SysOp Service Provides Identity Management Self Service in Active Directory Environments
- By Dian Schaffhauser
SysOp Tools is launching a new Web-based service that allows users to manage password changes. Password Reset Pro, which works on Windows domains, provides an identify management portal for Active Directory, allowing users to change or reset passwords and unlock accounts.
"As part of maintaining proper ... infrastructure security, most [organizations] enforce regular password changes on employee logon accounts," said Kurt Lewis, CEO. "The problem with this is employee users rarely know when their password will expire and unexpectedly lose access to resources--often at the most inconvenient times. The employee must then call the IT help desk to have their expired password changed or their locked out account unlocked."
The new service, which can be branded by the user organization, provides administrative auditing to track daily Web portal account activities for regulatory compliance needs. In regards to specific PCI compliance requirements, a reason must be entered by the user when unlocking his or her account via the portal, which is then sent to the administrator in real time and also captured in the daily log. The administrator can also see which domain users haven't enrolled in the portal, reset a user portal ID, and ban accounts from using the portal.
The self service Web portal can be deployed on a non-domain DMZ Web server (extranet), and connects to the internal service server (intranet) via an encrypted port. Port connectivity uses an RSA authentication handshake, and communication between Web portal server and internal service server is blowfish-encrypted. All components can be installed on a single server for use in smaller environments.
All sensitive user data resides in Active Directory only, and portal administration is managed through a separate internal secure application. No user account data or passwords are stored on the Web front end portal server, registry, or extra databases.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.