|
Key Features:
Multi-platform support
Bulk account processing
User modes help desk
Security manager
Account creation is optionally template
driven
Uses Microsoft Window‘s standards, giving
a consistent look across all platforms
Fully extendible with pre- and post-
processing scripts
Powerful report generator
Subscriber database which is ODBC, LDAP
and X500 compliant
Audit trail & Archiving
- Full audit journal showing who made what changes to whom
- Sensitive data obscured
- Ability to ‘Track’ accounts - e.g. pick an account and track the
history of changes through time
Reporting
Full archive of account at pre- post- update transaction
Secure
- Encryption of sensitive data when:
- transmitted through network
stored in access control files
SSL
256 bytes encryption key
Client / Server Authentication - using installation key and
hardware address
Logon User Authentication via application username and password
Support HP Unix trusted systems
Clusters
Domains for tasks delegation
Templates provide easy means of creating
accounts with ‘standard’ workgroup settings
- Single workgroup template provides multi-platform support
Templates can auto-apply ‘unique’ function
Templates can auto-set nominated pre- and post- processing
scripts for higher degree of control over customizations
Pre- and post- processing scripts provide
high degree of customization
X-UAF Maestro OpenVMS scripts
Transactions can be validated with customer specific checks
Output messages displayed in log window
Transactions can be rejected by customer validation
Choice of Interfaces
- Simple ‘single user’ interface for help desk
Full functionality interface for system manager
Full enquiry and reporting Interface for security manager
Enhanced reporting features for reports manager
Account Manipulation
- Greatest user account manipulation of any product
Sorting / filtering on any field
Reporting (on servers or databases)
Bulk-Create, bulk import from text file prior to bulk create
Template driven and multi-server create
Multi-selected accounts updated as single transaction
return to top of page
ACCOUNT GENEOUS
has a number of features that
grew from user’s requests as well as perceived business needs. It is
therefore much easier for users to learn to use ACCOUNT GENEOUS, because
the solution was adapted by listening to customers. Here are a number of
such features:
1. Domains
ACCOUNT GENEOUS implements and is able to use extensively the concept of
‘domains’. Each server when created can be assigned to a domain. Later,
the users of ACCOUNT GENEOUS will be restricted through their profiles
to access information only from selected domains. The domains can be
used also to describe the subscribers, and an ACCOUNT GENEOUS user will
be restricted to work on the subscriber accounts from these domains.
2. Clusters
The concept of ‘clusters’ helps to add a higher level of automation to
user management. When the user groups some servers in the same cluster,
each change on one of the servers can be intercepted and propagated to
the other servers of the same cluster thus ensuring always the same
configuration for the servers of that cluster. This model applies
naturally to a HP Cluster but can be used without restriction of
platform.
3. Subscriber Database
The usage of the subscriber database gives the user a powerful tool for
the integration of real data about the company’s employees and their
platform accounts. The subscriber database contains records of these
employees, and can even be linked to the company’s employee database.
The record will contain also information about the account names, id’s
of the user on different platforms. An ACCOUNT GENEOUS user can then be
forced to work always with the information for that subscriber, ensuring
this way consistency and a strict link between real users and their
accounts. Disabling a user from the subscriber database will
automatically disable all his accounts, all the accounts will belong to
real employees, are just a few aspects of this mechanism.
4. Accounts Security
Some of the platform accounts are vital for the system, like the
administrator accounts and some application specific accounts etc.
ACCOUNT GENEOUS can establish a list of such accounts that will not be
modified. The same mechanism is implemented for groups. The handling of
these lists can be also delegated to certain ACCOUNT GENEOUS users
through their profiles.
5. Data Refreshment
If there are many users of ACCOUNT GENEOUS, even by establishing
specific domains and such mechanisms, it could happen that two users
would work on the same set of accounts. To ensure accurate data being
shown to each of them, before each action of a user, the working data is
refreshed from the server, thus presenting always the most actual
information to the user.
6. Profiles
All the rights for ACCOUNT GENEOUS users are set in the profile given to
the user. These profiles fine tune each possible action a user can do,
allowing or restricting access to certain displays, fields, accounts,
servers.
