Menu
Your Cart

HID® DigitalPersona®

Advanced Multi-factor Authentication Using Your Access Control Credential

As we all know the use of technology is an integral part of success in business today. Super-fast internet, cloud computing, mobile phones and tablets are underpinning a global phenomenon of reliance on technology. So much of what we do at work now happens online. It is therefore not surprising that cybersecurity issues are making frequent headlines in the wake of recent and repeated hacks and leaks from large corporations; victims even include household brands like Boots, Virgin Media, and Tesco Clubcard. It is estimated that the cost of breaches, identity theft, and other cybercrimes will double, from $3 trillion in 2015 to $6 trillion by 2021. 

If you find yourself using a username and password this is simply no longer effective, particularly against phishing and spear phishing and credential stealing malware. This is where an authentication package like HID® DigitalPersona® will be a better defense against unauthorized access. HID® DigitalPersona® deploys Multi-Factor Authentication (MFA) so that if your password has been compromised (the only factor needed to gain access to your network) then a second or third factor is needed. 

To make it very easy, your access control card could be used as that additional factor via a cheap desktop reader on your desk. Due to the overwhelming growth in technology, there is a greater need to keep data safe. After all, if you are using physical access control systems to lock the door, why would you keep the windows open?

Read more about how HID® DigitalPersona® closes every gap in user authentication for business of all sizes and our further blog posts on this subject. We have included a comprehensive resources section at the end including a video demonstration.

HID® DigitalPersona®  - an incredibly flexible, low-cost solution

DigitalPersona® closes EVERY gap in user authentication for organizations of all sizes

In addition to the traditional set of authentication factors – WHAT YOU HAVE, WHAT YOU ARE, WHAT YOU KNOW – the HID® DigitalPersona® solution offers complete protection using risk-based analytics. This adds WHAT YOU DO (user behavior), WHERE YOU ARE (GPS location, IP address) and WHEN YOU ACT (time frame). Now you can choose the right level of protection for every application, for every user and every system.

When compared to limited authentication methods, DigitalPersona® supports a huge choice of authentication factors to satisfy all use cases, architectures, and compliance mandates to truly give full coverage.

HID® DigitalPersona® will give complete coverage of your IT system

With the growth in cloud adoption, products can understandingly focus on just cloud and single sign-on (SSO) applications and a particular subset of an IT system. But what about your mainframe, client and server logon, desktop client applications, VDA and VPN? Would you lock the door at home but leave the windows open? You may have your cloud secured but what about all your IT assets?

HID® DigitalPersona® addresses this problem by giving full coverage and, in addition, protecting mobile devices and even legacy mainframe apps which may continue to play a role for many. Complete coverage is finally possible in complex IT environments.

HID® DigitalPersona® can facilitate a ‘touchless experience’ for ease of use when logging in

HID® DigitalPersona® factors are so broad that customers can craft a very convenient and touch-free experience when authenticating.

You may want to consider facial recognition or the use of contactless cards for example. With hygiene at the forefront of people’s minds, HID® DigitalPersona® can be configured so users can use their own exclusive personal devices with factors such as OTP devices or Mobile Push Notifications. For some users, mobile push notifications can be authenticated via facial recognition. Removing time-consuming layers and facilitating a touchless experience are real options to explore.

HID® DigitalPersona® takes away any complexity and makes it easy for users to adopt

‘Complexity’ and ‘lack of staff to manage’ are very often the number the barriers to adoption. HID® DigitalPersona® takes the complexity away with a human-proof solution. By offering the widest array of authentication factors, including BYOD, organizations can genuinely adopt strong authentication factors without the fear of user adoption. The flexible toolset simplifies administration with features such as self-service password recovery to reduce the burden on administration.


HID® DigitalPersona® facilitates ease of installation and rapid adaptability

With HID® DigitalPersona® you can leverage your existing IT infrastructure and deploy in ‘weeks’ rather than months. This is due to the flexibility HID® DigitalPersona® offers in certain areas such as:

  • Leveraging industry authentication interface standards such as SAML, ADFS, Azure AD, FIDO.
  • Facilitating ease of integration with existing IT infrastructure. No proprietary tools are needed to learn, manage, or administer the system.
  • No weighty solution requirements are needed such as application modifications, new server installation and configurations. Includes a comprehensive DigitalPersona® API.
  • Common administrative and user interfaces providing visibility to the entire authentication landscape via a single lens.

Converged Access Control

To meet the growing security needs of today’s organizations, Physical Security and IT are aligning their objectives to reduce both risks and ensuring greater convenience with users by having one card for both applications.

