FastPass enterprise password manager covers the important password manager processes for self-service of passwords with a compliant and secure process for the facilitated password reset process in the service desk. The results are high productivity and ease-of-use for all types of corporations

Self-service os passwords

How do you help users handle the issue of forgotten and locked passwords? In modern work-life, they want to log-in 24 hours 7 days a week. Most companies don’t have continued availability from the IT service desk due to cost.

The answer is a password self-service.

When it comes to self-service of passwords for all users FastPass Enterprise Password Manager is a complete choice. To be successful in user adoption many details must be present:

  • Enrollment: FastPass can enforce the majority of users to enroll. For users and situations where forced enrollment is impossible, an automatic email based enrollment service will invite and get the remaining users on-board. FastPass covers all types of passwords (Windows / SAP/ Oracle / IBM i, etc.)
  • Access from all types of devices and situations. Even from a locked PC on a domain or even from an external network. Smartphones and tablets have special needs that must be covered as well (BYOD)
  • IT security must be protected by flexible choices for authentication from users. Single and 2-factor authentication can be specified depending on the situation. The user can choose between standard questions, individual questions, SMS contact, private e-mail contact, code-cards, and other methods. FIDO authentication is planned for coming release.
  • It is important that end-users individually and easy can use their native language – with more than 20 languages FastPass can accommodate most users.

Security and compliance of password processes

When users forget passwords, they call the service desk to get a new password to get back to their work. It happens every day many times in most service desks. But how does your service desk prevent that passwords are passed on to a wrong individual? Do you have a password reset manager assisting the service desk?

According to a Service Desk Institute research, 35% of organizations do not have management decided process – each analyst must make his own. Does this make us secure?

Current password self-service solutions rely heavily on traditional forms of authentication, particularly security questions, with only 7% of implemented solutions offering more innovative authentication methods.

FastPass Enterprise Password Manager offers a complete vision and solution for the password reset process based on the following basic components:

  • The majority of end-user password problems must be handled by the end-user through FastPass self-service of forgotten passwords
  • The few remaining manual calls must then be managed in a compliant process based on manager defined process. It must never be possible for a single person in a service desk to do a password reset directly to Active Directory or any other user repository. FastPass Password Compliance Manager controls the agent´s actions – and the process must be monitored. All authentication steps must be defined in FastPass, and a 2-person process can be forced for the users’ with access to highly sensitive applications. All actions are of course registered for monitoring purposes.

Solutions for all large organizations

FastPass covers the important password manager processes for self service of passwords with a compliant and secure process for the facilitated password reset process in the service desk. The results are high productivity and ease-of-use for all types of corporations.

FastPass covers all types of passwords (Windows / SAP/ Oracle / IBM i, etc.). FastPass supports Active Directory and Azure Active Directory users.

Choose FastPass password reset solution

FastPass for Active Directory

FastPass for Active Directory lets you start with an advanced and automatic platform for Windows Active Directory passwords. You can later add functionality as your requirements increase. Reach 90%+ adoption rate with forced enrolment and rich authentication options.

FastPass covers Active Directory, Multi-AD, Multi-forest AD, Azure AD, Hybrid Azure AD.

FastPass for SAP

SAP password reset tool for Self Service or Synchronize:

  • Easy to use self-service portal for all instances
  • Supports all SAP variations, and an unlimited number of SAP instances
  • Functionality as FastPass Enterprise
  • Synchronize AD passwords to SAP passwords

FastPass for Oracle

Oracle reset password portal and synch for end-users:

  • Easy to use self-service portal for all systems
  • Supports all Oracle variations, and an unlimited number of Oracle systems
  • Functionality as FastPass Enterprise
  • Synchronize AD passwords to SAP passwords

FastPass for IBM

Password synchronization or password reset for IBM i series, IBM Z and RACF:

  • Easy to use self-service portal for all systems
  • Supports all Oracle variations, and an unlimited number of Oracle systems
  • Functionality as FastPass Enterprise
  • Synchronize AD passwords to SAP passwords

Want more information about FastPass products, pricing or anything else?

We are here to help you!

