DXC Technology — is an international IT corporation that provides services in the field of IT consulting, maintenance of corporate IT equipment, cybersecurity, etc. It includes more than 70 companies from different countries with a staff of more than 130,000 employees. Protectimus provides two-factor authentication services to the Italian division of DXC Technology – Xchanging Italy.
Protectimus was chosen because of their unique Dynamic Strong Password Authentication (DSPA) technology. Using this product, we added 2FA to all the systems we needed to protect in one fell swoop, as it allowed us to integrate two-factor authentication services straight with Active Directory. We have been using the Protectimus two-factor authentication platform for a year and are satisfied with this product and the level of support.
Mauro S., Information Technology principle engineer at Xchanging Italy a DXC Technology
Key tasks for implementing 2FA for Xchanging Italy a DXC Technology
Xchanging Italy, part of the DXC Technology group, uses Protectimus’ two-factor authentication solution to secure access to virtually all the enterprise software used by their staff.
When choosing a two-factor authentication provider, DXC Technology’s IT engineers looked for a solution that would meet two criteria:
- allowed them to protect access to all the services used by company employees for work;
- was relatively easy to connect and configure, as DXC Technology’s IT department wanted to avoid the time-consuming process of integrating two-factor authentication service with each corporate software separately and installing additional 2FA software on workers’ computers.
The Protectimus’ unique product, the Protectimus Dynamic Strong Password Authentication (DSPA) solution, meets both requirements. Protectimus DSPA integrates directly with Active Directory, turning user passwords stored in AD into dynamic two-factor passwords.
Such a dynamic two-factor auth password (for example, Pa$$code987654) consists of two parts: a standard password (Pa$$code) and a temporary TOTP password (987654). Temporary TOTP password is constantly changing according to the schedule set by the administrator, a time interval must be a multiple of 30 seconds. To receive a time-based one-time password, a user needs a TOTP token.
Thus, Protectimus DSPA allows you to add two-factor authentication to all services connected to Active Directory at once. We will describe the Protectimus DSPA technology in more detail below.
Xchanging Italy a DXC Technology wanted to solve several challenges with 2FA
- To protect access to all the software used by company employees.
- To integrate two-factor authentication into Xchanging Italy corporate infrastructure quickly and efficiently.
- To deploy two-factor authentication servers in the DXC Technology environment so as not to transfer user information to a third party and ensure maximum protection and fault tolerance of the 2FA system.
The following Protectimus 2FA products were chosen to solve the above mentioned tasks
- Protectimus On-Premise 2FA Platform.
- Protectimus DSPA solution to integrate 2FA directly with Active Directory.
- 2FA application for generating one-time passwords Protectimus SMART OTP.
- Protectimus User Self-Service Portal, which allows the Xchanging Italy end users to issue OTP tokens themselves without admin involvement.
Challenges and Solutions
To protect access to all corporate software with two-factor authentication
The unique Protectimus DSPA technology is ideal for this task.
The Protectimus two-factor authentication solution is integrated straight away with the user storage (in this case, Active Directory). Protectimus DSPA adds a dynamic part (TOTP one-time password) to the user passwords stored in Active Directory and turns them into dynamic two-factor authentication passwords. After that, end users will enter the two-factor authentication passwords to log into each corporate service connected to AD.
Dynamic two-factor authentication passwords consist of two parts:
- A user password. The password stored in Active Directory before the 2FA integration. This part of the two-factor password does not change.
- Time-based one-time password (TOTP password). This part of the two-factor password changes at intervals set by the administrator, from 30 seconds or more.
A dynamic password created using the Protectimus DSPA component will look like this – Pa$$code987654, where Pa$$code is the user’s password in AD that does not change, and 987654 is the one-time password generated using the TOTP token.
Learn more about the Protectimus DSPA solution and test it for free here.
To implement 2FA quickly and efficiently
The main advantage of using Protectimus DSPA technology is that integration is carried out with only one system – Active Directory. And after that, two-factor authentication appears immediately on all the services and machines connected to Active Directory.
DXC Technology administrators didn’t have to deal with each service that needed to be protected with 2FA separately. It made the 2FA implementation process faster and more efficient.
And to save administrators from the extra burden of issuing 2FA tokens separately for each end user, Xchanging Italy also uses the Protectimus User Self-Service Portal. On this portal, end users enroll software TOTP tokens using the Protectimus SMART OTP one-time password generation application themselves.
Contact our team and describe your requirements. We will help you choose the best two-factor authentication solution for you.
To deploy two-factor authentication servers in DXC Technology environment
It was important for DXC Technology not to transfer even a part of user data to a third party. Therefore, the best solution was to deploy Protectimus On-Premise Two-Factor Authentication Platform on Xchanging Italy’s own servers.
Instructions for installing and configuring the Protectimus On-Premise 2FA Platform are available here.
2FA products used by Xchanging Italy a DXC Technology
Protectimus’ on-premise two-factor authentication platform is installed on the customer’s infrastructure or in their private cloud. The client has the fullest control over the two-factor authentication servers and user data. They can build their own system to protect authentication servers from hacking and take care of the fault tolerance of the 2FA system.
The unique Protectimus Dynamic Strong Password Authentication component integrates directly with AD, LDAP or any database and adds a dynamic part to the users’ passwords stored there. The dynamic part is the TOTP passcode with the time interval set by the administrator. So two-factor authentication is activated simultaneously in all services that access this user storage.
Application for generating OTP passwords. Available for free on GooglePlay or the App Store. The Protectimus SMART OTP 2FA app allows you to set any interval for changing OTPs generated by the TOTP (Time-Based OTP Generation Algorithm) algorithm from the standard 30 seconds to infinity. Only this type of OTP token is suitable for Protectimus DSPA.
Protectimus Users Self-Service
The Protectimus Users’ Self-Service Portal allows the client’s end users to enroll two-factor authentication tokens themselves. Considering that all the DXC Technology users use Protectimus SMART OTP one-time password generation application, activating the Protectimus Users’ Self-Service Portal greately facilitates the work of the DXC Technology administrators.
Read more Protectimus customer stories