Authasas Advanced Authentication Enterprise Edition is designed as a client-server distributed architecture.  Advanced Authentication Clients will automatically locate the closest Authenticore Server to provide the most efficient authentication path in a multi-site topology.  Authenticore Servers may serve thousands of users, and may be added and removed without disruption to the Advanced Authentication infrastructure.  Active Directory or AD Lightweight Directory Services contains all of the user policy and authenticator data for maximum redundancy and high availability to the Authenticore Servers.  By leveraging this multi-tier architecture, Authasas Advanced Authentication Enterprise supports deployments that scale with the Windows network, providing maximum up-time and logon performance.

Advanced Authentication Client

The Advanced Authentication client component is the most highly accessed component of the solution.  Users interact with the Authasas client components during every logon, logoff, and credential change event.  The Advanced Authentication Client can be installed on all Windows XP SP3 and newer platforms, including embedded OS platforms.  32 and 64 bit systems are both supported.  All of the Authasas graphic logos are fully customizable to allow each organization or partner to feature their own custom graphics.

All policies for the behavior of the Authasas Advanced Authentication client are centrally configured, so there is no need to manage each PC individually.  Policy updates and configuration changes may be modified before and after the systems are deployed.

Advanced Authentication Clients are not hard-coded to any given Authenticore Server; each authentication process begins with the client locating the most available server before initiating the authentication transaction.  If no server is available, such as a disconnected laptop, then authentication will occur against locally stored cached credentials (if allowed by policy).

The Advanced Authentication Client components may also be deployed to Citrix XenApp and XenDesktop servers to provide strong authentication when accessing those resources.  Authasas utilizes the ICA channel to redirect remote authentication requests to the local device.  Similar methodology is utilized in virtual environments when Advanced Authentication Client components are installed on a VDI.  This technology leverages the Remote Desktop Protocol when using thin clients with a Windows embedded operating system, or when using USB redirection (where supported) for non-Windows thinOS systems.  For information regarding integration with a VDI system using a connection broker, please review the Authasas Advanced Authentication Application Edition web page, or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it with environment details.

Advanced Authentication Authenticore Server

The Authenticore server is the central component in an Advanced Authentication Enterprise deployment.  The server has many functions, most importantly matching authenticators and granting access when authenticators match.  In this process, the Authenticore Server receives an authentication request from an Advanced Authentication Client, the stored credential is retrieved from the directory, decrypted, then matched against the sample provided by the user.  If the sample matches the stored template, then the Authenticore Server returns the success to the client and MSGINA or Credential provider can then authenticate the user to the domain.

The Authenticore server is also responsible for enforcing all policies that are configured for the user and the client.  User and computer policies are retrieved from AD or AD LDS, while global security policies are retrieved as Group Policy Objects that have been applied to the domain, to an Organization Unit, or to a Security Group.

Authenticore Server themselves belong to a Global Security Group which allows for the Advanced Authentication Clients to locate the servers, which may be added or removed on the fly, or moved between sites for performance optimization.

One or more Authenticore Servers may also be designated as log servers to capture all authentication and credential management events.  For organizations with dedicated log servers (aggregators), the log server may be deployed on a server that is not configured as an Authenticore Server.

Active Directory and AD Lightweight Directory Services

Advanced Authentication Enterprise Edition relies on the corporate LDAP directory to store user and computer policies as well as all user credential data.  By leveraging AD or AD LDS, data is automatically synchronized between primary and disaster recovery sites, and is always available to Authenticore Servers for authentication transactions and credential management.  All binary data stored in the directory is encrypted using the Microsoft Enhanced Cryptographic Provider.

By extending the AD schema, dedicated attributes are created for each user object in the directory.  It is understood that not all organizations are willing to extend the AD schema, therefore Authasas provides the ability through policy to map to any existing, unused attribute to store Advanced Authentication data.

Further, support for Active Directory Lightweight Directory Services provides an organization the ability to dedicate a specific LDAP repository for Authasas Advanced Authentication.  This further provides the ability for existing AD LDS implementations to share support between Authasas and other AD LDS integrated applications.  AD LDS is very significant alternative for large organizations who host and replicate an extremely large AD file size.  By leveraging AD LDS it eliminates the requirement to add any additional bulk to the Active Directory, thus conserving resources and bandwidth.

If other LDAP technologies are deployed to support, for example, a third party identity management system such as Novell, Oracle, Computer Associates, etc., Authasas is aggressively developing support for 3rd party LDAP v3 directories.  If you would like to determine if your LDAP infrastructure could be supported by Authasas Advanced Authentication, please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it .