Introduction

Accops HyID is an Identity and Access Management (IAM) solution to safeguard critical business applications and data from internal and external threats. HyID gives enterprises strong control over endpoints, enabling contextual access, device entry control, and a flexible policy framework.

Using this cornerstone solution, enterprises can now easily meet their Authentication, Authorization, and Audit (AAA) needs.

Pronounced as "HighID,” HyID provides the following benefits:

1. Out-of-the-box Authentication and Authorization
2. Multifactor Authentication (MFA) for any application, including Biometric MFA
3. Context-based access control
4. Integration with AD, LDAP, Novell, Radius, SAML IdP
5. Single Sign-On based on SAML OAUTH
6. Audit trail
7. Tokens: SMS, Email, Mobile App, PC, Biometric
8. Push Notification for PC and Mobile

HyID - A Key to Multiple Locks

The out-of-the-box MFA is compatible with all modern and legacy cloud and on-prem apps. It enables strong authentication based on OTP delivered via SMS, email, app, biometrics, and device hardware ID & PKI.

The Single sign-on (SSO) feature provides better security and convenience.

Using HyID, enterprises can monitor the security posture of the endpoints, including BYOD devices, and grant or deny access based on real-time risk assessment. With HyID in place, the system can generate alerts if a user's access to any corporate application breaches the set risk thresholds.

HyID provides actionable intelligence, enabling organizations to detect and prevent identity thefts and misuse of privileged rights. Detailed audit logs on who accessed, what, when, and how to enable compliance with regulatory norms.

Accops BioAuth, a module of HyID, is a biometric authentication server that provides fingerprint and face authentication solutions. BioAuth can quickly enable biometric-based multi-factor authentication for any corporate application, PC, or laptop.

Organizations can choose between fingerprint and facial-based authentication or bring their fingerprint scanners and use BioAuth to manage the biometric data capturing, enrollment, identification, and authentication of users. BioAuth’s flexible workflow enables the maker-checker process for user onboarding possible in any complex organizational structure. BioAuth provides support for multiple fingerprint readers as well as Microsoft Windows WinBIO.

BioAuth integrates out-of-the-box with Accops HySecure (a Secure Remote Access solution) to enable strong MFA for remote users. When integrated with Accops HyID, BioAuth can be used for any corporate application that supports Microsoft Active Directory or the SAML protocol for authentication.

HyID Solution Architecture

While HyID can seamlessly work with HySecure (ZTNA Solution) and HyWorks (VDI DaaS solution), it can also provide quick and easy out-of-the-box Biometric, MFA, and SSO based client-based or clientless authentication to any legacy and third-party application.

This solution architecture diagram clearly shows how HyID works as a credential provider, authentication proxy, and Radius server for APIs and other applications.

Let us quickly understand the main components of HyID.

1. Auth Proxy: This is a specialized form of authentication that allows a client application to connect to the directory using its own identity and then perform operations on behalf of the user to access the target directory.
2. AD/LDAP: An ADS (Accops Directory Server) is a proxy between an Application Server and an Active Directory. It can also be called the Lightweight Directory Access Protocol (LDAP) proxy or S-LDAP server. The ADS module acts as a proxy server and adds an extra authentication layer, such as Multi-Factor Authentication (MFA). The MFA option can come in various types, like mobile tokens or push notifications.
3. RADIUS Server: RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
4. Device Control: This engine involves implementing policies and measures to manage and control the use of devices within an organization's network. It includes monitoring and regulating the connection, access, and usage of devices such as computers, smartphones, tablets, or other endpoints.
5. Single Sign-On: Single sign-on (SSO) is a service that enables users to use a single set of login credentials to access multiple applications. SSO simplifies the management of multiple credentials for organizations and individuals.
6. OTP 2FA: SMS or email-based Two-factor Authentication (2FA) directly involves the user's phone or email. After entering a username and password, the website sends a unique One-Time Passcode (OTP) to the user via text message or email. Like the hardware token process, the user must input the OTP into the application to gain access.
7. Biometric Auth: Biometric authentication verifies an individual's identity using unique biological characteristics. It compares physical traits to stored data to confirm authenticity. If the biometric data matches, authentication is confirmed. Biometric identification uses traits such as fingerprints and facial recognition to help verify a person's claimed identity.
8. SAML IdP: A Security Assertion Markup Language Identity Provider ((SAML IdP) is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML).