IGEL Secure Endpoint OS
for Now and Next
IGEL is a transformative secure endpoint OS designed for SaaS, DaaS, VDI and secure browser environments. IGEL significantly reduces endpoint TCO and your endpoint attack surface.
QwickAccess for IGEL provides users with
fast and secure access to their Citrix session or Citrix-hosted Epic Hyperdrive
session with the tap of a badge on an IGEL endpoint device. This can be the
same badge that is used for building access or identification purposes.
QwickAccess for IGEL is designed to eliminate the tedious redundancy of
manually entering a username and password to gain access to a Citrix session or
Citrix-hosted Epic Hyperdrive session.
QwickAccess for IGEL
version 1.3.0 supports two different modes: Unique Session Mode and Shared
Session Mode.
In both modes, in
addition to tap-in, QwickAccess for IGEL supports tap-out, and tap-over, making
it easy for multiple users to securely use the same IGEL endpoint. And in both
modes QwickAccess for IGEL supports self-service badge enrollment which allows
a user to enroll their own badge without needing to see an administrator or
visit a special enrollment station.
The QwickAccess
for IGEL application speeds user access, dramatically reduces the frequency
that users need to type their passwords and increases efficiency at shared IGEL
endpoints.
Tap your badge on
the RFID reader connected to the IGEL endpoint to automatically log into and
launch your Citrix session or log into a Citrix-hosted Epic Hyperdrive session.
You can then tap your badge again to secure (lock) your session and step away
from the IGEL endpoint. When you return, simply tap again to start your work exactly
where you left it without any reconnection time. Or move to another IGEL
endpoint where QwickAccess for IGEL is installed and your work will follow you
(roam with you). And while you are away, another user can use the same IGEL
endpoint without exposing or disturbing your work.
Your password is
saved for a configurable period after your badge is tapped. Within the
configured password-save period, you can now tap-in without entering your
password. The password-save time “rolls over” at any tap-in, tap-out,
or tap-over event, renewing the amount of time in which your password is saved.
Badge enrollment
is a simple one-time event which does not require you to call the help desk,
see an administrator, or visit a special registration station. You simply need
to tap your badge wherever QwickAccess for IGEL is installed, provide your
username and password, and click OK. Done! Now use your badge to tap-in,
tap-out, tap-over wherever QwickAccess for IGEL is installed.
The QwickAccess
for IGEL application speeds user access, dramatically reduces the frequency
that users need to type their passwords and increases efficiency at shared IGEL
endpoints. QwickAccess for IGEL provides the following benefits for users and
IT staff.
Tap-In
Tap your badge on
the RFID reader connected to the IGEL endpoint to automatically log into and
launch your Citrix session or log into a Citrix-hosted Epic Hyperdrive session.
Tap-Out
Tap your badge on
the reader to automatically secure your session without disconnecting it. When
you return, simply tap your badge to access the session just as you left
it without any reconnection time!
Tap-Over
In addition to
Tap-In and Tap-Out, users can Tap-Over. The Tap-Over feature allows a user to
start their own session on an IGEL endpoint even if another user already has an
active session on that endpoint. The second user would simply tap their badge
to secure the first user’s session automatically, while simultaneously logging
in to their own session.
Rolling Configurable Password Save
Your password is
saved for a configurable period after your badge is tapped. Within the
configured password-save period, you can now tap-in without entering your
password. The password-save time “rolls over” at any tap-in, tap-out,
or tap-over event, renewing the amount of time in which your password is saved.
Organizations usually configure this password-save time so that users are
prompted for their password once when they start their shift, but don’t have to
enter it again for the rest of the day if they are actively using their badge
to access their work.
Badge Self-enrollment
Badge
self-enrollment enables a user to enroll their badge without seeing an
administrator, calling the help desk, or visiting a special registration
station. A user who is not yet enrolled simply needs to tap their badge wherever
QwickAccess is installed and QwickAccess will then prompt the user for their
username and password. After these are verified, they are securely saved in the
system. Conveniently, the user only needs to enroll their badge once and it
then becomes usable wherever QwickAccess or ExactAccess is installed, i.e.,
they don’t need to enroll their badge at each endpoint they visit.
Forgotten Badge
A user who
forgets their badge at home can enroll a temporary replacement badge provided
by the organization and use that for the day. The temporary badge replaces the
original badge which means the original badge cannot be used until it is
re-enrolled. This is a security feature. The next day when the user returns
with their original badge, they simply enroll it again and the temporary badge
is no longer enrolled (it is replaced by the original badge) and therefore can
be assigned to a different user who has forgotten their badge.
Automatic Lock and Logoff
QwickAccess for
IGEL can automatically lock a user’s session after a configurable period of
inactivity in the case where a user has walked away and forgotten to tap-out.
If the user returns, they simply need to tap their badge again to unlock their
existing session (tap-to-unlock), or another user can tap their own badge to
automatically logoff the first user and log into their own session (tap-over).
In addition, a locked session can be automatically logged off after another
configurable period.
Two Modes
Two modes of
operation are available: Unique Session Mode and Shared Session Mode.
Unique
Session Mode (USM): After QwickAccess for IGEL is
configured to be in USM, when a user walks up to the IGEL endpoint and taps
their enrolled badge, they will be logged into a Citrix session with the user
account that is associated with the badge. In other words, the Citrix session
is unique to the user account associated with the badge. The user can then move
to another IGEL endpoint with QwickAccess for IGEL installed and configured to
be in USM and tap their badge. This would then disconnect the user’s session
from the first IGEL endpoint and connect it to the second IGEL endpoint. In
other words, when the two endpoints are in USM the user’s Citrix session roams
(or follows) the user and is unique to the user.
Shared
Session Mode (SSM): When in SSM, QwickAccess for IGEL
will automatically launch and log into a Citrix session when the IGEL endpoint
is started. This happens without any user interaction. The IGEL endpoint then
becomes a kiosk where the same Citrix session can be used by multiple users.
Typically, this mode is used by organizations who host Epic Hyperdrive on
Citrix. In this scenario, after the shared Citrix session is launched, the Epic
Hyperdrive application is also launched and is displayed on the IGEL endpoint.
Users then can tap-in/out/over in Epic Hyperdrive, but the shared Citrix
session stays connected.
Leverages Microsoft Active Directory (AD)
QwickAccess for
IGEL leverages an organization’s existing Microsoft Active Directory
infrastructure with no changes needed. This means that users use the same
account and credentials with QwickAccess for IGEL that they currently use; no
separate account or credentials are needed. In addition, AD administrators can
continue to use the AD tools they are familiar with to manage user accounts and
reset passwords. QwickAccess for IGEL will automatically recognize these
changes and respond appropriately.
Easy, Remote Deployment
QwickAccess for
IGEL can be easily and remotely deployed to the enterprise using IGEL Universal
Management Suite (UMS) and requires no changes to your existing Citrix
infrastructure, and no changes to Active Directory. In addition, users simply
use the same RFID-enabled badges they currently use for building access or
identification purposes.