Identity Management Solutions
- Home
- Solutions
- Identity Management Solutions
Access Control
Let the right people and devices in — keep the wrong ones out
Control Which Endpoints Access Your Networks and Resources
The rise of identity theft and data breaches as the result of using weak passwords strongly suggests single-factor methods of authentication (i.e. user name/ passwords) are no longer a sufficient security control. Two-factor authentication is now essential to protect organizations’ sensitive data.
GlobalSign Two-factor Authentication Solutions
GlobalSign’s strong authentication solutions utilize digital certificates for convenient and secure certificate-based and token-based two-factor authentication for the protection of enterprise networks, data, and applications, including:
Domain Controller Server & Machine Certificates
Mobile Devices
Smartcard Logon
Cloud Services
USB Tokens
VPNs, Gateways & WiFi Networks
Prevent Malicious or Rogue Machines from Accessing Corporate Networks
Just as organizations need to control which individual users have access to corporate networks and resources, they also need to be able to identify and control which machines and servers have access. Implementing certificate-based authentication means only machines with the appropriate credentials can access, communicate, and operate on corporate networks.
GlobalSign’s Auto Enrollment Gateway offers organizations an easy and cost-effective way to deploy and manage Digital Certificates for machine and server authentication.
Serving as a connector between an organization’s Windows environment and GlobalSign’s Issuing CA, enterprises can leverage the registry information stored in Active Directory to automatically issue template-based and optionally configured certificates to all machines and servers residing within a single domain or multiple domains in a single or multiple forest configuration.
Benefits of GlobalSign’s Machine Authentication Solution
- Prevent rogue machines from accessing corporate networks and resources
- Identify which machines and servers have access to various networks
- Allow mutual authentication between machines
- Cost-effective and scalable for organizations of all sizes
- Active Directory integration allows for automatic enrollment and issuance of certificates
Mobile Authentication
In many respects, mobile devices are no different than remote PCs when it comes to requiring strong authentication to securely authenticate users to enterprise networks, such as WiFi and VPNs.
Certificate-based authentication via GlobalSign’s Managed PKI platform provides an easy and cost efficient solution that allows organizations to balance employee desires to access email and corporate data on the go, and the need to protect unauthorized access to key business applications.
Enhance Mobile Security with PKI
PKI is a known and trusted security technology that organizations have been using for decades to authenticate users, machines, and servers within their organizations. Expanding PKI to devices creates an easy to implement and cost effective identity management solution for devices.
Benefits of utilizing Digital Certificates for Mobile Authentication
- Only verified users are granted access to corporate resources
- Set up does not require extensive IT support
- Set up is non-intrusive and easy for the end user
- Quick and cost-effective to implement
- Certificates easily managed in GlobalSign’s Managed platform – issue, renew, and revoke from one portal
- Integration is available with today’s popular MDM/EMM platforms including Microsoft Intune, AirWatch and MobileIron Cloud or Core
- Enables employees to BYOD (Bring Your Own Device) or use Corporate-owned devices to securely access company applications
Control Access with Token-based Authentication
Two-factor authentication to networks using certificates stored on USB tokens or smart cards reduces the risk of breach compared to relying on passwords alone. Using a physical device to store authentication certificates provides the added protection of storing the certificate’s private keys on tamper-resistant tokens, meaning the cryptographic operations are now isolated and insusceptible to any attacks on the operating system.
GlobalSign’s Auto Enrollment Gateway allows enterprises operating in Windows environments to leverage existing information in Active Directory to instantly issue certificates to USB tokens or smart cards. Using Windows Certificate Services, when users log onto their computers for the first time, they are automatically issued certificates based on their group policy assignment and the certificates are automatically installed on the token or smart card.
Benefits of GlobalSign’s Token-based Authentication Solution
- Enhance existing security measures – stronger than passwords alone
- Cryptographic operations are protected and separated from attacks on main operating system
- Active Directory integration allows automatic certificate enrollment and silent installs
- No involvement needed from the end user
- Scalable and cost-effective and for organizations of all sizes
Add Another Layer of Security to Cloud Services
The shift to cloud services comes with additional security considerations that two-factor authentication using digital certificates can address. As recent highly-publicized breaches indicate, organizations can no longer rely on passwords alone to protect sensitive data and resources stored in the cloud. Using Digital Certificates deployed via GlobalSign’s Managed PKI solution as a second authentication factor provides much greater control over which users and devices have access.
Benefits of GlobalSign’s Cloud Authentication Solution
- Provides additional layer of security – stronger than passwords alone
- Minimal involvement required from the end user after certificate is installed
- No tokens or other additional hardware needed
- Certificates easily managed in GlobalSign’s Managed PKI platform – issue, renew, and revoke from one portal
- Same certificate can be installed across multiple devices (e.g., laptops, tablets, smartphones)
- Cost-effective and easily scaled to meet high volume needs
Control Internal and External Access to Corporate Resources
As the corporate perimeter continues to expand, protecting high stakes data residing within the private network has become increasingly imperative. Identifying which users have access to particular resources only partially addresses the security challenge. Organizations must also implement measures to strongly identify both individual and machine users residing both internal and external to the network.
Implementing strong authentication using Digital Certificates issued from GlobalSign’s Managed PKI platform provides organizations a cost efficient and easy method to implement two-factor authentication to resources accessed internally by users and machines, as well as externally by remote users. Control which users and machines can access your networks and resources via VPNs, Citrix Gateways, WiFi networks, and applications without the need for tokens or other additional hardware.
GlobalSign’s Auto Enrollment Gateway allows enterprises operating in Windows environments to leverage existing information in Active Directory to instantly issue certificates to USB tokens or smart cards. Using Windows Certificate Services, when users log onto their computers for the first time, they are automatically issued certificates based on their group policy assignment and the certificates are automatically installed on the token or smart card.
Benefits of Certificate-based Authentication
- Prevents unauthorized access and enhances current security
- Seamless experience for end user
- No additional hardware (e.g., tokens) needed
- Cost-effective and scalable for organizations of all sizes
- Certificates easily managed in GlobalSign’s Managed PKI platform
IoT Device Certificates
Every IoT endpoint needs a device identity - Generate strong, unique and immutable device identities
A strong, unique and immutable device identity plays a key role in PKI-based IoT security. It serves as proof of an endpoint’s authenticity by securing authentication, encryption and data integrity, and by protecting the device throughout its lifecycle.
- Store certificates in a secure, centralized depository
- Customize certificate profiles and templates to tackle tough IoT authentication requirements
- Protect Devices and Supply Chains from Emerging Threats
Every IoT device identity has a lifecycle.
The Ideal Tool to Manage your IoT Device Identities. The GlobalSign IoT Identity Platform enables IoT Device Identity Lifecycle Management no matter where or when the device is put into service. It:
- Encourages security by design best practices
- Provisions digital identities before, during or after IoT device deployment
- Accelerates automated provisioning (auto enrollment)
- Secures over the air (OTA) updates
- Facilitates renewals and ownership transfers
- Enables revocation services, end of life decommissioning or repurposing
- Provides certificate database reporting