Hideez Server for Fast and Secure Enterprise Authentication
WHY?
In a digital world, meeting compliance and regulatory standards, as well as improving ability to detect insider threats describes the company’s ability to scale and compete. Access points and environments are constantly changing. Perimeters under control are disappearing, user populations are mobile and outside of the network walls. Traditional identity and access management (IAM) controls are no longer enough in today’s dynamic digital environments. Companies are no longer confident about who has access to what and should they have that access.
FIDO Passwordless Authentication introduces open and license-free standards for secure, worldwide authentication over the Internet:
- 100% protection against phishing attacks
- Minimization of the ‘human factor’ influence
- Reducing password management costs
- Improving employee productivity
WHAT?
Hideez Enterprise Server is a FIDO2 / WebAuthn server & SAML 2.0 Identity Provider that delivers passwordless FIDO2 authentication and two-factor authentication (FIDO U2F) across corporate applications & websites in an environment of numerous workstations, users, and devices.
Within the Hideez Authentication Service, the server allows users to log in to corporate services using hardware authenticators (e.g.Yubikeys or Hideez Keys) or platform authenticators integrated with the employees’ smartphones, tablets, or laptops (Touch ID, Face ID, and Windows Hello, etc.), federates associated endpoints, and stores digital identity information.
HOW?
FIDO2 / WebAuthn is a new open authentication standard supported by browsers and many large tech companies such as Microsoft, Google, etc. The FIDO2 authentication process eliminates the traditional threats associated with using a login username and password, replacing it with the passwordless login experience. The technology is based on public/private cryptography, allowing users to validate their identity without sharing a secret between the user & platform. As such, FIDO authentication protects against common online attacks such as phishing and man-in-the-middle attacks.
The verification can be done via PIN code on the FIDO security key, biometrics, or other factors that securely verify your identity. You can read more and see the list of supported browsers and websites in our blog post about FIDO2.
SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, called an Identity Provider, and a SAML consumer called a Service Provider. Besides the fact that SAML authentication helps to prevent users from remembering logins and passwords, this technology allows IT administrators to manage only one pair of user credentials for all applications.
If your application is a SAML 2.0 Service Provider you are ready to add an extra layer of security with Hideez IdP, enable 2FA and use Hideez security keys or your own platform authenticators. The SAML IdP uses the HES identity store or Active Directory enabling authentication and providing federation for such service providers. Hideez Enterprise Server supports SAML 2.0 login, logout, single logout and metadata. Both SP Initiated and IdP Initiated sign on is supported.
After deploying a Hideez Enterprise Server, enterprise admins can:
- Integrate HES with existing LDAP to manage all entry points in the directory of IT resources
- Upload the list of users into LDAP and allow Authorization via LDAP
- Manage user roles including privileged access management
- Manage physical security keys or platform authenticators
- Manage (issue, change, deliver) passwords remotely
- Delete or block existing authenticators from the ecosystem remotely
- Export and import data
- Comply with NIST and PCI-DSS Standards
Minimum system requirements:
Cloud Hideez Enterprise Server
Google Chrome v.58 +, Microsoft Internet Explorer v. 11.0+, Microsoft Edge.
Local Hideez Enterprise Server
OS:
- Windows Server 2016 x64, Windows Server 2019 x64
- CentOS 7, 64, CentOS 8 x64
- Ubuntu 18.04 x64, Ubuntu 20.04 x64
Misc:
- Static IP
- 4 GB of RAM
- 4 GB of disk space
- MySQL server 8.0
Platform authenticators (devices supporting biometric authentication with Face ID / Touch ID / Windows Hello):
- Windows 10 (any browser)
- iOS 14.5+ (any browser)
- macOS (Chrome and Safari web browsers)
- Android (Chrome browser)
Hideez hardware security keys:
- Windows 10/11 (Password management, passwordless FIDO authentication, OTPs, Proximity-based authentication, pre-programmable RFID tag for physical access)
- Windows 10/11, Android 8+, macOS, iOS 14.5+, Linux (passwordless FIDO security key - hardware-based authentication)
Benefits
- Strong authentication that does not rely on shared secrets.
- Compatibility with popular existing enterprise infrastructure solutions. Perfect supplement for existing MFA, SSO, Enterprise Mobility Management, Cloud Solutions, IAM, or PAM, etc.
- HES management console giving enterprise administrators authority and visibility over workstations, users, and their authenticators.
- Hideez security keys are universal hardware security keys providing for secure password management, 2FA, proximity-based authentication, and passwordless authentication based on FIDO standards. A built-in RFID tag can be pre-programmed to turn the key into a smart card for physical access.
- A customizable mix of hardware and platform authenticators
- 100% protection against scalable phishing and man-in-the-middle attacks.
Enterprise Risk Management
- Hideez Enterprise Server monitors and manages all users and authenticators
- Privileged access for Privileged Users with a Hideez security key or platform authenticator
- Easily Implemented and Accepted. Users are self-educated.
- Easy and convenient way to change/replace credentials and reduce Login time.