Entrust GetAccess™

Features & Benefits

Entrust GetAccess™ delivers a single entry and access point to Web portal information and applications. It serves as the springboard for Web services and provides authentication and authorization for XML and Web services data. Supporting the broadest range of authentication methods and user devices available today, Entrust GetAccess makes it possible for organizations to personalize services, content and data for the diverse needs of a varied user community.

Providing a personalized experience using authorization and authentication is key to building effective online relationships. Entrust GetAccess is a key solution for Identity Management. It provides robust access controls for intranet, extranet and federated portal content applications and Web services environments.

Entrust GetAccess delivers enterprise-scale performance without sacrificing security.

Flexible per-processor pricing

In today’s economically challenging and uncertain times, Entrust has taken the lead in Extranet Access Management by introducing an unlimited user, per-processor pricing model that enables customers to purchase what they need today with the flexibility to add incremental capacity as required for supporting more applications and users. Entrust gives customers the comfort of limiting risk upfront and deploying the required processors to enhance performance with minimal upfront cost for both software and customer support.

Secure Identity and Access Management

Identity Management is the management of digital identities and their associated transformations into profiles, user credentials, access rights and authorization from initial creation, and as they are provisioned and managed through the entire user lifecycle. Using Entrust GetAccess as part of the Entrust Secure Identity Management Solution enables one identity and security profile to be used across the entire infrastructure through centralized provisioning, workflow, auditing, reporting and self-service capabilities.

Broadest range of authentication methods

Entrust GetAccess has the industry's widest selection of authentication methods. Customers are able to balance the level of security with the cost and complexity of deployment using any of the following authentication options:

  • Username and password
  • External LDAP repository
  • Browser Certificates (X509.v3)
  • Random number tokens
  • Microsoft® Windows Integrated Login
  • Entrust IdentityGuard™
  • Entrust TruePass™ digital IDs
  • Microsoft® .NET Passport
  • SAML
  • Smart cards and/or USB tokens

Entrust GetAccess is also an approved solution under the U.S. Federal Government e-Authentication Federation Initiative. U.S. government agencies can use Entrust GetAccess to help control access to sensitive resources and provide an improved online experience for government employees and citizens.

Open and Interoperable Using Leading Standards Including SAML

Standards in Web-based products help to give greater confidence in the ability of a product to integrate with existing and future technical environments. Entrust is a leader in standards, both in terms of proposing them and working with the standards community to make them real, as well as implementing them in Entrust products. Entrust GetAccess incorporates standards such as:

  • SAML
  • SPML
  • XACML
  • OCSP
  • XML
  • SOAP
  • SSL
  • LDAP

Entrust GetAccess now supports fully conformant interoperable SAML 2.0 identity federation capabilities to provide seamless integration with an organization's Web partners and affiliates to allow Web SSO deployment to more closely mirror the requirements of business partnerships. The Security Assertions Markup Language (SAML) 2.0 specification is an important addition to Entrust GetAccess. It provides a standard way to define user authentication, authorization and attribute information in federated cross-domain Web and Web Services communications, and provides features such as user initiated online identity federation, privacy of identity, and session management across disparate domains. Entrust was an early founding member of the Organization for Advancement Structured Information Sciences (OASIS) technical committee on SAML and continues to contribute to the standard's development. In addition, Entrust continues to be a leader in next generation standards like XML, OCSP, SAML, and WS-Security.

The eXtensible Access Control Markup Language (XACML) rules based standard ensures that policies within other applications that are based on XACML can be integrated into the GetAccess Policy Engine.

Easier Administration and Deployment

Entrust GetAccess increases the ability to delegate administration across business units and partners. Delegating user administration appropriately helps to improve efficiency and scalability by reducing complexity. Delegating management across business units and partners can reduce IT workload and staffing with the goal of cutting overall IT costs associated with supporting the Web portal. Entrust GetAccess delivers the ability to set arbitrarily deep levels of delegated administration within a given deployment, providing maximum flexibility to organizations.