HID® DigitalPersona® can explore using your existing physical access control credential as an authentication factor with its flexible portal of credentials. 125khz proximity, 13.56Mhz and ISO7816 contact smart cards can be integrated.


Choose between 2 packages:




Option 1 - HID® DigitalPersona® Premium 

PREMIUM KEY COMPONENTS
HID® DigitalPersona® Logon for Windows

- Provides fast and secure device logon

- Includes behavioral and contextual risk-based policies

HID® DigitalPersona® Client DigitalPersona® Console with Enrollment, Policy Engine and Core

- Connects to HID® DigitalPersona® server for enrollment, authentication and policy enforcement

- Provides tools for user enrollment

HID® DigitalPersona® Mobile Enrollment Client- Offers strong attended enrollment on a Windows mobile platform to onboard users in disconnected mode
HID® DigitalPersona® Password Manager

- Enforces strong MFA for Windows, web and legacy apps

- MFA unlocks username/password to fill in authentication forms

- Includes password randomization and self-serve reset

HID® DigitalPersona® SAML SSO Portal

- Allows for app integration using SAML protocol

- Provides browser-based SSO Portal for accessing SAML enabled apps

HID® DigitalPersona® Access Management API

- MFA authentication SDK for custom app integration

- Native SDK – interfaces include C, Java and .NET

- Web services interface – for integration with web apps

- Eliminates the need for password-based authentication

SERVER MODULES
HID® DigitalPersona® Server Policy Engine and DB (AD or LDS)

- Creates, distributes, and enforces MFA policies

- Acts as a central repository for user credentials

HID® DigitalPersona® RADIUS VPN Extension - Provides two-factor authentication for remote access
HID® DigitalPersona® SAML Identity Provider- Allows users to authenticate at an identity provider (IdP) and then access apps without additional authentication


PREMIUM INTEGRATION OPTIONS

A rich array of integration options – from native integration to SAML to our own industry-leading password manager – helps to ensure that all applications are covered.

  • Integration of SAML enabled applications
  • SSO application portal on both Window and mobile platforms
  • Customers option to remove all passwords
  • Comprehensive HID® DigitalPersona® API management enables tightly integrated implementation
  • Full scalability across on-premise and cloud services
  • Secure and convenient authentication application overlay
  • Allows customers to quickly provision apps without modifying source code
  • Out of the box integration with Windows logon
  • Includes all factors including contextual and risk-based
  • Up to 3-FA, any combination



   Option 2 - HID® DigitalPersona® Logon For Windows

CLIENT MODULES
Composite Windows Logon

- Provides fast and secure device logon

- Includes behavioral and contextual risk-based policies 

HID® DigitalPersona® Client HID®DigitalPersona® Console with Enrollment, Policy Engine and Core Components

- Connects to HID® DigitalPersona® server for enrollment, authentication and policy enforcement

- Provides user enrollment or attended enrollment for both desktop or WEB tools

HID® DigitalPersona® Mobile Enrollment Client- Offers strong attended enrollment on a Windows mobile platform to onboard users in disconnected mode
SERVER MODULES
HID® DigitalPersona® Server Policy Engine and DB (AD or LDS)

- Creates, distributes and enforces MFA policies

- Acts as a central repository for user credentials

HID® DigitalPersona® RADIUS VPN- Provides two-factor authentication for remote access
PRODUCT FEATURES & SPECIFICATIONS
Centralized Management- Active Directory – Set security policies for domain users and groups using Group Policy Objects (GPOs)
Web Administration Console- Administer HID® DigitalPersona® LDS and AD users with DigitalPersona® LDS backend infrastructure
Multi-factor Authentication for Windows Logon

Authentication Factors:

Know: Windows password, PIN, recovery questions

Have: OTP, contactless cards (HID iCLASS memory cards, MIFARE Classic 1k, 4k and mini memory cards) and Seos, smart cards (PKCS11 and CSP-compatible), proximity cards (HID 125 kHz), and Bluetooth devices. Tokens. FIDO U2F Key, Apple Watch, FIDO2 e.g. HID Crescendo Key and C2300 card

Are: Fingerprint, Face authentication, Lumidigm® readers

Do: Keystroke Biometric

Where: IP address, Integrated Windows Authentication (IWA)

When: Time frame

Fast Kiosk Access

Shared-User Workstation (“Kiosk”) Logon Control:

Enforce advanced authentication policies for shared workstations (such as walk-up kiosks) where people use their individual credentials to unlock Windows and log into applications. Support for multiple kiosk environments under Citrix/RDP

Self-Service Password RecoveryIf users forget their passwords, they can access their PC by answering a set of predefined questions (centrally managed by IT) or use Web Based self-service portal.
Identity Provider / FederationIdentity Provider (IdP) supports Azure AD for Microsoft 365 and ADFS. Or ADFS extension for Fingerprint, Face, FIDO, or OTP
ReportsGenerate, view and schedule preconfigured activity and status reports for users and applications from a centralized location
Client Software Operating SystemWindows 10, Windows 8.1 (desktop mode), Windows 7 (64-bit), Windows Embedded Standard 2009 (requires .NET 4.5), Windows Server 2012, 2016, 2019, and Linux (select thin clients)
Server Software Operating SystemWindows Server 2019, 2016, 2012 and 2012 R2
VDI (Virtual Desktop Infrastructure)XenApp (server) 6.5, XenDesktop 6.2 and 7, Receiver and Online; Plug-In 11 and 12, VMWare View and VMWare Horizon


Typical Configurations…

HID® DigitalPersona® Hosted in the Azure Cloud

For customers that have opted for a cloud-based Azure model, with (1) or without (2) an on-premise Active Directory, HID® DigitalPersona® SSO for Office 365 fits like a glove. It can be hosted in an Azure instance to provide multi-factor authentication or Office 365 apps as well as the extended set of SaaS apps supported by Azure.

1) HID® DigitalPersona® Server Hosted in Azure, On-premise AD

2) HID® DigitalPersona® Server Hosted in Azure, No On-premise AD

3) HID® DigitalPersona® Server Hosted in Azure with full Application Coverage

HID® DigitalPersona® Server On-Premises Deployment Options

Customers have the option to install the HID® DigitalPersona® Server on-premise to provide composite authentication protection for Azure SaaS applications. HID® DigitalPersona® supports customer configurations using either (4) Office 365 Federation or (5) Microsoft Active Directory Federation Services (AD FS). In either case, DigitalPersona® can be extended to provide full application protection with the addition of an endpoint client.

4) On-Premise Server Deployment, Office 365 Federation

5) On-Permise Server Deployment, Microsoft AD FS



RESOURCES CENTRE

White Papers

HID® Advanced Authentication Buyers Guide

This document was created to aid you in your selection of an advanced authentication vendor and help ensure that your choice is the right one for your organization.


Securing the Enterprise with Advanced Adaptive Multi-Factor Authentication

This paper describes how organizations can secure credentials from theft and misuse, by employing advanced adaptive multi-factor authentication technologies.


Considerations when Choosing the Best Strong Authentication Approach

This white paper will explore the variables that should be considered when choosing the best authentication solution for your organization

Brochures

HID® DigitalPersona®

Through diverse authentication options to pick and choose from, forward-thinking organizations can provide users with a fast and secure Windows® Logon as well as VPN access, web, mobile and cloud applications.


HID® DigitalPersona® Premium Package

HID® DigitalPersona® Premium builds on the fast and secure Windows® Logon and VPN access found in HID® DigitalPersona® Logon for Windows, adding advanced integration options to secure all applications, systems and networks.


HID® DigitalPersona® SSO for Microsoft Office 365

Introducing a promising new solution to the multi-factor authentication — HID® DigitalPersona® Logon for Windows

Awards and Reports

InfoTech Research IAM Customer Experience Report

Tech’s Category Reports provide a comprehensive evaluation of popular products in the Identity and Access Management market. This buyer’s guide is designed to help prospective purchasers make better decisions by leveraging the experiences of real users.


InfoTech Product Scorecard

The Product Scorecard is a comprehensive report designed to help clients make better purchasing decisions.


Techradar Best identity management software of 2020

Read the following report ranking the best authentication software of 2021 making it easier to manage and authenticate users with single-sign-on (SSO) processes for accessing apps, and so help prevent unauthorized access to systems users should not be able to use.


Info-Tech Research Group Emotional Footprint Report for IAM 2020

latest report comparing and evaluating Identity Access Management (IAM) and framework of policies and technologies for ensuring that an organization has the appropriate access to technology resources.

Case Studies

Kawasaki Thermal Engineering Co Ltd

Please read the case study how KTE implemented HID® DigitalPersona®’s strong, multi-factor authentication (MFA) software with biometrics to secure access with proof of presence.


Phoenix Police Department

Please read this case study to explore how HID® DigitalPersona® provides the Phoenix Police Department personnel with quick, secure access to criminal records while in the field and in the office.

Videos

Watch the demo video

Please watch this 15 minute video exploring the rich features of HID® DigitalPersona® in a desktop environment.

We use cookies and other similar technologies to improve your browsing experience and the functionality of our site. Privacy Policy.