WIXLIB

Entrust Identity for WorkforceA more secure and productive workforce Essentials Enterprise as a Service

OVERVIEWA modern IAM platformToday’s distributed workforce needs to be able to workanywhere with secure access to any app – cloud or onpremises – from any device. Unlike legacy identity and accessmanagement (IAM) solutions that assume an outdated securityperimeter concept, Entrust Identity applies a modern identitycentric Zero Trust approach for a more secure and productiveworkforce.THE OPPORTUNITYA comprehensiveworkforce solutionEntrust Identity covers the spectrum of workforce IAMsolutions, including: B est-in-class multi-factor authentication (MFA) and VPN protectionfor Windows-based environments with Identity Essentials H igh assurance credential-based authentication deployed on-premiseswith Identity Enterprise H igh assurance credential-based authentication deployed in the cloudwith Identity as a ServiceAs well, Entrust Identity offers workforce IAM solutionsto support a range of organization sizes, from SMBs with 50users to large enterprises with 1M users.2

Entrust Identity for Workforce IAMCore Use CasesDeployment OptionIdentityEssentialsBest-in-class MFA for Windows-basedorganizations; Remote access protection(VPN Clients, Cloud applications etc.)On-premisesIdentityEnterpriseHigh assurance credential-basedauthentication; Physical smart cardissuance; Passwordless AccessOn-premises,Virtual applianceIdentityas a ServiceHigh assurance credential-basedauthentication; SSO; PasswordlessAccess and SSOCloudEntrust Identity supports an unparalleled numberof workforce use cases and deployment options including: High assurance credential-based access for enterprise and government workforces Single sign-on (SSO) with cloud deployment model High assurance credential-based/FIDO-compliant passwordless access with SSO B est-in-class multi-factor authentication (MFA) supporting a breadth of use cases andauthenticators including soft token, hard token, mobile, grid card, SMS, push, and OTP Adaptive risk-based access and authentication with fine grained control Identity Proofing and workflow orchestration Self-service password resets Device reputation analysis Email signing and encryption, file encryption, and document signing Mobile software development kit (SDK) A vailable out-of-the-box integrations, SAML/OIDC, and REST APIs for administration& authentication Flexible deployment options: cloud, managed service, on-premises, virtual applianceLEARN MORE AT ENTRUST.COM/IDENTITY-ACCESS-MANAGEMENT/WORKFORCE3

HOW IT WORKSWorkforce use casesHigh assurance credential-based accessEntrust Identity provides the option of usingdigital certificates (PKI) for a higher level ofsecurity when and where warranted. This canbe either a physical smart card or a virtual smartcard that is provisioned on an iOS or Android device.The latter implementation is referred to as MobileSmart Credential (MSC).Single sign-on (SSO)Legacy federation and access management systemsare ill-suited to controlling user access in hybrid cloud/on-premises environments without a lot of manualprovisioning posing a security risk. As well, usersare often remiss to keep track of multiple URLs andcredentials, leading to poor habits like password reuseand recycling that further compounds the securityrisk. Single sign-on (SSO) resolves these challengesby providing workers with one set of credentials tosecurely access any app (cloud or on-premises), whilealso making it easy for IT teams to securely manage usercredentials. Entrust Identity as a Service federates withCloud apps via standards like SAML and OIDC.4

Credential-based/FIDO-compliant passwordless access with SSOArguably, the single largest vulnerability facing IT departments today is theemployee password. Credential-based passwordless access provisions adigital certificate (MSC) on to the worker’s phone, transforming it into theirtrusted workplace identity. When the phone is unlocked via biometrics or asecure PIN, the worker is logged into their workstation and applications whenin close proximity and logged out when not. A secure frictionless experiencefor all, and no more password resets.Entrust Identityas a Service1. Use Biometricwith mobiledevice to login2. Leverage existingcustomer PKI/Ondemand Entrust PKI3. Single Sign-on to allapps without needto re-authenticateBenefits Simplified Deployment PKI-based - High Assurance Ease of Use - Biometric-based Email Signing & EncryptionLEARN MORE AT ENTRUST.COM/IDENTITY-ACCESS-MANAGEMENT/WORKFORCE5

Multi-factor authentication (MFA)Entrust Identity provides high availability and large-scale capability MFA withsupport for an unrivalled number of authenticators including FIDO tokens,mobile push, and grid cards. As well, Entrust Identity leverages smart phonebiometric authenticators including fingerprint and facial recognition andprovides a built-in soft facial recognition option if the smartphone does nothave native biometric capabilities.MobileSoft TokenTransactionVerificationMobile DeviceCertificatesMobile italCertificatesMutualAuthenticationGrid / eGridENTRUSTAUTHENTICATION SUITEOTP and Certificate-basedauthentication options6Smartcardsand USBsOTP TokensKnowledge-BasedTransactionSigningBiometrics