To further ease deployment and lower administration costs, Entrust GetAccess contains a more simplified Entrust GetAccess Runtime plug-in so as to contain no business logic at the Web server. This new architecture provides the ability to add new policy decision tools without having to modify the runtime plug-in — saving time and resources. Moreover, this release of Entrust GetAccess centralizes all the configuration of runtime data into one file to simplify system management and change control. A graphical user interface (GUI) is available to access the centralized configuration file for editing thereby easing management and administration of runtime logic.

Entrust GetAccess also provides programmatic access to all User, Role and Resource objects via the GetAccess Administration Services Interface; an SPML or Java interface for integration with 3rd Party administration or provisioning systems.

Authorization using Role- and Rule-based Access Control

By centralizing all user authorization functions based on the user identity, role, and the resource or application being accessed, Entrust GetAccess makes it easier for users to navigate to pertinent, targeted information through a personalized menu. The latest version of Entrust GetAccess also includes a new enhanced authorization capability based on XACML (an XML-based standard for access controls). This new feature enhances the existing rules- and roles-based access controls to restrict access to portal resources based on context-sensitive policies. This includes, for example, the ability to restrict access to specific services based on the time of day or authentication method presented at login.

Performance without sacrificing security

Entrust GetAccess provides centralized session management that controls user sign on, administrative timeouts, idle timeouts and activity logging. On session termination ALL session activity is terminated even across domains. Many Portal security vendors require custom development to implement the concept of Single Sign Off, without this development user sessions are NOT properly terminated across domains and are thus subject to attack.

Entrust GetAccess delivers true multi-domain support. The resources in secondary domains are protected and managed just as securely and effectively as those in the primary domain. Centralized Session Management is leveraged across all Internet domains.

Entrust GetAccess provides sophisticated intrusion detection capabilities out of the box. An administrator defines thresholds for failed login attempts as well as a list of security personnel to inform if a potential attack is attempted. Then, if a cracker attempts to break into an account, the system will immediately lock out the targeted account(s) and notify the administrators that an attack is being attempted.

Entrust GetAccess will not only track all such activity centrally, but will also log all suspicious activity so that auditors and security administrators can perform detailed and rigorous analysis to determine where, when, and how often attacks take place.

This release of Entrust GetAccess is the first of its kind to use FIPS 140-2 compliant Entrust Software. Specifically, this means that all encryption is performed using FIPS compliant algorithms (AES or Triple-DES) and that all crypto-functions (encryption, decryption, key generation and management) are handled using a FIPS-certified crypto-kernel.

Single Sign-on and Single Log-off across Enterprise and Federated Domains, Applications and Web servers

Entrust GetAccess provides single sign-on across applications within the enterprise and across domains either leveraging a single identity domain or federated identity domains.

Proven reliability with large-scale deployments

Scalable, easily deployed, and easier to administer, Entrust GetAccess can support millions of pages, dozens of applications, hundreds of Web servers, and millions of users. Services can be distributed across any number of servers to allow satisfactory response times and continuous availability for customers around the globe. Entrust GetAccess is deployed to over a million users at client sites to power robust Web portals and used by hundreds more for their Intranet and Extranet applications.

Extensibility

Entrust GetAccess works seamlessly with the award-winning Entrust TruePass security solution. This integration extends the capabilities of Entrust GetAccess to enable digital IDs for enhanced identification and digital signature for transaction verification. The integration is a Web service making it easier and quicker to install and configure. And unlike competitive solutions where multiple product runtimes are required, only the Entrust GetAccess runtime is now required making it easier to deploy and manage.

As part of your extranet evolution, Entrust GetAccess is the quintessential springboard for Web services security. It integrates with the Entrust Secure Transaction Platform and Vordel to ensure that only the right users sending appropriate XML content can access their Web services. Enterprises can leverage their investment in Entrust GetAccess by extending its functionality to secure their XML based integration projects.

Broad Platform Support

From its broad support for users on the most popular Web browsers, to its server-side support for International platforms, Entrust GetAccess is built to deliver authentication and authorization services to a truly global audience.

View integration information