Enterprise ! Universal, Strong Authentication and Simple Sign On TAKE CONTROL Use Injector on employee-owned smartphones to strengthen the security of authentication across your organization while employees enjoy effortless logins. Injector Enterprise supports logins to any system with no client software to deploy. Manage corporate credentials centrally with advanced authentication policies, and instant de-provisioning. TECHNICAL SPECS Central Management of Employee Logins: Employees use their smartphones to log in to any corporate system using policies that are centrally managed by administrators. Employees authenticate to the phone via strong password or biometric and the rest is handled automatically by the Injector smartphone app. The End of Password Resets: Since employees won’t need to know their corporate passwords, you will never have to do a password reset. Now you can enforce long, random passwords for legacy systems. Effortless Authentication to Anything: Injector will work with any existing system, whether it is a computer login, a web site, or even unlocking a full-disk encryption system at pre-boot. Employees simply tap, speak, or scan a QR code. Strong, Universal Authentication: Use Injector to authenticate with any kind of credential: static passwords, one-time-passwords (TOTP or HOTP), or public key authentication (FIDO U2F). Enforce reauthentication (including biometric if supported on the smartphone) to specific credentials. Advanced Authentication Policies: Injector Enterprise offers advanced authentication policies that can be applied on a per-credential and per-user basis. These include biometric reauthentication, geo-fencing, password randomization, automatic password changes, and instant de-provisioning. Easy Deployment: Injector Enterprise Server is installed as a virtual appliance and there is no client software to deploy. All the employees need is the Injector smartphone app. Increased Employee Satisfaction: Employees will enjoy effortless logins to corporate systems, but they can also use Injector to manage their own personal logins. Corporate and personal credentials can co-exist in the same application. FIDO U2F On-Premises: Add strong, public key authentication to corporate web logins using an on-premises FIDO U2F authentication server. INJECTOR SMARTPHONE APP iOS version 6.1 or greater iPhone 4S or newer Android version 4.3 or greater BlackBerry OS 10.3 (native) Bluetooth Smart required for use with Injector device One-time-passwords (RFC 6238 and 4226) ! INJECTOR DEVICE USB 2.0 Full Speed with Bluetooth Smart HID and FIDO U2F Interfaces FCC, RoHS Compliant ! SYSTEM COMPATIBILITY Windows, Mac OS, Linux Any computer that supports USB CONTACT WEBSITE password-injector.com EMAIL info@password-injector.com ! ! Enterprise ! Feature Summary • Manage corporate credentials: Using a friendly web interface, administrators define corporate credential sets and policies that get pushed to employee smartphones. Credential sets correspond to logins (Windows domain, VPN, web sites, etc.) and can be enabled or disabled on a per-user basis. • Active Directory integration: Injector Enterprise uses Active Directory as the source of employee identities and it also supports randomization and automatic password changes via Active Directory for Windows domain logins. • Geofencing: Restrict use of a corporate credential to a defined list of geofences. When this policy is used, the Injector app will use the geolocation services of the smartphone to ensure that a login can only occur from authorized locations. For example, you can specify that the VPN can only be logged into when at the office or at home. • Password randomization: Enforce new passwords to be automatically generated by Injector. Specify length and formation rules to match the system password requirements. • Automatic password change: Have passwords automatically changed on a specified schedule without the employee having to take any action. • Reauthentication: Require specific credentials to need reauthentication on the smartphone before it can be used to ensure that the right user really is present and to enforce stronger protection for certain logins. • Biometric support: If the smartphone has biometric capabilities, you can allow the biometric to be used as the reauthentication mechanism. • Windows 7/8, Mac OS/X, Linux automated login: Logins for Windows 7, 8, Mac OS/X, and Linux can be automated without having to modify the system. • BitLocker: Full disk encryption systems such as Microsoft BitLocker run in a pre-OS environment. Since no software needs to be installed for Injector to work, even these passwords can be automatically managed and sent to the system by Injector. • FIDO U2F: Injector Enterprise comes with a FIDO U2F authentication server that you can deploy on-premises. Easy integration into your corporate web sites allows you to provide the best security for authentication using public key verification. Note: this requires use of Chrome browser. • Backup and restore: Corporate credential sets can automatically be backed up in encrypted containers that are locked to the user’s Injector password. If an employee loses her smartphone, she can be up and running fast with a simple restore of the backup to the new smartphone. SYSTEM COMPONENTS • • • Injector Enterprise Server deployed as a virtual appliance Injector app on employee-owned smartphones: iOS, Android and BlackBerry native. Injector USB device: Carry on keychain or use micro form-factor.
© Copyright 2024