Adaptive risk-based access and authenticationEntrust Identity’s adaptive risk-based engine provides an added level of securitywhen conditions warrant, like a worker logging in for the first time from a newdevice, at an abnormal time of day, or from a different geolocation. Requiringadditional authentication like a mobile push notification only for these situationsminimizes worker friction while also protecting corporate resources.CUTTING EDGE TECHNOLOGY,ADAPTIVE AUTHENTICATION, NO USER INTERACTIONBlockPOLICYENGINEAllowChallengeIdentity proofing and workflow orchestrationAs more workforces become distributed and remote, the need to verify theidentities of employees, contractors, and partners from afar increases. OurIdentity Proofing solution provides fully digital identity verification for yourworkforce. The worker captures a high-resolution image of their governmentissued ID, which is tested forensically and authenticated against a globaldatabase of 6000 different government ID types, and takes a selfie to confirmthat the person presenting the ID is the person who owns it. Liveness detectionchecks ensure the selfie is real, not a photo of a photo. Once authenticated, theworker can be onboarded and granted access to appropriate resources withcomplete workflow orchestration.LEARN MORE AT ENTRUST.COM/IDENTITY-ACCESS-MANAGEMENT/WORKFORCE7

Self-service password resetsPassword resets are a source of annoyance for IT help desks and usersalike, not to mention the cost of lost productivity for both groups.Entrust Identity provides the ability for users to be able to securelyreset their own passwords, meaning no downtime and no IT overhead.Better yet, go passwordless.Device reputation analysisTo prevent the compromise of valid credentials, it is recommendedto check the reputation of the device being used to access corporateresources first, especially in BYOD situations. Entrust Identity providesthis option, with access to a database of over 6.5 billion devicesconnected to the internet to determine reputation. Checks includedetermining if the device is using a TOR-based browser or proxy, is jailbroken or a rooted device, or has been used for debit or credit fraudalong with account opening and access velocity. Device Reputation isincluded with Identity Proofing.Email and file encryption, document signingThrough integration with the major MDM vendors including Microsoft,IBM, and VMware, Entrust Identity ensures workplace communicationsare secure with email and file encryption. MDM vendor integrationsupports secure workplace transactions with email encryption, fileencryption, and document signing.Mobile SDK and available integrationsEntrust Identity provides a mobile SDK so you can embed IAMdirectly into your workforce applications and brand as your ownif desired. The portfolio offers proven out-of-the-box integrationsincluding with all the major VPN vendors, SAML/OIDC, and APIs. Aswell, Entrust Identity works with your existing Microsoft environment,including Active Directory (AD), Active Directory Federation Server(ADFS) , Azure AD for user synchronization, and ActiveSync DeviceProvisioning to protect unauthorized devices from accessing users’email. For credential-based use cases, Entrust Identity is able toleverage certificates issued by Microsoft’s CA.8

Entrust Identity Solution Matrix for Workforce IAMIdentity EssentialsIdentity as a ServiceIdentity Enterprise333SSO3Via Federation Module (SAML)High assurancecredential-basedaccess (certificates)33MFAPhysical smartcard issuance3High ssaccess with SSO3Passwordless login33Risk-basedRisk-based3333Device reputation33Email and fileencryption33Document signing3333Adaptive accessPolicy-basedIdentity proofingSelf-servicepassword resetsADFS333Azure AD IntegrationActiveSyncDevice Protection33IT platformrequirementsWindowsN/AWindows/LinuxMobile SDK333Number of users 5000Unlimited 5000DeploymentOn-premisesCloudOn-premisesLEARN MORE AT ENTRUST.COM/IDENTITY-ACCESS-MANAGEMENT/WORKFORCE9

Flexible deployment,broad capabilitiesEntrust Identity can be deployed in the cloud, on-premises,or as a virtual appliance. As well, Entrust works with ManagedService Providers to deliver Entrust Identity as a managed service.Entrust Identity: Complements your existing IT infrastructures and workflows vs. seeking to replace Delivers the widest support of VPN, cloud and on-premise based applications P rovides the option for certificate-based authentication which also supports theindustry’s only real high assurance passwordless solution Offers a mobile platform with one modern unified app that works across the portfolio Provides available out-of-the-box integrations, SAML/OIDC, and APIs I ncludes a mobile development kit so you can embed authentication directly intoyour own apps and brand as your own as desired O ffers access to the industry’s largest MDM ecosystem, including Microsoft Intune,MobileIron, Citrix, and VMware AirWatch E nsures easy IT implementation and efficient operation with point-and-clickprovisioning and policy management, and self-service password resetsMobile-first approachEntrust Identity applies a unique approach to mobile, with a layeredmodel to establish trust in the device and user first before enablingaccess. It then applies adaptive step-up authentication to ensure thistrust is maintained over time.10

OUR SOLUTIONEntrust Identity portfolioEntrust Identity is the IAM portfolio that provides the flexibilityand scalability you need to stay ahead of the ever-evolving threatlandscape and realize a Zero Trust framework. Beyond workforceIAM, Entrust Identity also supports consumer and citizen use cases. Trust the user Trust the device Provision a credentialEstablish Trust Secure access Secure transactions Sign transactionsTransact Monitor user behavior Monitor session activity Monitor system wide patternsMaintain TrustUse cases across employees, customers, partners, and appsComprehensive integrations – Flexible deployment modelsTHE ENTRUST DIFFERENCEA leader in IAMWith 25 years of digital identity expertise and 50 years ofsecurity innovation, Entrust is an identity and access managementleader. Our high assurance solutions are proven with Fortune 500sand governments and are deployed by 10K customers aroundthe globe. Entrust Identity secures digital identities and corporateassets, while also improving workforce productivity and removingfriction for consumers and citizens.LEARN MORE AT ENTRUST.COM/IDENTITY-ACCESS-MANAGEMENT/WORKFORCE11