beautypg.com

0 managing a smart card with 4tress aaa server, Managing a smart card with 4tress aaa server – HID Crescendo C1150 Administration Guide User Manual

Page 97

background image

HID Global Crescendo C1150 – Administration Guide

November 2013

Page 97 of 115

© 2013 HID Global Corporation. All rights reserved.

8.0 Managing a Smart Card with 4TRESS AAA Server

The 4TRESS AAA Server for Remote Access (the AAA Server) is a strong RADIUS,
TACACS+ and IEEE 802.1x authentication server that maps to your LDAP directory to
provide strong user authentication services for a wide range of access points.

AAA stands for:

Authentication - accepts or rejects user authentication requests based on stored
credentials and/or one-time passwords.

Authorization - controls user access based on the appropriate attributes transmitted to
the network remote access point (VPN, firewall, router etc.,)

Accounting - stores information concerning user activity while connected remotely
(connection times, data transfers etc.,)

Users authenticate through the AAA Server with smart cards, hardware and software tokens,
USB keys, mobile devices, PDAs, (and optionally, with static or static LDAP passwords).

A secure remote access solution, the AAA Server enables you to protect the following
network access methods:

Web access

Remote access via dial-up

Remote access via VPN

Remote desktop environments (Microsoft Windows and Citrix®)

SSL VPN

Wireless LAN access

The Crescendo C1150 card is initialized with 4TRESS AAA Server Administration Console to
add the one-time password (OTP) capabilities.

When the card is initialized, it can be issued (assigned) by the:

Administrator using the AAA Server Administration Console or the Web Help Desk.

End user using the self-assignment feature of the AAA Server Web Self Help Desk.

The cards can then be managed by the:

Administrator (or help desk operator) using the AAA Server Administration Console or
the Web Help Desk

End user using the AAA Server Web Self Help Desk, which provides services such as
Unlock PIN and Synchronize Device.

Users can also use and manage the card on their workstation with the ActivClient middleware
(to generate OTPs, change the PIN code and import certificates).

See also other documents in the category HID Equipment: