Imprivata OneSign Physical/Logical Features
Seamless Physical Access Control System Integration
OneSign Physical/Logical has built in integration for Physical Access Control systems:
- Tyco/Software House® - C●Cure®
- Lenel Systems International – OnGuard®
- S2 Security - NetBox™
Identity Mapping – One “Converged” Virtual Identity
Today, identities in physical access security systems and their related access policy are independent from identities and access policy managed on the IT security side of the organization. This creates security gaps, heightening opportunity for threats to enterprise assets.
OneSign Physical/Logical maps identities between physical access systems and IT directories to enable one converged policy for allowing or denying network access based on a user’s physical location and badge events, organizational role, and/or employee status.
Location-based Authentication
To better secure building facilities and conduct employee role calls in the event of an emergency, many companies have anti-tailgating policies which seek to prohibit employees or visitors from gaining entry to a workplace location by following in on the heels of a co-worker who has just badged into a door entry reader.
Unfortunately, anti-tailgating policies are difficult to enforce. OneSign Physical/Logical incorporates a user’s location and building card access events (have you badged into the building or zone?) as a factor when determining authentication to the network, thus improving the ability to enforce anti-tailgating policies.
Using OneSign Physical/Logical, companies can cost effectively enforce anti-tailgating by tying an employee’s network access to use of their physical access card when entering the workplace.
Further still, location-based authentication can be leveraged to apply a finer grain of authentication to sensitive network resources. For example, policy can be applied to determine that only certain groups of individuals, say email server administrators, can only log onto email servers within a secured room after they have first badged into the room.
Instant User Lock-Out
For most organizations, latency between revoking a user’s identity from the physical access control system and deprovisioning their respective IT and VPN directory identities takes days or weeks - - and sometimes never. This creates serious security gaps for protecting company confidential information.
OneSign Physical/Logical closes these gaps. With mapped identities and access policy, when an employee leaves the company and is revoked from the physical access control system, the user is also locked out of access to both the local network and remote VPN - - instantly - - regardless of the user’s identity status in other directories, thus mitigating the threat of former employees accessing network assets with the intent of malice.
Monitoring and Reporting
The ability to monitor and report on who is accessing what, from where, and when is a critical component to demonstrating compliance, both for the purpose of government regulations and corporate governance.
OneSign’s robust monitoring and reporting engine allows organizations to compile the sequence of events between a user’s physical access activities and network use to provide detailed user access reports, and administrator notifications, thus improving the ability to demonstrate regulatory compliance.