F A Q S
The MyPass platform offers a wide variety of
integration, security and user interaction features.
The following section answers the most common
questions that we get asked by customers and
prospective customers. For further details please
email [email protected] or [email protected] or
visit the Contact Us section for direct-dial
F A Q S
The MyPass platform offers a wide variety of integration, security and user interaction features. The following section answers the most common questions that we get asked by customers and prospective customers. For further details please email [email protected] or [email protected] or visit the Contact Us section for direct-dial numbers.
The MyPass platform provides standard integration into various credential repositories. These include:
MyPass requires the deployment of a secure MyPass gateway server installed on the customer premises. The server facilitates the encrypted exchange of information between the customer environment and the cloud-based MyPass platform, and encrypts all communications using SSL certificates.
Customers are required to provide the following hardware and software configuration information for the onsite MyPass gateway:
- A physical or virtual server running Windows Server 2012 R2 Standard.
- A minimum specification of 1x CPU, 4 GB RAM and a 60 GB operating system partition.
- SSL internet access to the MyPass cloud platform.
- IP Address NAT from the internet on port 443 to the gateway server.
- DNS record for the public IP address.
- SSL certificate that matches the DNS record for secure communications.
MyPass was designed as a highly secure system, protecting companies’ and users’ confidential data from unwanted and illegal breaches. The system’s built-in security protocols and external monitoring gives a customer full confidence for business-critical corporate password self-service use. Additional technical information is included below, with more detailed information available on request.
The MyPass gateway and MyPass platform require SSL to connect to onsite credential repositories to guarantee secure communications. This requires SSL certificates with a minimum 2048-bit or 4096-bit RSA encryption key.
All internal system and database encryption is based on AES256, the highest available standard in the Microsoft .Net framework.
Sensitive data relating to end-user enrollment questions, personal data and solution configuration data is stored in the database using AES256 encryption.
All sensitive data such as users’ answers and questions are AES256 encrypted by default. For security compliance at the highest level, user information can be hashed (in addition to encryption) to completely protect user data.
The MyPass Track Engine ensures that data between the client’s browser, the MyPass platform servers and the company credential repository, cannot be intercepted or re-posted.
Internal communication from front-end to back-end to gateway is only possible using trusted SSL certificates, and then only from pre-defined IP addresses.
Password can be stored encrypted (AES 256) in the MyPass database. This further tightens security for password history (for example, manages the minimum number of differences allowable to any previously-used password).
The Windows client has three security levels to prevent intrusion:
URL restrictions: the client only communicates with the MyPass server.
Keyboard restrictions: the client only allows certain key combination during a password self-service request, removing the ability to circumvent the client’s security.
Process restrictions: all transactions within the client are sandboxed at code level to ensure complete security. Level one transactions are imposed by Windows while level two are imposed by the MyPass Windows client.
Notifications of authentication attempts or password resets (including 53 other optional notification templates) are sent to the user.
A user cannot answer the same challenge question twice, or have the same answers to questions.
MyPass always checks if a user is still enabled and active in AD before the user can use the service (MyPass will never enable users that are disabled in the target repository).
Users are locked out from MyPass (not Active Directory) after three failed verification attempts. Helpdesk assistance is required to unlock the account.
CAPTCHA protection can be added to protect against robotic intrusions.
Optional two-factor authentication can be implemented for specific user groups.
If required, detailed information about security and governance regarding the solution can be provided through engagement with the Integralis Architecture team. This information (including technical and governance procedures) is not publically published for security reasons. For more information contact [email protected] or [email protected].
MyPass supports various international languages as a standard. These include English, Spanish, Portuguese, German, French, Dutch, Welsh, Danish, Swedish, Norwegian, Italian and more.
The once-off deployment cost on Active Directory and any connect system will be determined by the complexity of your environment.
In addition, a monthly subscription fee per user per system is charged at a fixed ZAR based price.