About ActivID AS

The HID® ActivID® Authentication Server (AS) is a versatile, flexible and highly scalable authentication solution for securing access to government and corporate systems and online consumer services.

It secures a wide range of enterprise and commercial applications and is the ideal solution to meet compliance requirements and industry-standard guidance for strong, layered authentication and auditing (including the Payment Card Industry Data Security Standard (PCI-DSS) and the Federal Financial Institutions Examination Council (FFIEC)).

ActivID AS simplifies ongoing credential management through a single point of administration. It ensures segregation of data between different applications, making various information types extremely secure. It also provides centralized, tamper-evident auditing capabilities.

The overall solution supports multiple authentication methods which can be configured using highly flexible and customizable policies and be assigned to different user populations. With ActivID AS, it is possible to adjust the authentication policy used (for example, static or one-time passwords) − based on specific profiles and risk factors.

Supported Environment and System Requirements

ActivID Authentication Services and Portals

The table below defines the environments supported for the ActivID Authentication Services, and the ActivID Management Console and ActivID Self-Service Portal.

Item Environment

Operating System
  • Red Hat® Enterprise Linux 7.7 64-bit
  • Red Hat Enterprise Linux 8.x 64-bit
  • Oracle® Linux 7.7 64-bit
  • Oracle Linux 8.x 64-bit
Note: Deployment on Red Hat Enterprise Linux/Oracle Linux 8.x requires FIXS2302003 (for further information, refer to the release notes provided with the hot fix).

Application Server

  • IBM® WebSphere® Network Deployment 8.5.5.x 64-bit (where x is version 14 or later)
  • Red Hat JBoss® Enterprise Application Platform (EAP) 7.2.x

JDK
  • For IBM WebSphere:
    • IBM WebSphere SDK Java Technology Edition 8 (with latest update)
  • For JBoss EAP:
    • Open JDK 8 64-bit (with latest update)
    • Oracle JDK 8 64-bit (with latest update)

Cryptography

  • Entrust®:
    • nShield™ Connect + (500, 1500 and 6000)
    • nShield XC
    • nShield PCI
    • payShield™ (PCI and netHSM)
  • Thales® SafeNet® ProtectServer™ External
  • Amazon® Web Services (AWS) CloudHSM
  • Software cryptography

ActivID RADIUS Front End

Item Environment
FreeRADIUS server Version 3.0.13-x
OpenSSL Version 1.0.1e-34 (or later) (1.0.2k-16 is recommended for security reasons)
Important:  

  • If you plan to use an ActivID RADIUS Front End (RFE), then you must install it after you install ActivID AS. Some of the settings in the RFE installation process must match the corresponding settings in your ActivID AS.

  • The ActivID RADIUS Front End is not supported on the following operating systems:

    • Red Hat Enterprise Linux 8.x 64-bit
    • Oracle Linux 8.x 64-bit

    To use the ActivID RADIUS Front End in a deployment on these systems, you should install it on a separate host where Red Hat Enterprise Linux/Oracle Linux 7.7 is installed.

Databases

  • Oracle:
    • Oracle 12c Release 1
    • Oracle 12c Release 2
    • Oracle 18c
    • Oracle 19c

LDAP Directories

  • Microsoft® Active Directory® 2008 R2, 2012 R2 x64, and 2016
  • Novell® eDirectory 8.8 SP1
  • Oracle Directory Server (Enterprise Edition 11g Release 1)

Web Browsers

  • Microsoft Internet Explorer® 11 and later
  • Microsoft Edge 40 and later
  • Google® Chrome® 60.x and later
  • Mozilla® Firefox® 55.x and later
  • Apple® Safari® 8 and 9 on MacOS®
Note:  
  • JavaScript™ and cookies must be enabled.
  • By default, the authentication server is configured to only accept TLS v1.2 connections. It is recommended that you use this setting for security reasons. This configuration can be changed if you need to support web browsers that do not support TLS v1.2.

HID Approve Application

Supported operating systems:

  • Apple iOS®
  • Google Android®
  • Microsoft Windows 10
Note:  
  • HID Approve for Windows 10 does not support biometric authentication.
  • Fingerprint authentication is only supported on Android 6 and later.

Supported Migration

ActivID AS 8.6 supports the following migration paths (listed by ActivID AS version and application server/cryptographic configuration combination).

Application Server Type Cryptographic Configuration
IBM WebSphere Soft Crypto
IBM WebSphere nShield HSM
Application Server Type Cryptographic Configuration
IBM WebSphere Soft Crypto
IBM WebSphere nShield HSM
IBM WebSphere SafeNet HSM
Red Hat JBoss EAP Soft Crypto
Red Hat JBoss EAP nShield HSM
Red Hat JBoss EAP SafeNet HSM
Application Server Type Cryptographic Configuration
IBM WebSphere Soft Crypto
IBM WebSphere nShield HSM
Red Hat JBoss EAP Soft Crypto
WebLogic Soft Crypto
WebLogic nShield HSM

For further information, refer to the ActivID Authentication Server Migration Guide available from the ActivID Customer Portal.