SA Solutions for Enterprise   In Production
 
Protecting your network identities  
 
SA Solutions gather available components needed to build your answer to strong authentication deployment.
Those elements rely on the open standard OATH.

Using SA Solutions, Enterprises can deploy strong authentication for a low total cost of ownership.
This is realized through packaged and plug and play solutions adaptable to existing networks and AAA servers.

Our wide range of hardware and software solutions embed smart card technology, mobile phones offering the highest level of security for two-factor authentication. You can choose a smart card, token, Mobile phone usable in a connected or an unconnected environment according to your architectural constraints.
Our software solutions are open, scalable and evolutive.

New Mobile OTP offer that is convenient, secure and available on leading smartphone and phones.      

 

Features and Benefits
One-Time Password (OTP) credentials protection strong authentication solution for Mobile workers who want to access to their enterprise resources: VPNs, mail, web pages, etc.

Multiple Authentication devices (hardware, software) which allow adapted security solution choice

Easy  user adoption (easy to use)

Simple Management and Scalable for customer performance needs (from 1 user to 100K+)

Easy installation for standard configuration (less than 20 min) and integration in existing IT configuration

OTP high-end SA Server devices offer additional authentication methods (PKI, biometric)

Channel-friendly: packaging, provisioning, purchase and license generation

News

SA Server 5.2  Available (June 2011)

  • Support for latest batch PSKC provisioning file

  • Easy OTP V3 "OATH Certified "

Technical Specifications
Authentication methods:
SA Server uses the following methods for main authentication:
   - OATH HOTP (Event based, Time based)
   - EMV CAP (OTP, challenge-response, transaction data signature).
      SA Server is CAP certified.
   - SMS OTP

 

Architecture:
SA Server is a Web application relying on the following Web servers:
   - Apache Tomcat on Windows and Linux,
   - Web Sphere on AIX
   - Any other Web server could be supported through a specific validation.

The chosen architecture allow "High Availability" and "Fail-Over" configuration relying on operating systems, databases and monitoring mechanisms.

 

Databases:
SA Server stores OTP related data and User data if needed (DB mode) in:
   - Firebird
   - MySQL
   - MS SQL
   - Oracle
   - IBM DB2 (Windows or AIX)
   - Any other SQL database could be supported through a specific development

 

User Repository:
SA Server can be connected to the following LDAP when Users account are managed externally (Mixed mode):
   - Microsoft Active Directory,
   - Novell eDirectory,
   - Sun One,
   - Open LDAP,
   - Any other LDAP could be supported through a specific development.

 

Authentication Services interface:
Authentication services are integrated using the following interfaces:
   - HTTP or HTTPS requests,
   - XML requests sent to Web API,
   - RADIUS requests through SA Server RADIUS agents for
        * Microsoft IAS or NPS (Windows Server 2008),
        * Juniper Steel Belted RADIUS,
        * FreeRADIUS
   - Proprietary request through SA Server Application agents for
        * Citrix Web Interface,
        * Microsoft OWA,
        * Microsoft ISA
        * Microsoft IAG

 

Security Modules:
The following security modules can be connected to the server:
   - nShield or payShield from NCipher,
   - Crypt2Pay from Bull - Support OATH and EMV-CAP,
   - Java Key Store software module,
   - Any other HSM could be supported through a specific development.

Compatibility
Arkoon      
VPN appliance   via Radius agent Validation through external partner
Cisco      
VPN appliance ASA 5510 V7.2 via RADIUS agent in Cisco VPN scenario IPSec and SSL  are covered
Citrix      
Application publishing Presentation Server 4.0 via CWI agent  
Presentation Server 4.2 via CWI agent  
Presentation Server 4.5 via CWI agent  
Presentation Server 5.0 via CWI agent  
Interface Web Interface 4.0 Dedicated CWI agent  
Web Interface 4.2 Dedicated CWI agent  
Web Interface 4.5 Dedicated CWI agent  
Web Interface 4.6 Dedicated CWI agent  
Web Interface 5.x via RADIUS agent  
VPN Access Gateway Std. Ed. via RADIUS agent in CAG Standard scenario  
Access Gateway Adv. Ed. via RADIUS agent in CAG Advance scenario  
Access Gateway Ent. Ed. via RADIUS agent in CAG Enterprise scenario  
SSO Password Manager Not applicable  
Checkpoint      
VPN appliance Checkpoint NGX R65 via RADIUS agent in Checkpoint VPN scenario IPSec and SSL  are covered
Evidian      
Software clustering SafeKit In SafeKit scenario Fail-over cluster configuration sample
SSO E-SSO via RADIUS agent  
F5      
VPN appliance   via Radius agent Validation through external partner
IBM      
Database DB2   Windows or AIX
Juniper      
RADIUS Server Steell Belted Dedicated SB agent  
VPN appliance SA 700

SSG V5.4		 via RADIUS agent in Juniper SSL VPN scenario
via RADIUS agent in Juniper IPSec VPN scenario		  
Microsoft      
Operating System Server 2003 SA Server Fail-over cluster configuration sample
Server 2008 SA Server  
Database MS SQL SA Server  
LDAP Active Directory SA Server  
RADIUS Server IAS - Server 2003 32/64
NPS - Server 2008 32/64		 MS RADIUS Agent
MS RADIUS Agent

 
Collaborative messaging server Exchange 2003
Exchange 2003
Exchange 2003
Exchange 2007 		MS RADIUS Agent in OWA scenario  
MS ISA Agent  
OWA-IIS agent  
MS ISA Agent OWA Access through ISA 2006 WITHOUT DOMAIN PASSWORD.
The two factor authentication is insured via PIN protected OTP.
Security Gateway ISA 2004
ISA 2006		 MS ISA Agent  
MS ISA Agent  
VPN Server 2003
Server 2003		 MS RADIUS Agent in training samples  
MS ISA Agent  
IAG
IAG		 MS RADIUS Agent  
MS IAG Agent  
Novell      
LDAP eDirectory    
Open Source      
Database Firebird SA Server  
MySQL SA Server  
LDAP Open LDAP SA Server  
RADIUS Server Free Radius 32/64 Dedicated FR agent  
Oracle      
Database Oracle    
Red Hat      
Operating System Red Hat Linux SA Server  
Sun      
LDAP Sun One SA Server  
Suse      
Operating System Suse 10 SA Server  
Sonicwal      
VPN appliance   via Radius agent Validation through external partner
Next Steps

Video

Protiva Mobile OTP IPhone, BlackBerry, Android, Windows video

Windows 7 Protiva OTP logon with Direct Access video

Protiva OTP Lost Device video

Protiva OTP with Microsoft DirectAccess video

Exclusive Information for Gemalto Enterprise Partners

Additional information about this product is available exclusively to Gemalto Enterprise Partners.
Click here to access it through the Enterprise Partner Portal.