Shulou(Shulou.com)05/31 Report--

This article introduces you what the mail system OWA two-factor identity authentication solution is, the content is very detailed, interested friends can refer to, hope to be helpful to you.

I. scene analysis

OWA is a Web access function of the managed post office based on Microsoft Hosted Exchange technology, which can directly use the Web browser to read or send email through Internet, manage their calendar address book, tasks and other collaborative office functions, with a high level of security!

Second, problem analysis

1. The password setting is simple, and it is easy to be cracked by the library.

2. The password setting is complicated, and it is very easy to forget the password, which increases the meaningless work of the network administrator.

3. Set up a unified or regular password. Once a single point is broken, it will easily lead to a full-scale crisis.

4. change the password regularly, it is easy to confuse the password and difficult to remember.

5. Making codebooks and storage locations are easy to leak, causing a full-scale crisis

6. when the employee leaves, the password needs to be changed to increase the workload of the administrator.

III. Solutions

Use CKEY DAS for password reinforcement, and you need to do secondary authentication when logging in. The results are as follows:

"user name + static password + dynamic password = successful login"

IV. Business system authentication process

Certification prerequisite:

Enable Radius module or call CKEY HttpsAPI interface on business system

Complete Radius docking or API docking with CKEY DAS authentication server

Login process:

The user enters "user name + static password + dynamic password" to access the target host

The target host simultaneously sends the user name + static password to the enterprise user source for static authentication through Radius Client or API, and sends the user name + dynamic password to the CKEY DAS authentication server for dynamic authentication.

User source and CKEY DAS provide feedback on authentication respectively.

Access can be successful only if and only if the user source authentication and CKEY DAS authentication are passed at the same time, otherwise the login fails

5. Introduction to CKEY DAS

CKEY DAS (China Science and Technology Henglun two-factor authentication system) is based on the standard Radius protocol and TACACS+ protocol, provides identity authentication, authorization and audit for network devices, business systems and operating systems, and supports API and SDK docking mode to meet all mainstream scenarios.

VI. Product architecture

VII. Access method

VIII. Authentication methods

Authentication mode

Dynamic password authentication

Code scan authentication

Fingerprint authentication

Face authentication

Ukey certificate authentication

Presentation mode

SMS token

Sweep token

(software token built-in function)

Fingerprint meter

Face recognition

Ukey token

APP token

PC token

Hardware token

WeChat Mini Programs token

Nail token

Note: you can choose one or the other, or you can combine it in many ways!

IX. The technical principle of OTP

The eight advantages of CKEY DAS

one

Deployment is simple and flexible

Without changing the network topology, bypass access the authentication server to facilitate access to the network, and it is very convenient to set up authentication service clusters, load balancing under working conditions, and hot standby immediately after a single point of failure.

two

There are various authentication methods.

Support SMS authentication, APP authentication, Mini Program authentication, nail authentication, hardware token authentication, fingerprint authentication, face authentication, U disk certificate authentication and other authentication methods, but also can be used in combination.

three

Rich business scenarios

Support routers, switches, VPN, firewalls, gateways and other network devices, support OA, CRM, ERP, finance, personnel, Web applications, virtual desktops and other business applications, support Linux, Windows, Unix and other operating systems

four

Rich sources of users

Support AD, LDAP, DataBase, and other user sources for fast docking and reduce management costs

five

Flexible policy management

Different management policies can be set for different users, different groups and different roles, with flexible configuration and convenient management.

six

Improvement of log audit

Record system operation log, API authentication log, protocol authentication log, terminal authentication log, authorization log, etc., and effectively supervise the operation.

seven

Rich ways of docking

Ckey-DAS supports standard Radius and Tacacs+ protocols, supports all devices of this protocol, and supports the integration of SDK and API, which basically meets all business systems of the enterprise, and also supports source code integration in special cases.

eight

Self-service is powerful

Users can activate the binding authentication service by themselves according to the prompts of the administrator, so as to improve work efficiency and reduce management costs.

11. Applicable Brand

CKEY DAS can perfectly connect Microsoft ExChange OWA, Sharepoin, OA, ERP, Kingdee, HR, CRM, SAP, oracle, Zhibang International, Yuyou and other mainstream business systems, and has been highly certified by hundreds of enterprise customers.

On the mail system OWA two-factor identity authentication solution is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.