optimalidm :: Features

The OptimalCloud™ Features

The OptimalCloud™ Features

Review the features of this solution below. Click Here to access the full online documentation.

While many features may be enabled by you, some must be enabled by the Optimal support team. Some features also require upgrading to a higher teir as well. For more information please open a support ticket at Optimal Support Ticketing System

Feature	Description	Required Tier
Conditional Authentication Rules	Rules that include conditions on which drive authentication locations and levels.	SILVER/GOLD/ENTERPRISE
Conditional Authorization Rules	Rules that include conditions on which drive a users authorization to an application.	SILVER/GOLD/ENTERPRISE
Consent Management	Consent Management.	SILVER/GOLD/ENTERPRISE
Custom Fields / Layout / Look-and-feel / ACL's	All fields are configurable and can be added/removed as needed. The layout of the fields and tab can also be configured, along with ACL's for each one.	SILVER/GOLD/ENTERPRISE
Custom Schema	Allows for custom attributes to be created.	SILVER/GOLD/ENTERPRISE
Identity Analytics	Simple searches that are performed each day that highlight missing or bad data.	SILVER/GOLD/ENTERPRISE
Dedicated Environment	Dedicated environments means that you servers that are dedicated to your deployment only. This allows for many options such as the use of VPN's or data location in client desired data-centers.	ENTERPRISE
Developers Portal	A portal with access to various sample code/projects for SSO/Federation integration in multiple development languages and platforms.	SILVER/GOLD/ENTERPRISE
Job Manager	Jobs that can be run such as Importing data or Exporting data.	SILVER/GOLD/ENTERPRISE
Multi-Cultural/Language Support	Additional languages can be added upon request.	SILVER/GOLD/ENTERPRISE
Online Help	Context sensative help documents.	SILVER/GOLD/ENTERPRISE
Portal / Landing Page	Users not requesting to go to a particular application, will automatically land on the default portal page which includes links to all application/features the user has access to.	SILVER/GOLD/ENTERPRISE
Sync Agent for on-prem	While identities are not required to be synced in all cases, if needed a sync agent tool is available.	GOLD/ENTERPRISE
Terms and Conditions Acceptance	Ability to require users to accept terms and conditions prior to accessing anything.	SILVER/GOLD/ENTERPRISE
Tools	A variety of handy tools for encoding/decoding, SAML Token analysis, GUID generation and more	SILVER/GOLD/ENTERPRISE
Virtual Directory Services	The OptimalCloud leverages a world-class virtual directory under the covers, which allows for a wide variety of features.	SILVER/GOLD/ENTERPRISE

SSO (Single-Sign On) Features include various federation standard and protocols.

Feature	Description	Required Tier
Federation Templates & Wizards	Many of the most common applications are included in templates.	SILVER/GOLD/ENTERPRISE
Custom Federation	Custom federation would be for applications that do not support one of the standards based federation protocols, and as such would require a reverse proxy or federation module to be installed.	ENTERPRISE
Federated Broker	A federated broker is when The OptimalCloud asks as a broker between service providers and identitiy providers.	SILVER/GOLD/ENTERPRISE
IdP Initiated Sign-on	This is the federation process where users go from The OptimalCloud directly into a service provider (SP) application.	SILVER/GOLD/ENTERPRISE
OAuth2 Protocol	Support for the OAuth2 federation protocol.	SILVER/GOLD/ENTERPRISE
OpenID Connect Protocol	Support for the OpenID Connection federation protocol.	SILVER/GOLD/ENTERPRISE
SAML2 Protocol	Support for the SAML2 federation protocol.	SILVER/GOLD/ENTERPRISE
SP Initiated Sign-on	This is the federation process where users go directly to an service provider (SP) application, and are redirected to The OptimalCloud for authentication.	SILVER/GOLD/ENTERPRISE
WSFED Protocol	Support for the WSFED federation protocol.	SILVER/GOLD/ENTERPRISE
WSTRUST Protocol	Support for the WSTRUST federation protocol.	SILVER/GOLD/ENTERPRISE
Shared Accounts Support	SSO for users that use a shared account.	SILVER/GOLD/ENTERPRISE

