Lowers costs and shortens deployment times by providing options to use smart cards without a PKI deployment. Organizations can take advantage of many of the benefits of smart card security with lower up front costs.
- Keeps users productive even when they forget their smart card. Users can resolve their issues even when help desk services are not available, or even when network connectivity is not available.
ActivIdentity Authentication Client components
Emergency Access services
- Emergency Access automatic enrollment, enabling users to select their security questions and answers
- Emergency Access authentication, enabling users to authenticate with their security answers – online or offline
- Windows Self Service Password reset
- Roaming capability, providing emergency access from the multiple user’s workstations
- Management of the Windows password change events
Smart Card Password Login services
- Smart Card Password Login automatic enrollment
- Smart Card Password Login authentication – PIN protected for two-factor authentication
- Management of the Windows password change events, updating the smart card content automatically
- User Console interface to view and manage the Smart Card Password Login credential
Common Administration Services
- Auditing of authentication events in the Windows Event Viewer
- Flexible configuration options, offering companies the ability to customize AAC policies to meet their security and usability criteria – for example, customization of the emergency access security questions, maximum number of emergency access authentications per month
- Advanced Configuration Manager offers administrators a local interface to configure AAC policies
- Active Directory template enables administrators to centrally manage and deploy AAC policies to all workstations in the domain using Active Directory Group Policy Objects
- Advanced Diagnostics and Logging capabilities enable help desk to diagnose easily any authentication error
- Windows Installer package, can be installed interactively or deployed within the enterprise using software distribution solutions
Compatibility
Citrix Presentation Server:
- Citrix® Presentation Server 4 x86
- Citrix Presentation Server 4.5 x86
Citrix Client
- Program Neighborhood (Classic) on Microsoft Windows 2000, Windows XP,Microsoft Windows Vista, Windows Server 2003.
- Citrix Presentation Server Client Packager Versions 9.2, 10.0 and 10.2 (x86 and x64)
Windows Remote Desktop
- Terminal Server included in Windows Server 2003 x86
- Remote Desktop Connection v5 and v6 (x86 and x64)
Supported Smart Card Profiles
- All ActivClient-supported smart cards are supported by Authentication Client.
- Smart Card Password Login supports all ActivClient-supported profiles with PIN-protected write access area.
System Requirements
- Microsoft Windows XP Professional SP2
- Microsoft Windows Vista x86 (all editions), SP1 recommended
- Microsoft Windows Server 2003 x86 SP2
Solution Interoperability
- Smart card deployments: ActivClient 6.1 SP1 & above.
- Single Sign On deployments: SecureLogin SSO 6.1 & above.
Register for the
