Entrust GetAccess is a web access control solution that provides web portal security and identity management. It supports a variety of authentication methods including passwords, certificates, tokens and biometrics. It provides flexibility for the rules enforced for user passwords as well as maintaining password histories.
It uses a role-based access control approach to authorization that also allows granularity in the way permissions are granted. A user can be assigned more than one role and they can be defined to provide a privilege hierarchy. Access control facilities enable the administrator to define policy rules that enable access on a user-by-user basis by time of day, day of week, and so on.
For session management, after a user has been authenticated and authorized, GetAccess manages the user's session from start to finish.
Through a centralized Session Management Service (SMS), it ensures the user can access the web portal within an idle or overall time window that has been pre-defined by the administrator.
Also, when a session ends, all session activity is terminated – even across domains. Thus, it implements the concept of 'Single Sign-Off,' without which sessions might not be properly terminated and are vulnerable to attack. Also provided is a form of intrusion detection in which the system detects attempts to access a user's account through repeatedly guessing the password.
If detected, it will automatically send an alert to an administrator and lock the user's account.
Primarily for web-access control, this product does not provide SSO for workstation or network login.
However, it is possible to support this functionality using third-party products from PassLogix and Blockade Systems, with which Entrust has reseller and partnership agreements respectively.Supported platforms for backend server components are Windows 2000 and Solaris, with Microsoft IIS, Sun ONE/iPlanet, Apache, IBM, Oracle, and Lotus Domino web servers supported across Windows, Solaris, Linux, AIX, and HP-UX platforms. Entrust GetAccess also offers built-in cluster management, which ensures high availability.
Permits the real-time revoking of a user's session at any time.
Supports only web-based resources 'out of the box'. Workstation or network login and access to enterprise legacy applications can be supported indirectly only by using third-party add-ons.
Its comprehensive approach to session management provides a more secure environment for web based resources that complements its SSO functionality.