The following is a list of the key features included with PortalGuard Nebula
Account self service
There are multiple options that can be provided for end users to manage their own accounts:
a. Account Unlock - Users can unlock their network accounts after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).
b. Password Reset - Users can reset their forgotten passwords after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).
c. Password Recovery - Users can recover or see their current passwords after sufficiently proving their identity via challenge answers, providing OTPs sent to their mobile devices or alternate email addresses (or both).
d. User Name Lookup – Forgot username capability allows users to dynamically find forgotten usernames.PortalGuard has extension points that allow customers to point it to different directories in addition to operating against AD, LDAP, and SQL out of the box.
Web-based Single Sign-on
Nebula comes equipped with a built-in Identity Provider. This component can provide SSO to both on-premises and cloud-based web applications (e.g. Google Apps, Salesforce.com, Office365 etc.) using SAML, CAS, WS-Federation, Shibboleth or Forms-based SSO.
Enforce Multi-factor Authentication
Users can be required to authenticate using Two-Factor Authentication (username, password and OTP) or Knowledge-based Authentication (username, password and challenge answer).
Users can manage the accounts and passwords for multiple systems from a single interface in real-time. This includes self-service features such as account unlock and password reset, as well as performing a server-based password synchronization when the user changes the primary account password.
A configurable number of consecutive failed authentications can result in the user account being locked. An optional setting prompts the user with the number of strikes they currently have to help mitigate locked accounts.
Locked accounts can be configured to automatically unlock after a specified number of minutes. For more sensitive accounts, users can remain locked until the Help Desk can address the issue. The user is notified of any automatic interval in the user interface.
Nebula can be configured to control the expiration, quality, and history of a user's portal passwords.
Rules by User/Group/Hierarchy
Rules specified by Nebula can be configured for individual users, groups of users, or entire hierarchies of a specified domain. This flexibility provides complete control over settings based on work responsibilities, location, or other criteria.
Nebula provides advanced reporting capabilities, encompassing all activity forthe connected Nebula server. This reporting functionality allows for custom reports to becreated based on direct SQL queries of the Nebula event data.
The following is a list of the various attributes that can be reported on from the Nebula event data:
PW Synchronization Single Sign On (SSO)
Nebula also provides optional functionality to allow users to create new accounts in the localuser-repository. Active Directory, LDAP, and SQL directories are all supported out of the box. There are also numerous extension points that allow for the creation of custom workflows before provisioning occurs.