FAQ

Freja ID

Question: What is authentication method?

It is a way for Freja ID to authenticate a user. Examples include OATH, OCRA, Kerberos (i.e. static domain password), etc.

Keywords: Freja ID/authentication method

Question: What is authentication rule?

It is a way for Freja ID to match an authentication request to the right authentication method. An authentication rule may have various conditions, such as LDAP attributes, group membership, IP address, etc.

Keywords: Freja ID/authentication rule

Question: How many cluster nodes can be configured in a single Freja deployment?

In the previous Freja ID model, only two appliances can be clustered (in replication). In the new generation of Freja ID – four is correct. They can be organised in the following topologies:

freja 1

freja 2

freja 3

freja 4

Keywords: Freja ID/configuring cluster nodes

Question: What is replication?

It is a cluster of two to four Freja ID appliances which maintain a constant connection between each other, exchanging information about their token stores and user authentication.

Keywords: Freja ID/replication/cluster

Question: What operating system (OS) does the Freja platform run on?

Both Freja ID (old and new version) and Multipliance are on 64bit Ubuntu 14.04.1. “Old” Freja ID is on 32bit CentOS 5.2

Keywords: Freja ID/operating system/OS

Question: What is a provisioning key?

It is an AES 256 key used to encrypt all sensitive information during the provisioning process and related activities. Every Freja ID appliance comes with a default factory key which should be changed before the appliance is put in production.

Keywords: Freja ID/provisioning key

Question: What is NAS (RADIUS Client)?

It is a server or network segment allowed to send RADIUS authentication requests to Freja ID. Each NAS has a friendly name, IP address, Bit mask and a secret key.

Keywords: Freja ID/RADIUS Client

Question: What is services client?

It is an IP address or network segment allowed to send SOAP requests to Freja ID in relation to authentication or token provisioning.

Keywords: Freja ID/services client/SOAP request

Question: Is Freja ID available as a hosted service?

Yes, Freja ID is available both as a Private Cloud solution and (for customers within the UK) within the scope of G-Cloud 5 procurement framework.

Keywords: Freja ID/hosted service/private cloud solution

Question: What authentication protocols are used?

Freja ID supports OATH OTP and OCRA for challenge response (transaction signing). Also “Kerberos then OCRA”, which combines Kerberos protocol with OCRA and “Kerberos then OATH”, which combines Kerberos with OATH. Freja ID also supports Freja Mobile, which is a context-rich, out of band method.

Keywords: Freja ID/authentication protocols

Question: How do admins access the application?

Through a web interface, with local or AD based accounts. This applies only for TMC super-users and helpdesk users. Admin cannot access the Freja ID admin application with AD credentials. Admin accesses the Freja ID admin application with Freja ID local admin credentials. The same Freja ID appliance can have multiple admin users/credentials.

Keywords: Freja ID/admins access

Question: Does Freja ID support multiple domains?

Yes, Freja ID supports multiple, concurrent LDAP directories.

Keywords: Freja ID/multiple domains/LDAP

Question: What kind of reporting is provided by Freja appliance?

Authentication events are logged to Freja ID internal database. There are various reports that can extract this information and show the number of successful user authentications, failed user authentications, etc. Custom reports can also be created for the customer.

Keywords: Freja ID/reporting options

Question: Is it possible to have more than one Freja appliances working in pair for failover and load-balancing?

Yes, replication mechanism allows pairing up to four Freja ID appliances.

Keywords: Freja ID/more appliances/failover/load-balancing

Question: How to migrate from existing authentication solution (e.g. RSA) to Freja ID appliance?

a. Freja can be configured for the migration scenario, which implies connecting to the existing authentication service.
b. When an authentication request is received, Freja can decide whether to do authentication by itself or forward the request to an existing authentication service.

Keywords: Freja ID/migration/existing solution

Question: What is Admin Client?

It is an IP address or network segment allowed to access the administration interface of Freja ID. This applies to the Freja Admin application, replication service and HTTP monitoring service.

Keywords: Freja ID/admin client

Question: What is LMK (Local Master Key)?

It is an AES 256 key used to encrypt all sensitive information in the database and configuration backups of Freja ID. Each Freja ID appliance comes with a default factory key which should be changed before the appliance is put in production.

Keywords: Freja ID/LMK/Local Master Key

Question: Can Freja ID/Multipliance use a self-signed SSL certificate?

Freja ID and SSP can use self-signed SSL certificates, but MASS needs a certificate issued by a well-known CA. Please note that a self-signed certificate needs to contain the following information: CN=DNS name or Subject Alternative Name=IP Address of the server depending on how the customer wants to access the appliances.

Keywords: Freja ID/Multipliance/self-signed SSL certificate

Question: How does Freja ID/Multipliance ensure correct timekeeping?

Both Freja ID and Multipliance can set automatic synchronisation with the NTP Server that will be done once every hour. This can be set within the Admin Interface, when you go to General>Time & Date tab.

Keywords: Freja ID/Multipliance/timekeeping

Question: What VM specifications are required for Freja ID and Freja Multipliance?

4GB RAM, 2 CPU’s, 50GB HDD and 1 NIC

Keywords: Freja ID/Multipliance/VM specifications