- Web Based management console
The DualShield Management Console is accessed through any standard Web browser. With its rich web GUI, system administrators can easily manage groups, units and users, tokens, policies and configurations anywhere at any time.
- Native LDAP/AD integration
DualShield delivers true native LDAP support for direct integration with LDAP directory servers such as Active Directory and Open LDAP. Native LDAP support does not require change to the database schema, does not require import from the database and does not require synchronization. Any changes made to the external user directory are immediately effective in DualShield in real time.
The DualShield Management Console provides a built-in, fully-featured LDAP/AD browser which enables the system administrators to manage LDAP/AD users and their tokens & certificates in a web-based, centralised management console.
- Multi-level user management
DualShield enables system administrators to organize user units and groups and assign them with administrative roles and access control policies. The Multi-level user management increases the efficiency and flexibility of managing users’credentials and access control. DualShield further streamlines user management by integrating with existing user directory, such as LDAP or Microsoft Adctive Directory.
- Full life cycle token management
DualShield provides facilities that enable system administrators to easily manage the entire life cycle of tokens:
- Policy based configuration
Policies control various aspects of your system and your users. DualShield provide a comprehensive set of policies such as Password Complexity, Session Lockout, Token Provisioning and Authentication Policies, that provides the flexibility for the system administrator to configure two-factor authentication on the level of solution and user account.
- Role based administration
This feature enables granular administrative access control down to a user or a group of users. The Role-based access control maximizes administration flexibility and delivers increased security by ensuring that fewer individuals hold the keys to the entire system.
- Auditing & Reporting
DualShield logs all transactions and user activities. Administrators can utilize it as an auditing, accounting and compliance tool. It includes report templates that can be easily tailored to administration needs, including activity, exception, incident and usage summaries.
- Extended Radius Support
DualShield has a built-in RADIUS server that is fully compliant to RFC 2865. It supports an extended set of features such as attribute mappings between RADIUS and LDAP attributes and configurable RADIUS profiles. These features enable granular access control via RADIUS down to users according to their account profiles, attributes and settings.
- Single Sign-On
DualShield provides a fully compliant SAML 2.0 single sign-on server for every web and cloud applications, such as Google Apps, Salesforce and any SAML enabled application. DualShidl SSO enables users to sign on once then access multiple applications without additional logins.
- Self-Service Password Reset
Traditionally, when users’ passwords have been forgotten or compromised, system administrators and help desk have to spend valuable corporate time and money to reset them. With DualShield, not only can users self-enroll for 2-factor authentication, but they can also self-service reset their own passwords at any time.
- Self-Service Web Portal
A self-service console is available for end users to request a variety of services, including requesting for replacement of lost or damaged tokens and issuing on-demand tokens for emergency access. The self-service console can dramatically reduce the call volume into the IT help desk because users are empowered to manage all aspects of their token lifecycles.
- Scalability & High Availability
DualShield is designed to avoid "single-point failure". Customers can deploy multiple instances of the DualShield servers to achieve high availability as well as scalability in the same time.
- Managed Service
DualShield is increasingly being used by Managed Service Providers to provide “Authentication as a Service”. On one single platform, Managed Service Providers can host authentication services for multiple organisations and each organisation has it own private realm for managing their own domains, users, tokens etc.