Integration with Microsoft Active Directory (AD)
Authasas is fully integrated with AD, where the system administrator can use the existing AD based user & group policies. In other words - Authasas mainly provides biometric fingerprint interface as 2nd method of authentication on top of the regular windows password based login procedure.
- Integrated Microsoft Base CSP protects all user credentials and configuration settings stored in the directory and locally on client workstations.
- Uses AES 256bit encryption.
- Global deployment ID and password protects configuration and deployment keys.
- Elliptical Curve Cryptography (ECC) protects certificates and keys.
- Client/server communications secured via TLS-encrypted SSL channel.
Multi Factor Authentication
Authasas can provide centralized Multi factor authentication including biometric fingerprint, password and token / smart cards (optional ), during windows logon
Authasas Advanced Authentication extends the User Manager
application provided by Windows: Active Directory Users &
Computers (ADUC) snapin. Authasas adds a new property page
Authasas to the existing user profile dialog. This allows network
administrators centralized access to Authasas functionality from
anywhere within the Active Directory forest, and through the applications
and access points native to Windows.
Complete Auditing Trail
Leverages Windows audit events so existing network monitoring tools can scrutinize user identity and logon activity.
Available Authentication Scenarios
The Authasas Advanced Authentication Workstation supports all
of the following authentication scenarios:
- Standalone PC
- Networked PC
- Cached logon
- Windows Terminal Server
- Citrix® Metaframe®, N-Fuse® session
- Windows XP Remote Desktop
- Dialup/GPRS/VPN/RADIUS session
- Crossdomain authentication (trusted domains)
- Launching application via Run As command
When credential caching is enabled,
Authasas stores a user’s authenticators locally. These authenticators are retrieved and verified locally when the user is disconnected during logon.
Authasas’s authenticators caching functionality closely resembles Windows built-in functionality for password-based network-detached logon.
Only the network administrator can enable caching for a particular computer (for example a laptop). Authasas minimizes client side security risks by storing authenticators in digitally signed and encrypted form using the operations facilities of the Microsoft Data Protection API and Microsoft CryptoAPI.
Once the administrator disables the caching option for a particular computer all data cached on this PC will be removed regardless of the user wishes.