FastPass Compliance Manager

Even in good self-service implementation around 5-30% of users can’t for various reasons do self-service and will call the service desk. The service desk produces a PIN-code for enrollment to the FastPass self-service. After the enrollment then the user can do a compliant password reset.

Companies must decide how the PIN-code can be double checked and delivered to the end-user. The point is, that it must not be possible for a single person alone in the service desk to decide how to authenticate the end-user and deliver the PIN-code to a calling person! All steps related to the PIN-code must be logged as part of the defined authentication and delivery process. We recommend that service desk assistants should no more have privileged access to the users’ passwords in Active Directory.

Ideal and realistic password compliance relies on:

  • The majority of users use self-service when a password is forgotten
  • No privileged rights for AD password reset to the service desk
  • Assisted password reset is either:
    1. a predefined authentication process performed by the agent controlled by FastPass
    2. A predefined 2-person process controlled by FastPass

FastPass Enterprise Password Manager facts

FastPass delivers strong authentication
FastPass invites and enforces all selected users to enroll
Even passwords on remote PCs’ cache can be reset
FastPass can work with multiple AD and Forests
Integration with service management systems
Enabled for visually impaired persons (W3C Web A.G.)
Support for some end-point encryption solutions
Different processes for different user groups
HelpDesk client to support the service desk employee when assisting end-user calls
Password reset for different password types: SAP, IBM, iSeries, Oracle, Google, special passwords
Password synchronization for different password types: SAP, IBM, iSeries, Oracle, Google, KMD

Security for FastPass Password Manager

The security of a software application does not only depend on the software; but also on the complete security of the IT-infrastructure. When it comes to IT-infrastructure FastPassCorp cannot dictate to customers how to configure. We will however promise that we in documentation and consulting recommendations will inform how you can configure your IT-system to protect your FastPass data and processes in your infrastructure.

Don't have time now?

Get a copy of "How FastPass is made secure for you?" and read later!

Protecting the integrity of data

  • Using SSL to connect to AD makes the communication secure. Requires Security Certificate where encryption is RSA with key 2048 or 4096 bits.
  • Internal system encryption is based on AES256 which is the strongest with .net
  • Sensitive data are stored in the database using encryption is based on AES256 which is the strongest with .net.
  • User data can be hashed in addition to encryption to completely protect user data.
  • All sensitive data such as the users’ answers and questions are all AES 256 Bit encrypted.
  • The FastPass TrackEngine makes sure no one can intercept and repost data.
  • Internal communication from Front-end to Back-end to Gateway is only possible using trusted SSL certificates and only from selected IP addresses
  • Password can be stored encrypted (AES 256Bit Encrypted) in the FastPass Database. This enables a set of features to tighten security regarding password history. For example the minimum number of differences to any previously used password.

Protecting the Windows PC Client

Windows Client has three security levels to prevent any intruders:

    • URL restrictions. The client will only communicate with the FastPass server
    • Keyboard restrictions
    • Process restrictions (Level 1 imposed by Windows, Level 2 imposed by the Windows Client C and .Net level code)

Preventing access to user’s FastPass account

  • Notification to the user of authentication attempts using Question/Answers
  • A user cannot answer the same challenge question twice or have the same answers
  • FastPass always checks if a user is still enabled and active in AD before the user can use FastPass (FastPass does not enable users)
  • After 3 failed attempts users are locked in FastPass (not in AD), Service Desk assistance is needed to unlock the account again.
  • CAPTCHA protection against robotic attempts is included.

The Best Practices for security and protection of FastPass access will include the following actions:

  • The fundamental component is the installation of FastPass WEB-services in DMZ.
  • Hardening of the DMZ-server according to the FastPass Hardening documentation
  • Demand 2-factor authentication for users coming from WAN
  • User notification of password reset
  • Notify users via SMS and e-mail that their FastPass account has been used – eg. when authentication fails.
  • Use only SSL/TLS versions that are PCI-Compliant

For extra secure environments, the following aspects can be evaluated

  • Only allow access to through the Windows Client on remote PCs (Blocks the browser interface)
  • Demand remote devices to present a trusted device/user certificate
  • Allow Enrollment only from the LAN
  • Limit the IP address scope allowed on the WAN-side

Want more information about FastPass products, pricing or anything else?

We are here to help you!

Scroll to Top