Identity Management Features

Feature	Description	Required Tier
Account Lifecycle Management	Notifications for pending disablement/deletion as well as provisioning/deprovisioning.	ENTERPRISE
Application Request/Approval	Ability to setup request to applications (service providers), which includes an approval process.	ENTERPRISE
Application Management	Ability to manage applications (service providers), or simple url links.	SILVER/GOLD/ENTERPRISE
Active Users Sessions	Ability to see currently active sessions and force logout.	SILVER/GOLD/ENTERPRISE
Delegated Administration	Delegated Administration allows for designated admins of an Organization to manage their own users and permissions.	SILVER/GOLD/ENTERPRISE
Group Management	Full Group Management of Cloud group (and on prem when using ENTERPRISE edition).	SILVER/GOLD/ENTERPRISE
Dynamic Group Management	Dynamic Group Management of Cloud groups.	SILVER/GOLD/ENTERPRISE
Organization Management	Full Organization Management.	SILVER/GOLD/ENTERPRISE
Organization Type Management	Ability to have delegated administration across multiple organizations based on an organization type.	ENTERPRISE
Provisioning Management	Incoming and Outgoing provisioning to various systems.	GOLD/ENTERPRISE
Self-Registration	Allows users to self-register a new account for access.	SILVER/GOLD/ENTERPRISE
Self Service Password Reset (SSPR)	Allows for a user to reset his/her own password.	SILVER/GOLD/ENTERPRISE
User Management	Full User Management.	SILVER/GOLD/ENTERPRISE
White Pages	Simple searching page to lookup basic information on a user.	SILVER/GOLD/ENTERPRISE

Authentication and MFA

Feature	Description	Required Tier
Advanced/Adaptive Authentication Process	Allows end-users to select a defined list of authentication methods in which to login.	GOLD/ENTERPRISE
Agentless Desktop Single Sign-on	Allows clients as well as customers of our clients (by Organization), to enable Enterprise Desktop SSO without requiring any on premise agent.	GOLD/ENTERPRISE
Behavioral Biometrics	The OptimalCloud leverages TypingDNA for Behavioral Biometrics. This uses a users typing patterns to determine a first or second factor.	GOLD/ENTERPRISE
OTP via Email	One-Time Passcode sent via Email	SILVER/GOLD/ENTERPRISE
OTP via SMS	One-Time Passcode sent via SMS	SILVER/GOLD/ENTERPRISE
OTP via Voice	One-Time Passcode sent via Voice	SILVER/GOLD/ENTERPRISE
Hyperlinks via Email	One-Time Hyperlink sent via Email	SILVER/GOLD/ENTERPRISE
Hyperlinks via SMS	One-Time Hyperlink sent via SMS	SILVER/GOLD/ENTERPRISE
Passwordless Authentication	Acheived when useing either Behavioral Biometrics with TypingDNA or when using WebAuthN.	GOLD/ENTERPRISE
Privileged Account MFA Requirement	Can force MFA for any members of groups, orgs or apps.	SILVER/GOLD/ENTERPRISE
PUSH Notifications	PUSH Notifications leveraging the Optimal Authenticator app (available for both iPhones/iPads and Android devices).	SILVER/GOLD/ENTERPRISE
Radius	Radius server integration.	ENTERPRISE
Step-Up Authentication	Ability to enforce step-up authentication based on group, org or app membership or via conditional authentication.	SILVER/GOLD/ENTERPRISE
Time-Based One-Time Passcode (TOTP)	TOTP using any standards based 3rd party authenticator like Microsoft Authenticator, Google Authenticator and others.	SILVER/GOLD/ENTERPRISE
User/Password	Typical user and password login.	SILVER/GOLD/ENTERPRISE
U2F (FIDO)	U2F, is part of the original FIDO v1 standard that leverage tokens such as Yubico.	GOLD/ENTERPRISE
WebAuthN (FIDO2)	Support for Windows Hello and other device bound authentication devices such as TouchID & FaceID for Mac devices & FIngerprint & PIN for Android devices.	GOLD/ENTERPRISE
Grid Card Authentication	Support for Grid Card Authentication.	GOLD/ENTERPRISE
Duo	Support for Duo, including their PUSH notification, TOTP, SMS, etc. Requires customer to have their own Duo account.	GOLD/ENTERPRISE

