Support for Multi LDAP Environments

To have the ability to deal with various customer networks and associated user LDAP repositories, Bomgar Verify can facilitate and manage disparate environments via a single administration console. This reduces the burden on existing IT staff for ongoing management of users.

Some of the most common deployment scenarios are discussed below:

Company with Internal users requiring 2FA

A company who already has users stored within a LDAP server (Microsoft AD, Novell eDir, Sun One or OpenLDAP) requires very little configuration. All that is needed is a service account upon the Bomgar Verify servers that has read and writes privileges to the “telex number” attribute.

Bomgar Verify then reads in all user information without having to recreate a separate user database to allow 2FA to be deployed into the network. As users are already configured, administration is reduced, as well as allowing a high level of end user acceptance. This is achieved since the end user is not required to remember any more authentication information. They can reuse their existing UserID and password, complimented with a 6 digit OTP sent via SMS to their mobile phone.

Company requiring a Business to Business 2FA

A company, who has to allow external users to connect to their internal network, but does not want to place these users into their own LDAP server, can use the “SecurEnvoy managed users” configuration. This utilises Microsoft ADAM, which is a cut down version of the Active Directory, but all user management is conducted by the SecurEnvoy admin GUI.

All user information is stored within Microsoft ADAM, to allow a greater control of external users, separate MS ADAM instances can be configured to bring physical separation to how the external users are managed. E.g. multiple support companies who require network access.

Company requiring a Business to Customer 2FA

A company who wants to conduct business with consumers, but does not want to place these users into their own LDAP server can use the “SecurEnvoy managed users” configuration. This utilises Microsoft ADAM, which is a cut down version of the Active Directory, but all user management is conducted by the Bomgar Verify admin GUI.

All user information is stored within Microsoft ADAM, to allow a greater control of external users, separate MS ADAM instances can be configured to bring physical separation they want to manage various consumers. E.g. Banking and Finance may have different requirements for retail banking consumers when compared to private clients banking.

Company requiring 2FA for a ASP/ISP type model.

Option 1

Managed customers allow connectivity to their own LDAP servers for user management (2FA, this requires read and write access to the telexnumber attribute).

The advantage of this option is that user’s information already exists and is maintained in real time by the customer’s own IT staff. In addition, deployment is rapid, as all user data is reused and users can be deployed on mass via the Bomgar Verify deployment wizard. (See 7.0 Automated User Provisioning).

All 2FA user information is effectively stored within the customer’s own LDAP environment and thus replication and backup is managed within the customer’s own network.

Option 2

A managed customer who does not allow access to their internal LDAP servers or will not allow write access to the telexnumber attribute. This approach utilises Microsoft ADAM, which is a cut down version of the Active Directory, but all user management is conducted by the Bomgar Verify admin GUI.

All user information is stored within Microsoft ADAM to allow greater control of external users. Separate MS ADAM instances can be configured to bring physical separation, in which the external users are managed. E.g. multiple companies who require network access to hosted applications.