Now you can issue the most advanced MFA credentials from our IdExchange platform. Issue Yubikey™ Tokens, HID™ Mobile Crescendo, Microsoft Virtual Smart Card, and even NIST derived credentials to give your organization the greatest flexibility to implement MFA on your terms.
Integrate credential issuance workflows into HR onboarding and offboarding processes to automate the distribution MFA credentials to employees and contractors to ensure MFA is always available and when the user leaves, all of the credentials are revoked.
Issue certificates from a certificate authority of your choosing in a manner that meets your corporate policy.
Enable users to bring their own token by being able to perform device ownership proofing before deploying a credential to their device.
The solution is designed to work with different mobile device management systems, certificate authorities and identity providers to leverage agencies’ existing mobile and PIV investments to reduce duplication and streamline operations
End users desire a system that is easy to use. The IT staff wants a system that is easy to maintain. With our services and technologies, both end users and IT can easily issue and use derived credentials.
The system’s automation features enable you to focus on being productive instead of performing manual tasks. From employment monitoring to device configuration, IdExchange can fully automate the entire derived credential delivery and management process.
The system provides extensive reports and dashboards to help administrators know the state of the derived credential and mobile security status. This insight ensures agencies are protected against the latest threats at all times.
End to end Encryption: Data at rest and in transit is encrypted using the strongest cryptographic ciphers and require mutually authenticated sessions for all system interactions. Hardware security module (HSM) is supported for additional controls.
Privacy Notifications: Privacy notification screens can be customized to meet organization messaging needs to ensure the appropriate privacy notification is seen and accepted by the system users.
Auditing: All identity proofing and credentialing lifecycle events are tracked and made available through a wide array of pre-designed reports. For custom auditing needs, the auditing API is available as well as a configuration guide to link an external security information and event management system.
Record Expungement: All traces of subscriber information are removed when an authorized official offboards a subscriber. When the subscriber is to be removed, the system deletes all the user’s information and internal data security keys to completely remove all subscriber data from the system.
Issue different types of derived credentials: Utilize the NIST 800-157 identity proofing workflow to easily issue different types of derived credentials from different credentialing providers. Easily configure a PIV Derived certificate authority to be used in the issuance of hardware based derived credentials.
Automate Revocation and Employment status checking: Automatically check the subscriber’s primary credential status and then revoke their associated derived credentials if the primary credential has been revoked.
Easily onboard Subscriber verification: The system can securely register any PIV credential using standard protocols to enable the subscriber to login and verify their identity in accordance with NIST 800-147.
Chain of Trust: Easily register and verify different mobile devices, hardware keys, or other derived credential security containers using Mobile Device Management systems, API, or manual data input.
Termination Flow: Synchronize all credential statuses for a subscriber by automatically terminating derived credential if the primary credential is terminated.
Name change: Securely refresh derived credential information when subscriber’s primary credential information changes.