It is a way for Freja ID to authenticate a user. Examples include OATH, OCRA, Kerberos (i.e. static domain password), etc.
It is a way for Freja ID to match an authentication request to the right authentication method. An authentication rule may have various conditions, such as LDAP attributes, group membership, IP address, etc.
In the previous Freja ID model, only two appliances can be clustered (in replication). In the new generation of Freja ID – four is correct. They can be organised in the following topologies:
It is a cluster of two to four Freja ID appliances which maintain a constant connection between each other, exchanging information about their token stores and user authentication.
Both Freja ID (old and new version) and Multipliance are on 64bit Ubuntu 14.04.1. “Old” Freja ID is on 32bit CentOS 5.2
It is an AES 256 key used to encrypt all sensitive information during the provisioning process and related activities. Every Freja ID appliance comes with a default factory key which should be changed before the appliance is put in production.
It is a server or network segment allowed to send RADIUS authentication requests to Freja ID. Each NAS has a friendly name, IP address, Bit mask and a secret key.
It is an IP address or network segment allowed to send SOAP requests to Freja ID in relation to authentication or token provisioning.
Yes, Freja ID is available both as a Private Cloud solution and (for customers within the UK) within the scope of G-Cloud 5 procurement framework.
Freja ID supports OATH OTP and OCRA for challenge response (transaction signing). Also “Kerberos then OCRA”, which combines Kerberos protocol with OCRA and “Kerberos then OATH”, which combines Kerberos with OATH. Freja ID also supports Freja Mobile, which is a context-rich, out of band method.
Through a web interface, with local or AD based accounts. This applies only for TMC super-users and helpdesk users. Admin cannot access the Freja ID admin application with AD credentials. Admin accesses the Freja ID admin application with Freja ID local admin credentials. The same Freja ID appliance can have multiple admin users/credentials.
Yes, Freja ID supports multiple, concurrent LDAP directories.
Authentication events are logged to Freja ID internal database. There are various reports that can extract this information and show the number of successful user authentications, failed user authentications, etc. Custom reports can also be created for the customer.
Yes, replication mechanism allows pairing up to four Freja ID appliances.
a. Freja can be configured for the migration scenario, which implies connecting to the existing authentication service.
b. When an authentication request is received, Freja can decide whether to do authentication by itself or forward the request to an existing authentication service.
It is an IP address or network segment allowed to access the administration interface of Freja ID. This applies to the Freja Admin application, replication service and HTTP monitoring service.
It is an AES 256 key used to encrypt all sensitive information in the database and configuration backups of Freja ID. Each Freja ID appliance comes with a default factory key which should be changed before the appliance is put in production.
Freja ID and SSP can use self-signed SSL certificates, but MASS needs a certificate issued by a well-known CA. Please note that a self-signed certificate needs to contain the following information: CN=DNS name or Subject Alternative Name=IP Address of the server depending on how the customer wants to access the appliances.
Both Freja ID and Multipliance can set automatic synchronisation with the NTP Server that will be done once every hour. This can be set within the Admin Interface, when you go to General>Time & Date tab.
4GB RAM, 2 CPU’s, 50GB HDD and 1 NIC