The downloadable app enables strong authentication access based on SecureAuth's use of an X.509 certificate, provides SSO and authenticates the user to the corporate data store, typically Active Directory, mirroring the platform's capabilities for securing computer access.
"Mobile devices are a big issue for enterprises," says Steve Coplan, senior analyst, enterprise security practice at The 451 Group. "There are any number of vendors with mobile certificates, but it's how you manage the certificate that's important. How do you automate the process? How do you associate the certificate with a particular user so there's a one-to-one correlation between the user and device?"
IEP provides browser-based x.509 certificate authentication using the same crypto mechanism as PKI, but without requiring the enterprise to roll out PKI infrastructure. "It's similar to a cookie workflow," says Tom Stewart, SecureAuth CFO. "The certificate is mapped to the user and the enterprise, and, using the data store, the user name and password is used as a second factor." Coplan refers to the technology as the "anti-PKI PKI."
IEP can leverage different protocols to allow the authentication to take place. So a user might be allowed access to a cloud service using SAML and then an internal resource, such as a SharePoint repository, using form-based authentication, without having to log in twice.