7. Password Settings
Each Geneous user access is protected by his own password kept
(encrypted) in the Geneous server database. This password can be set to
expire in a certain time and the user forced to change it regularly.
There is also the option of using an external login for the ACCOUNT
GENEOUS users. This way a user will have the same password for logging
in to Active Directory (for instance) and to start ACCOUNT GENEOUS, and
the password policy will be handled by the corresponding domain
controller.
8. Protection
All the communications through the ACCOUNT GENEOUS system are protected
using SSL with configurable encryption (minimum 196 bit recommended).
9. Data Context
A single user can work on different sets of servers at the same time by
simply starting another browser on the same machine. This mechanism will
give the user the sensation of having multiple instances of ACCOUNT
GENEOUS running, but without the drawbacks of the resource hogs.
10. Creation with default values
Creation of new accounts may be presented with certain fields already
filled with default values. Servers may use specific defaults, but the
templates usage implements a higher level of flexibility. A special
template can be implemented which will automatically fill values when an
account is created from the subscriber database.
11. Scripts
Before and after every action, platform-specific scripts can (and can be
enforced to) run on the server and on the agent side. These scripts can
do specific checking, write down specific messages, send users
(subscribers) information about the action through emails - and much
more.
12. Multiple modification
Accounts can be created all at once, starting from a list filled with
default values. In a similar way, some fields of the accounts can be
modified on many accounts at once. These values can be modified before
the bulk creation/modification of the platform accounts is actually
done. This way updating the office address of a group of users, or
creating a new group of employees becomes an easy task.
13. Fields specific format
Certain fields of an account should have a specific format, like the
telephone number. Some other should be composed from other fields, like
the description from user names and address. This can be automated by
entering simple validator rules in a very natural manner, and the
records of the accounts will always have the desired and fixed look.
PDF downloads:
Web Identity Management with Single Sign-on (SSO)
ACCOUNT GENEOUS -SSO
module:
Single sign-on allows an enduser to access
all his systems and applications, where he has access permissions,
without the need to enter multiple passwords. The SSO module
enables the enterprise to fully leverage the benefit of the Account
Geneous solution and provides users with true single sign-on: with a
single userid and password. Account Geneous-SSO is designed to
take advantage of the Account Geneous infrastructure in order to
minimise the overhead normally associated with a SSO implementation from
other vendors. This module may be installed as an additional option when
implementing
Account Geneous
Web Password Management
Password Synchronization
Password Geneous-Sync (PGS) module:
Password Synchronisation across multiple platforms and applications
provides enhanced security and saves helpdesk costs. The same password
is used for access to all platforms & all applications using best
security policies & password changes are automatically propagated. Users
no longer need to maintain lists of passwords. PGS does not require
significant implementation work other than linking userids together
according to editable mapping rules or to the subscriber-based mappings.
This module may be installed on its own or implemented with
Account Geneous
Password self-Reset
Password Geneous-Reset (PGR) module:
Password Reset software- user self-reset of passwords to enhance
security and save help desk calls. Users can reset their passwords
without helpdesk intervention in multi or single-platform environments.
Resets are enabled via a browser-based self-help utility. This module
may be installed on its own or implemented with
Account Geneous
Workflow
Geneous is currently developing a more
complex workflow module, based on the web services technology. This will
make it BPEL compliant, and is being developed in close co-operation
with customers to ensure functionality meets the requirements. The
delivery date of BPEL workflow support is estimated H1 2005.
GENEOUS SOFTWARE
provides Identity Management (IdM and IAM) solutions to increase
enterprise security with enhanced access control and improved
efficiency. Authentication, role and rule based access control (RBAC),
database and directory integration and reduction in helpdesk calls are
all provided with the implementation of GENEOUS solutions. The ability
to implement the solutions quickly in order to provide a rapid return on
investment (ROI) is a fundamental part of the GENEOUS design. The
scalability and ROI provided by Geneous solutions makes them ideal for
enterprises from a few hundred employees to tens of thousands.
return to top of page
|
|
|
|
 |
|
