● before platform independent
● concurrent user licensed
● idP class SSO (Single Sign on) solution
● browser independent
● the world fastest SSO/SLO/RELOGIN - browser independent
● versatile and very easy to implement
OES client for Windows is fully supported in 2 ways. First - once the user authenticates to OES environment, KeyShield proves the user's eDirectory identity with a signed token and authenticates the user automatically. Any change (logout, login) is recognized and followed (if the user logs out from OES, KeyShield does the same). Second - KeyShield SSO client is able to control the OES client - when user authenticates to KeyShield manually or 2FA with a HW token, KeyShield client initiates complete OES client authentication incl. login script processing. If the user logs out from KeyShield, KeyShield client initiates OES client log out. This is very useful for shared computers, kiosks and special application Windows workstations. This is designed for hospitals, schools, government organizations etc.
domain (AD) environment is fully supported in various ways. KeyShield client can read user's identity, use NTLM2 and use Kerberos. Kerberos is also supported on MacOSX registered to domain. Regardless the method used, any change (logout, login) is recognized and followed. Next generation of KeyShield client for Windows is able to authenticate the user and map the user's home directory.
This is designed for shared computers, kiosks and special application Windows workstations used often by hospitals, schools, government organizations.
eDirectory, Active Directory, ApacheDS and OpenLDAP are natively supported. eDirectory is controlled directly through the LDAP interface, customized PowerShell script is generated for Active Directory. Apache DS is a part of the KeyShield server distribution with simplified configuration and user/group management tool. This can be used for external users, development, testing etc without affecting production directory or consuming licenses.
if the user authenticates to VPN or WiFi for example, KeyShield can accept Radius Accounting packets from such devices and authenticate users seamlessly. This work similar to Microsoft or MicroFocus environment integration - once the user authenticates to VPN, KeyShield authentication is automatic and user can acess directly any integrated system.
is today's widely adopted standard for network appliance SSO/SLO - supported by firewalls, web content managers, WiFi controllers, proxy servers etc. KeyShield can login and logout your users to virtually unlimited number of appliances by sending them Radius Accounting packets. Authentication includes transfer of group membership - KeyShield can map directory group membership to firewall group in order to control user's access to the internet for example.
"KeyShieldSSO has become our main SSO solution"
How KeyShield SSO Works
Once you’re authenticated to your favourite directory(eDirectory, Active Directory or LDAP), KeyShield keeps information about your IP address and full name.