Transparent User Authentication
Allows you to easily manage users, delegate roles & enforce internet usage policies
Helps enforce Internet Usage Policy
iPrism offers transparent user authentication that allows you to easily delegate administration roles and manage and enforce Internet usage policy with flexible granularity. iPrism makes web user authentication easy with transparent methodology that allows you to delegate administration roles via group membership to privileges mapping, and have visibility into, manage and enforce Internet usage policy via group membership to profiles mapping.
Active Directory & “Auto-Login”
iPrism Web Security helps you accurately enforce employee Internet usage policy with support for Microsoft Active Directory (AD) services running on Windows Server 2000, 2003 or 2008. Unlike transparent agent-based user identification methods, your Internet usage policy is easily upheld because Windows or Mac users’ identity is not only transparently obtained, but authenticated in real-time, using a secure Microsoft protocol when users are logged into a domain or other realm trusted by iPrism’s configured AD domain controller. iPrism supports redundant domain controllers, one-way outgoing domain trust and hierarchal nested groups, enabling accurate enforcement of your organization’s Internet acceptable use policy.
iPrism’s Auto-Login feature uses Kerberos as the primary user authentication protocol with NTLMv2 as a backup, which enables the client browsers to respond to authentication requests with no intervention by the user.
On-box Kerberos Authentication:
- Is recommended by Microsoft to seamlessly enable user authentication and enforcement of your Internet acceptable use policy.
- Uses a “trusted 3rd-party” schema, so it complies with Microsoft best security practices without domain controller changes
- Is independent of operating systems maintenance or upgradeability concerns, because it doesn’t require a separate server to host agents, or client agents on every managed workstation allowing you to enforce your Internet use policy easily and accurately
Mac OSX Client Auto-Login
Mac OSX 10.4/10.5/10.6 clients can also take advantage of iPrism’s Auto-Login feature. With Active Directory services running on Windows Server 2003 or 2008, you can achieve user authentication by binding the clients to the same domain controller as the iPrism Web Security solution using the Directory Utility. If you do not wish to bind, you can take advantage of Safari browsers’ locally cached credentials after a one-time prompt to the user.
Session-Based Authentication & Proxy Mode
Unique “session-based” user authentication method enables auto-login for multi-user workstation environments such as Citrix or Microsoft Terminal Services to easily enforce Internet use policy uniformly. Users are allowed to maintain their productivity without incessant authentication requests, while administrators do not need to install agent software on servers, ensuring that uniform user-based Internet use policy enforcement is being enabled across your organization.
Novell eDirectory Support for Accurate Internet Usage Policy Enforcement
iPrism Web Security supports Auto-Login feature when using Novell eDirectory as the LDAP server and Novell login clients on user machines.
LDAP Support, Captive Portal & Local Users
iPrism Web Security supports manual login feature via captive portal or basic user authentication when using a LDAP v1/2/3 compliant directory service, including Mac OSX Server Open Directory or OpenLDAP, or Local Users.
In some multi-user workstation environments, it may be preferable to enforce employee Internet usage policy by explicitly request users’ credentials via a customizable user authentication page accessed through a captive portal. Optionally, this page can be sent over secure SSL-encrypted traffic.
For guests or delegated administrators who do not have user accounts defined in an existing domain group, iPrism Web Security allows you to assure enforcement of Internet usage policy by defining local user’s credentials locally.