Overview
KeyShield SSO is the fastest and most versatile SSO product in the world.
While traditional solutions are able to process thousands of requests within a minute we are able to do that within a second. Honestly.
Our unique concept is built on the real SSO ServiceProvider/
REST API
API offered by KeyShield conforms to REST guidelines. Thus it enables you to quickly implement KeyShield into your system. In most cases, your programmer should be able to do it within one working day.
You can use the API to query which user is authenticated on a given IP address. For security purposes, the API can be configured to require API key that proves that the connected system is genuine.
LDAP Viewer
Simple LDAP viewer is also part of the admin console. You can use it to quickly browse through your LDAP directories.
It offers basic filtering and searching functionality.
SAML 2.0
KeyShield fully supports SAML and that provides efficient way to connect systems that conform to SAML standard such as Google Apps, Salesforce or Microsoft Office 365.
Clients
Clients are available for all major platforms - Windows, Linux, Mac, iOS, Android and Blackberry.
KeyShield client handles all authentications required by desktop, mobile or browser applications. You can also quickly check the current state of your KeyShield login - green icon indicates that you're connected to the KeyShield server and authenticated, yellow means that you're connected but not authenticated and red means that you're not connected to the KeyShield server.
KeyShield SSO Engine
KeyShield SSO server is able to run virtually on any Java platform. It is a pure enterprise Java application.
Full support is available for Linux and Windows, though we recommend using appliances for VMware and XEN.
Security
Yellow Message
So-called yellow message functionality can deliver prompts to the screens of logged-in users. Such a message is hard to miss and does not go away until the user accepts it. Addressee of the message can be a specific user or a whole subnet.
This function is especially suitable for passing information about network maintenance, etc.
Advanced Logs
Detailed logs are accessible online with robust filtering options. This allows you to pinpoint details about every event that happens within KeyShield system - regardless of whether it happened in API communication or if it is a client event.
Embedded DS
The embedded ApacheDS is included for all customers without any own directory as well as for users staying outside the company internal system. You can also combine embedded DS with LDAP connectors.
Connectors
Common LDAP connector can be used virtually with any LDAP directory available on the market. We provide dedicated connectors for Active Directory and eDirectory to get maximum profit out of their specific features.
You can connect multiple directories at once - in case when some information is in one of them and some information in another of them. You can also switch on load balancing to distribute requests among directories.
Radius Accounting
Radius Accounting becomes a de facto standard for SW & HW network appliances.
KeyShield can act as a RADIUS Accounting client - we inform active network elements (FortiGate, Cyberoam, SonicWall, SmoothWall, LightSpeed, LiteSpeed, etc.) about the identity of the user.
Or it can also act as a RADIUS Accounting server - whereas it obtains information about the identity of the user from a firewall or WiFi access point after successful authentication into VPN.
Admin Console
Administration Console, accessible through web browser, offers large variety of available configuration options of KeyShield SSO server.
You can configure all LDAP sources and other authentication connectors here as well as available client interfaces.