Functionality

The following is a list of the key features included with PortalGuard Nebula

Account self service

There are multiple options that can be provided for end users to manage their own accounts:

a. Account Unlock - Users can unlock their network accounts after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).

b. Password Reset - Users can reset their forgotten passwords after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).

c. Password Recovery - Users can recover or see their current passwords after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).

d. User Name Lookup – Forgot username capability allows users to dynamically find forgotten usernames.PortalGuard has extension points that allow customers to point it to different directories in addition to operating against AD, LDAP, and SQL out of the box.

Web-based Single Sign-on

Nebula comes equipped with a built-in Identity Provider. This component can provide SSO to both on-premises and cloud-based web applications (e.g. Google Apps, Salesforce.com, Office365 etc.) using SAML, CAS, WS-Federation, Shibboleth or Forms-based SSO.

Enforce Multi-factor Authentication

Users can be required to authenticate using Two-Factor Authentication (username, password and OTP) or Knowledge-based Authentication (username, password and challenge answer).

Account/Password Synchronization

Users can manage the accounts and passwords for multiple systems from a single interface in real-time. This includes self-service features such as account unlock and password reset, as well as performing a server-based password synchronization when the user changes the primary account password.

Account Lockout/Strikeout

A configurable number of consecutive failed authentications can result in the user account being locked. An optional setting prompts the user with the number of strikes they currently have to help mitigate locked accounts.

Locked accounts can be configured to automatically unlock after a specified number of minutes. For more sensitive accounts, users can remain locked until the Help Desk can address the issue. The user is notified of any automatic interval in the user interface.

Password Rules

Nebula can be configured to control the expiration, quality, and history of a user's portal passwords.

Rules by User/Group/Hierarchy

Rules specified by Nebula can be configured for individual users, groups of users, or entire hierarchies of a specified domain. This flexibility provides complete control over settings based on work responsibilities, location, or other criteria.

Reporting

Nebula provides advanced reporting capabilities, encompassing all activity forthe connected Nebula server. This reporting functionality allows for custom reports to becreated based on direct SQL queries of the Nebula event data.

The following is a list of the various attributes that can be reported on from the Nebula event data:

SSPR

  • Username Lookup (Forgot Username)
  • Account Unlock
  • PW Reset
  • PW Recovery

  • Password Management

  • PW complexity rules, expiration, history, etc.

  • PW Synchronization Single Sign On (SSO)


  • PortalGuard Nebula supports many different SSO standards including: SAML, CAS, WS Federation, Kerberos, Shibboleth, Forms & Cookies based.
  • Our SSO also integrates seamlessly with a number of applications quickly and efficiently.

  • 2FA

  • PortalGuard Nebula is compatible with a number of OTP methods including: SMS Text, PortalGuard Self Service App, PassiveKey, Google Authenticator, YubiKey, RSA SecureID, Voice Call,HOTP Tokens, Email Messaging and Printed OTP’s.

  • Nebula also provides optional functionality to allow users to create new accounts in the localuser-repository. Active Directory, LDAP, and SQL directories are all supported out of the box. There are also numerous extension points that allow for the creation of custom workflows before provisioning occurs.