Two-factor authentication

Tools4ever’s Self Service Password Management has always been available with a web interface, in order to allow users to reset their Active Directory passwords from an intranet or via the web. On the basis of a number of simple, predefined questions end-users can reset their password. Although this has been widely adopted in mostly educational establishments, some form of two factor authentication has been requested by many of our corporate customers.

On the 18^th of February we released SSRPM Security Module, which adds two-factor authentication via email. Two-factor authentication (TFA or 2FA) means using two independent means of evidence to assert an entity's identity to another entity.

When a user logs onto the Active Directory domain for the first time following an SSRPM deployment, as well as answering a question set configured by the administrator, they will also be asked to supply a private email address. If an end user should subsequently forget their password, they can answer the challenge questions in the standard way. However, before they can reach the final stage and submit a new password, they must first enter the PIN emailed to their private address. This scenario illustrates the basic parts of most two-factor authentication systems; the "something you have" + "something you know" concept.

Two-factor authentication secures the web interface already. But we intend to extend this even more by enabling the forwarding of PINS to mobile phones by SMS. Watch this space for further information!

Keeping Active Directory Clean

One of the issues that frequently arise, especially in larger organization, is the need to provide contractors, consultants and temporary employees with access to network resources and email.  The concept of automating the lifecycle by integrating with a Human Resource system breaks down because these types of employees are rarely entered there.

We have solved this dilemma numerous times for companies by implementing a web-based workflow.  The hiring manager access an internal web page and completes the relevant information  - name, department, type of employee, expected length of service, etc. Once the form is submitted, the IT or helpdesk can review the information and process it automatically. An email is delivered back to the hiring manager with the username, email address and initial password. 

The key element here to keep AD clean is the expected length of service date.  As that date approaches a notification can be delivered to the manager asking if the date should be extended. If yes, the manager clicks on a link in the email and can enter a new end date. If no, the process automatically disables the user on the last day of service. A manger can also be given an option to disable or terminate immediately if the person has already left. 

After sitting in a disabled status for a period of 60 to 90 days, the record can automatically be purged from AD.  Implementing a process like this saves time, potential licensing costs and increases security all while making life easier for the OIT department.

To learn more about this application of Identity Management and many others, please visit our website;

Manage Outlook Office Assistant without direct access to the mailbox

A common situation in organizations: an employee is ill and absent for a long period of time and his/her Outlook Assistant is not activated. Result: e-mails are not answered, poor service and angry customers.

Because of data protection, it is not possible to turn on the Outlook Office Assistant without direct access to the mailbox. Another employee must be aware of the login credentials of the absent worker to read e-mails, forwarded e-mails and turn on the Outlook Office Assistant.

That can create an insecure situation. However, this situation can be easily resolved with Out of Office Manager Tool (OOMT) by Tools4ever, http://www.tools4ever.com/products/out-of-office-manager/.

With OOMT, administrators or helpdesk personnel can turn on Outlook Office assistant wizard without logging into the mailbox of the user. This task can also be delegated to departments, even without additional admin rights.

It is also possible to integrate OOMT in Tools4ever’s User Management Resource Administrator (UMRA) in order to make a connection with the HRM system of the company. The HRM system keeps up with employees that are sick, on vacation or on business trip, and when an employee leaves the organization. Thanks to this integration UMRA can automatically install the Out of Office Assistant and also forward e-mail so they can be answered.

Professional handling of email traffic in your organization is guaranteed.