Here is another company I’ve been watching for awhile. They have a strong set of authentication tools in their v-GO product suite, but I think the Credential Manager (CM) may be their shining star. It solves a real problem: application of a variety of strong authentication credentials to a complicated enterprise.
Supporting strong authentication credentialing has several challenges associated with it. First, there is a need for universality. Not all organisations use all of the same authentication approaches, even within the organisation itself.
Anything that does not support a wide variety of authentication tools is not a good choice. Moreover, some organizations have both primary and secondary authenticators in case the primary authentication support is not available. Both need to be supported.
Second, provisioning can be difficult to accomplish, manage and document in large enterprises. Any credentialing system needs to be able to interact with provisioning systems.
Finally, administration needs to be as simple as possible, and the back-end needs to be as straightforward and universal as possible. v-GO CM can use either Microsoft SQL Server or Active Directory.
That means it bolts on to your existing user management system or, if you don’t have one, into a standard SQL database product. The product supports PKI as well, if required.
This system is loaded with features for users, administrators and help desk engineers. Although the v-GO CM system has such user-friendly features as self-service, credential updating and first-time personalization, when the help desk is needed, there are a lot of serious features to speed the user support process along.
For example, help desk engineers can terminate/revoke a user’s credentials or can deactivate/reactivate temporary credentials. Users, of course, can be managed remotely, including authentication methods, user workflow and roles.
Like most large-scale authentication systems, v-GO CM requires quite a bit of setup. The product is pretty well complete out of the box, but you need to set up what Passlogix calls workflows. These workflows define the ways that users and administrators, including help desk engineers, interact with the system.
Workflows come in three types: centralized, self-service and hybrid. Centralized workflows refer to those that administrators and help desk personnel use. Self-service workflows are those that apply to the users.
Hybrid workflows are, as the term implies, a combination of the two. Most organizations will develop hybrid workflows that let administrators do what the users either cannot do or should not be doing.
Part of the setup process includes assigning users to the types of workflows that relate to them directly. Another part is mapping users — or user roles — to the appropriate authentication device which can include a very wide variety.
The obvious devices include smart cards and biometrics, but question and answer authentication also is supported. Proximity cards may be included, forcing strong authentication for physical as well as logical access.
The v-GO CM supports both one-time password (OTP) and strong authentication service (SAS) environments. For OTP systems v-GO CM requires only a web server. There are no client-side agents needed. RADIUS servers are supported. SAS systems take advantage of multifactor authentication, such as a combination of smart card, PIN and biometrics.
I found the v-GO CM to be a clear winner, especially because it is able to integrate cleanly with a variety of different authenticators, identity and directory combinations. This, probably, is its strongest benefit.
Where I was a bit disappointed was in the documentation. The documentation for this product is extremely complete as far as it goes. However, all of the readily available documentation (included with the product and on the excellent Passlogix website) uses the example of smart cards to guide implementation.
Since there are many other modes in which the v-GO CM can be used, I would like to see a set of technical application notes that guide the prospective purchaser through the intricacies of other types of implementations.
Pricing for this product is very reasonable, starting at US$40 per user, and support is first rate. Overall rating, if you want a highly flexible card management system, the Passlogix v-GO CM is just the ticket.
What it does: Provides multiple authentication credential management in a single package.
What we liked: Flexibility, comprehensive support for many types of authenticators, identity and directory combinations - easy to use, especially for end-users.
What we didn't like: Technically and operationally, this product exceeded expectations. However, because of its high flexibility and the number of ways it can be implemented, we would have liked to see a far more comprehensive set of documentation, perhaps in the form of technical notes addressing the various ways the product can be deployed.
How do you get these authenticators all talking to your network? The answer is v-GO Credential Manager from Passlogix.