OpenInsight Authentication Module (OAM)
The OpenInsight Authentication Module (OAM) builds upon the legacy OpenInsight security processes and provides additional enhanced, industry standard security processes. OpenInsight v10 by default utilizes this new enhanced login security policy. System administrators can choose to disable enhanced login security policy and retain legacy login processing instead.
The module provides support for login policies including locking out users after a definable number of unsuccessful attempts, password construction requirements, etc. Sensitive data for policy and user information is stored in AES encrypted records. In addition, the OAM records (“journals”) successful and unsuccessful login attempts, changes to policies and changes to user information.
Process
Administrators will configure login policies, and set up user information, for all applications that require this enhanced security. If desired, administrators can hard code the password and application name (in the desktop “shortcut”) to remove the end user requirement of logging in via the normal OpenInsight log in process, or – should the network infrastructure support it – Revelation Software recommends that Single Sign On (SSO) is also enabled for these systems.
User Interface
The user interface components included in this implementation of the OAM are a master Policy Configuration window, the Authentication User Maintenance window, the User Password Maintenance window and the Reset Application Password window.
The The Policy Configuration Window is used to define and maintain the enhanced policy configuration.
The The Authentication User Maintenance Window is used to create and maintain individual user settings such as expiration dates and disable until dates, as well as to reset the user’s password.
The The User Password Maintenance Window is used by the individual user to change his or her password.
The Reset Application Password window is used by System Administrators to reset the password to the default application user.