Security Features

Feature	Description	Required Tier
Administrative Force Password Changes	Administrators by force other administrators or members of Groups, Orgs and Apps to reset their passwords.	SILVER/GOLD/ENTERPRISE
Choice of Data-Center Locations	You get to choose where servers are deployed and also which platform to deploy to (such as Azure, AWS, Google, etc.).	ENTERPRISE
Dedicated Environments	Dedicated environments means that you servers that are dedicated to your deployment only. This allows for many options such as the use of VPN's or data location in client desired data-centers.	ENTERPRISE
Email Validations	Ability to validate a users Email Address in real-time, to determine security.	GOLD/ENTERPRISE
Force Signout of Active Users	Ability to force a given user to signout upon request.	SILVER/GOLD/ENTERPRISE
IP Address Validations	Ability to validate a users IP Address in real-time, to determine security.	GOLD/ENTERPRISE
Optimal AI™	Features include: DOS Detection/Prevention Email Blocking GeoAccess/Location Blocking Hacking Detection/Prevention IP Blocking Session Blocking	GOLD/ENTERPRISE
Web Application Gateway	Provides for centralized protection incoming traffic and ability to limit cypher suites.	SILVER/GOLD/ENTERPRISE
Firewall (optional)	Provides for centralized protection of the service from the most common exploits and vulnerabilities (OWASP protection).	ENTERPRISE
TLS	Support for TLS 1.2 and TLS 1.3	SILVER/GOLD/ENTERPRISE

Reporting/Auditing Features include data written to a Splunk environment.

Feature	Description	Required Tier
Log Types	Log Types consist of the following: AI Logs (Optimal AI™) Audit Logs Authentication Logs Email Logs Error Logs Health Logs Provisioning Logs SSO Logs Suspicious Activity Logs Web Access Logs	GOLD/ENTERPRISE
Reporting Dashboards	Dashboards/Splunk Features consist of the following: AI Dashboard (Optimal AI™) Audit Dashboard Authentication Dashboard Direct Splunk Searching Health Dashboard Main Dashboard Provisioning Dashboard SSO Dashboard Stats Dashboard Trends Dashboard	GOLD/ENTERPRISE
Troubleshooting Tool	Ability to track activity by Session, User or IP Address.	GOLD/ENTERPRISE

API Features

Feature	Description	Required Tier
Authentication API	Allows for authentication from within your own on-prem application.	GOLD/ENTERPRISE
Authorization	Performs authorization for a given user and resource.	GOLD/ENTERPRISE
Management	Ability to manage the environment.	GOLD/ENTERPRISE
SCIM	System for Cross-domain Identity Management: A standar for automating the exchange of user identity information between identity systems.	GOLD/ENTERPRISE
WebHooks	Mostly used for incoming provisioning system, but ability for custom WebHooks to be added on as needed.	GOLD/ENTERPRISE

Microsoft Azure/Office 365 Features

Feature	Description	Required Tier
Azure AD User/Group Account Provisioning	Automated user and group account provisioning and deprovisioning.	GOLD/ENTERPRISE
Azure AD Guest Account Provisioning	Automated Guest account provisioning and deprovisioning.	GOLD/ENTERPRISE
Azure/Office 365 License Management	Ability to evaluate/review licenses within Azure/O365.	GOLD/ENTERPRISE
Azure Cost Usage Management	Ability to evaluate/review cost/usage of Azure services (coming soon).	GOLD/ENTERPRISE

Copyright © 2023 - optimalidm | Secured by Optimal IdM, LLC tocusea-p-001

Cookie Notice

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website.