Mission Control Identity Server

            The Identity Server answers user and client authentication requests. It also offers full user administration and debugging features. Designated administrators can edit the user credentials, define group permissions and set usernames and passwords in the Mission Control Portal. In addition, the Identity Server integrates into the Active Directory environment by keeping users in sync. Whenever a user changes their password, the Mission Control Portal enforces a strong password policy.

            For existing Active Directory environments, user fields such as name, phone number, email address, alias, client VPN group membership, authentication group memberships, job title, and cost center are synchronized to the Identity Server database. A user's password is not exported from Active Directory and is, therefore, validated in real time against the directory. This ensures centralized password storage and privacy. The synchronized information can be combined with two-factor authentication methods on the Identity Server service.

            Federated identity management

            Nowadays users increasingly need to access external systems that are outside their domain of control. Additionally, partners and external users need to access internal systems. Federated identity management addresses the challenges associated with such cross-organization and cross-domain access, and uses a common set of policies, practices and protocols to manage the identity of users. Identity information is portable across autonomous security domains so that users of one domain can seamlessly and securely use the data or systems of another domain, without the overhead of user administration at every domain.

            Strong authentication

            Strong authentication reduces the risks associated with ordinary password authentication and provides a more secure way of logging in to the network by using a second authentication factor, such as one-time passwords or SMS authentication.


            Each login attempt by every user is logged and available in the real-time log viewer. It explicitly shows accepted and rejected authentication attempts per user, so administrators can quickly determine the exact cause of every failed authentication. If too many failed authentication events occur, the users are locked automatically.
            Each login attempt by every user is logged and available in the real-time log viewer. It explicitly shows accepted and rejected authentication attempts per user, so administrators can quickly determine the exact cause of every failed authentication. If too many failed authentication events occur, the users are locked automatically.

            User and group management in the Mission Control Portal.
            User and group management in the Mission Control Portal.

            The Mission Control Portal offers a detailed audit trail.
            The Mission Control Portal offers a detailed audit trail.

            OTP Token Authentication

            Tokens produce a constantly alternating 6-digit number that provides an additional authentication factor. It serves as a one-time password and, therefore, prevents various attacks on the user's credentials including keyboard logging at internet cafés or any eavesdropping and password thefts. Users are relieved from difficult password handling. Periodic password renewal enforcements can be simplified with increased protection.

             

            Hardware token in the form of a keyring that shows an alternating 6-digit number at the push of a button.
            Hardware token in the form of a keyring that shows an alternating 6-digit number at the push of a button.


            Software tokens are stored on a mobile device, such as a smartphone.
            Software tokens are stored on a mobile device, such as a smartphone.

            Certificate Authentication

            Client certificates can be used for device or user authentication. For user authentication, a user identifier is extracted from the user certificate during the login phase. This is convenient for users and automatically creates a strong binding between the user certificate and user login. Device authentication can enforce the use of company-managed computers for remote access.


            SMS Authentication

            For users with mobile phones this method of strong authentication is an alternative to hardware tokens. After the correct password is entered, an SMS with a one-time password (OTP) is sent to the mobile number of the user (that number is registered in advance in the Mission Control Portal). The user completes the authentication by entering this OTP in the newly presented field of the login page. This process proves that the user is in possession of a mobile device with a SIM card that corresponds to the registered mobile number, and is thus a form of two-factor authentication, i.e. the user knows a password and has a unique device.