Secure Access Control
- Two-factor authentication by matching device and user
- Self-service access portal for registering device and for managing login
- Administrative tools for access control and device approval
- Multiple enrollment options
- No storage of Active Directory credentials on mobile device
With LyncShield, users can connect from external networks without compromising the organization’s network. Our solution is based on a two-factor authentication requiring identification of both the device and user, which assures Active Directory protection.
The username and password are not stored on the mobile device, minimizing the exposure of the corporate network. LyncShield’s solution offers the following advantages:
- Two-factor authentication: Uses the smartphone as something you have and the password as something you know.
- Custom login: Protects corporate passwords by defining custom login credentials exclusively for Lync (AD credentials are not stored on mobile device).
- Access portal: Supports two-step registration of users as well as administration tasks, such as approving devices, blocking users and tracking the registration process.
Device Registration Options
Lync Access Control supports various enrollment options:
- Automatic registration – The device is registered when the user connects to Lync for the first time. Once registered, Lync Access Control verifies during subsequent synchronizations that the connection is in fact being attempted by the registered device. Any attempt to connect, using the same credentials, from a different device is blocked automatically.
- Two-step registration – A tighter security approach, which requires users to first register on a dedicated Access Portal and then connect within a short period (defined in the portal configuration). Authentication can be performed against the user’s AD credentials or by using custom credentials that the user creates on the Access Portal (that are different from their AD credentials). The custom login option offers a high level of security, as AD credentials are not stored on the mobile device. This is useful for organizations that use smart cards for network access.
LyncShield Self Service Access Portal
Lync Shield includes an admin website called the Access Portal for tracking the user registration process, approving blocked users, deleting users, changing registration site settings and more.
For enterprise installations with multiple domains, the admin site can be managed separately for each domain, allowing each helpdesk to manage the users.