IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Strong authentication

Use a second factor device such as smart card or RFID card to enforce strong authentication.

Authentication policies can vary per user group and per machine group. For example: You can roll out RFID cards to users in one department, smart cards to another group of users, and password only authentication for a third group of users. You can configure some machines with RFID readers and others with fingerprint readers. You can allow users to register more than one second- factor like RFID card and smart card, or to easily switch from one second-factor to another factor. Users can have multiple authentication factors registered.

Complete the following steps to enable strong authentication:
  1. Install the required drivers or authentication device middleware on the workstations.
  2. Create a machine policy that supports the selected authentication factor.
  3. Assign the machine policy.
  4. Register the authentication factor in IBM® Security Access Manager for Enterprise Single Sign-On.

Regardless of choice of authentication factors, you can centrally manage all authentication policies through AccessAdmin. In addition, IBM Security Access Manager for Enterprise Single Sign-On supports device service provider interface, enabling easy integration with serial ID devices.

AccessAgent integrates with the middleware or libraries of the supported authentication devices. As such, user can log on, log off, lock, or unlock AccessAgent with an authentication factor.

Parent topic: Planning for authentication factors

Feedback