Shared Workstations Environments (SWE), generically logged on accounts, Computers on Wheels, kiosks, or whatever you call multi-user systems in your organization present a challenge to security, your ability to properly audit, and ultimately cause compliance issues. Ever-changing regulatory mandates, coupled with a desire to strengthen end-point security have forced organizations to reexamine the manner in which SWEs are deployed, accessed and managed. RapidIdentity MFA Shared Workstation implements a unique approach to addressing challenges within SWEs that is focused on satisfying the ever-changing nature of regulatory mandates, securing end-points, while simultaneously providing a high-level of flexibility for organizations as they migrate from their current SWE to RapidIdentity MFA Shared Workstation.
The solution works with domain-joined and non-domain joined user accounts and computers. The same flexible auto-login/generic account access is achievable with RapidIdentity MFA Shared Workstation; however, once deployed RapidIdentity MFA Shared Workstation places a secured, screen-saver like shell around the Windows® desktop. Users requesting access are first required to authenticate to RapidIdentity MFA Shared Workstation, following which they are provided auditable and simplified SSO access to applications, virtual desktops infrastructure (VDI), and other protected resources.
RapidIdentity MFA Shared Workstation is designed to provide secure, fast, and auditable, change of control for organizations that implement shared Windows® systems. By securing and creating an audit trail for both the SWE and applications utilized within the SWE, RapidIdentity MFA Shared Workstation significantly reduces, but does not eliminate, the risks associated with SWEs and generically logged on Windows® accounts. Since there is an inherent risk with SWEs and generically logged on Windows® accounts, care must be taken to ensure correct operating system security policy remains in place that secures and prevents access to both local and network resources that are not required in the SWE.