2. Full Integration Digital DNA is fully integrated DDNA Server is fully integrated within the target application to secure A non-authenticated user accesses the login page of his DNA-enabled portal. The user authenticates with user, password and DNA. Communication is established with Digital DNA Server that checks DNA credentials (user + DNA). Digital DNA Server checks user credentials on LDAP server (user + password) When DNA authentication is successful, a One-Time-Password (OTP) request is processed. User credentials and OTP and provided to the portal. The web front checks the OTP is correct. Access is granted DMZ Internal Network Web Front Access Login Page 7 User + Pwd + DNA 1 Login page Access Granted Application Server User Credentials + OTP OTP check 5 6 3 HTTPS 4 OTP LDAP Synchro 3 2 Authentication User + Pwd Authentication User + DNA LOGIN PEOPLE
3. Webmail Integration - Option 1 Seamless integration to OWA with double authentication DDNA Server authenticates fully the user and redirects to the OWA Server A non-authenticated user is redirected (through Reverse Proxy) to the DNA-enabled Login page on the web front server The user authenticates with user, password and DNA. Communication is established with Digital DNA Server that checks DNA credentials (user + DNA). Digital DNA Server checks user credentials on LDAP server (user + password) When DNA authentication is successful, a One-Time-Password (OTP) request is processed. A redirection is processed to the Web mail server (posting user, password and OTP). Request is intercepted by the reverse proxy. The reverse proxy checks the OTP is correct. If OTP is correct credentials are passed to the Web mail that Authenticates against the directory server. DMZ Internal Network Web Front URL Redirect User + Pwd + DNA 1 Login page OWA Server 7 URL Redirect + Authentication Webmail User + Pwd 5 Reverse Proxy 8 Authentication User + Pwd URL Filtering + OTP check 6 HTTPS OTP Check LDAP Synchro 3 4 2 OTP Authentication User + Pwd Authentication User + DNA LOGIN PEOPLE
4. Webmail Integration – Option 2 Seamless integration to OWA with complementary authentication DDNA Server authenticates only DNA credentials A non-authenticated user is redirected (through Reverse Proxy) to the DNA-enabled Login page on the web front server The user authenticates with user, password and DNA. Communication is established with Digital DNA Server that checks DNA credentials (user + DNA). When DNA authentication is successful, a One-Time-Password (OTP) request is processed. A redirection is processed to the Web mail server (posting user, password and OTP). Request is intercepted by the reverse proxy. The reverse proxy checks the OTP is correct. If OTP is correct credentials are passed to the Web mail that Authenticates against the directory server. DMZ Internal Network Web Front URL Redirect User + Pwd + DNA Login page 1 OWA Server 6 URL Redirect + Authentication Webmail User + Pwd 4 Reverse Proxy 7 Authentication User + Pwd URL Filtering + OTP check 5 HTTPS OTP Check LDAP Synchro 3 2 OTP Authentication User + DNA Enterprise Directory LOGIN PEOPLE
5. SSL VPN Integration Complementary integration of SSL VPN and DDNA solutions DDNA Server authenticates only DNA credentials A non-authenticated user is redirected (through Reverse Proxy) to the SSL VPN DNA-enabled Login page on the web front server The user authenticates with user, password and DNA. Communication is established with Digital DNA Server that checks DNA credentials (user + DNA). When DNA authentication is successful, a One-Time-Password (OTP) request is processed to the Radius server on DDNA Server. A redirection is processed to the VPN SSL Server (posting user, password and OTP). The SSL VPN Server checks with Radius server on DDNA Server that the OTP is correct. If OTP is correct, the VPN SSL Server checks authentication credentials on the directory server Upon success, tunnel is open to the internal application with appropriate user credentials. DMZ Internal Network URL Filtering Reverse Proxy URL Redirect User + Pwd + DNA 1 Web Front Login page VPN SSL Server + OTP Check 4 7 HTTPS Internal Applications OTP Check 6 5 3 2 OTP Authentication User + DNA LDAP Synchro Enterprise Directory DDNA Server could also be configured to check user/pwd credentials on the directory server hence have double authentication on enterprise directory. LOGIN PEOPLE
6. Contact LOGIN PEOPLES.A. (France) LOGIN PEOPLE INC (USA) Sophia Antipolis (Headquarters)Buropolis 2 - 1240, route des Dolines Sophia Antipolis 06560 Valbonne Tél : +33(0)4 93 33 06 66 Fax : +33(0)4 93 67 58 45 New YorkPO Box 737352. Elmhurst. New York 11373. Tel : +1 917.406.5470 Paris 8, passage Brulon 75012 Paris Tél : +33(0)1 82 83 36 83 Fax : +33(0)9 88 77 66 55 San Francisco 26 O’Farrell Street San Francisco, CA 94006 www.loginpeople.com