Enterprise

Enterprise
!
Universal, Strong Authentication and Simple Sign On
TAKE CONTROL
Use Injector on employee-owned
smartphones to strengthen the security
of authentication across your
organization while employees enjoy
effortless logins.
Injector Enterprise supports logins to
any system with no client software to
deploy.
Manage corporate credentials centrally
with advanced authentication policies,
and instant de-provisioning.
TECHNICAL SPECS
Central Management of Employee Logins: Employees use their smartphones
to log in to any corporate system using policies that are centrally managed by
administrators. Employees authenticate to the phone via strong password or
biometric and the rest is handled automatically by the Injector smartphone app.
The End of Password Resets: Since employees won’t need to know their
corporate passwords, you will never have to do a password reset. Now you can
enforce long, random passwords for legacy systems.
Effortless Authentication to Anything: Injector will work with any existing
system, whether it is a computer login, a web site, or even unlocking a full-disk
encryption system at pre-boot. Employees simply tap, speak, or scan a QR code.
Strong, Universal Authentication: Use Injector to authenticate with any kind of
credential: static passwords, one-time-passwords (TOTP or HOTP), or public key
authentication (FIDO U2F). Enforce reauthentication (including biometric if
supported on the smartphone) to specific credentials.
Advanced Authentication Policies: Injector Enterprise offers advanced
authentication policies that can be applied on a per-credential and per-user basis.
These include biometric reauthentication, geo-fencing, password randomization,
automatic password changes, and instant de-provisioning.
Easy Deployment: Injector Enterprise Server is installed as a virtual appliance
and there is no client software to deploy. All the employees need is the Injector
smartphone app.
Increased Employee Satisfaction: Employees will enjoy effortless logins to
corporate systems, but they can also use Injector to manage their own personal
logins. Corporate and personal credentials can co-exist in the same application.
FIDO U2F On-Premises: Add strong, public key authentication to corporate web
logins using an on-premises FIDO U2F authentication server.
INJECTOR SMARTPHONE APP
iOS version 6.1 or greater
iPhone 4S or newer
Android version 4.3 or greater
BlackBerry OS 10.3 (native)
Bluetooth Smart required for use with
Injector device
One-time-passwords (RFC 6238 and 4226)
!
INJECTOR DEVICE
USB 2.0 Full Speed with Bluetooth Smart
HID and FIDO U2F Interfaces
FCC, RoHS Compliant
!
SYSTEM COMPATIBILITY
Windows, Mac OS, Linux
Any computer that supports USB
CONTACT
WEBSITE
password-injector.com
EMAIL
info@password-injector.com
!
!
Enterprise
!
Feature Summary
•
Manage corporate credentials: Using a friendly web interface, administrators define corporate credential sets and policies
that get pushed to employee smartphones. Credential sets correspond to logins (Windows domain, VPN, web sites, etc.) and
can be enabled or disabled on a per-user basis.
•
Active Directory integration: Injector Enterprise uses Active Directory as the source of employee identities and it also
supports randomization and automatic password changes via Active Directory for Windows domain logins.
•
Geofencing: Restrict use of a corporate credential to a defined list of geofences. When this policy is used, the Injector app will
use the geolocation services of the smartphone to ensure that a login can only occur from authorized locations. For example,
you can specify that the VPN can only be logged into when at the office or at home.
•
Password randomization: Enforce new passwords to be automatically generated by Injector. Specify length and formation
rules to match the system password requirements.
•
Automatic password change: Have passwords automatically changed on a specified schedule without the employee having
to take any action.
•
Reauthentication: Require specific credentials to need reauthentication on the smartphone before it can be used to ensure
that the right user really is present and to enforce stronger protection for certain logins.
•
Biometric support: If the smartphone has biometric capabilities, you can allow the biometric to be used as the reauthentication
mechanism.
•
Windows 7/8, Mac OS/X, Linux automated login: Logins for Windows 7, 8, Mac OS/X, and Linux can be automated without
having to modify the system.
•
BitLocker: Full disk encryption systems such as Microsoft BitLocker run in a pre-OS environment. Since no software needs to
be installed for Injector to work, even these passwords can be automatically managed and sent to the system by Injector.
•
FIDO U2F: Injector Enterprise comes with a FIDO U2F authentication server that you can deploy on-premises. Easy integration
into your corporate web sites allows you to provide the best security for authentication using public key verification. Note: this
requires use of Chrome browser.
•
Backup and restore: Corporate credential sets can automatically be backed up in encrypted containers that are locked to the
user’s Injector password. If an employee loses her smartphone, she can be up and running fast with a simple restore of the
backup to the new smartphone.
SYSTEM COMPONENTS
•
•
•
Injector Enterprise Server deployed as a virtual
appliance
Injector app on employee-owned smartphones: iOS,
Android and BlackBerry native.
Injector USB device: Carry on keychain or use micro
form-factor.