SecureAuth Rolls Out Multifactor Authentication, SSO For Smartphones

Enterprises can enable secure end user access via smartphones using the latest version of SecureAuth, which provides certificate-based two-factor authentication, single sign-on and identity management services. SecureAuth is also extending support for securing access to cloud-based applications. SecureAuth Identity Enforcement Platform (IEP) 6.0 extends the product's capabilities from desktops and laptops to iPhone/iPad and Android, as well as other mobile platforms. Mobile device users can be granted secure access to internal corporate and VPN resources, as well as authorized cloud applications.

The downloadable app enables strong authentication access based on SecureAuth's use of an X.509 certificate, provides SSO and authenticates the user to the corporate data store, typically Active Directory, mirroring the platform's capabilities for securing computer access.

"Mobile devices are a big issue for enterprises," says Steve Coplan, senior analyst, enterprise security practice at The 451 Group. "There are any number of vendors with mobile certificates, but it's how you manage the certificate that's important. How do you automate the process? How do you associate the certificate with a particular user so there's a one-to-one correlation between the user and device?"

IEP provides browser-based x.509 certificate authentication using the same crypto mechanism as PKI, but without requiring the enterprise to roll out PKI infrastructure. "It's similar to a cookie workflow," says Tom Stewart, SecureAuth CFO. "The certificate is mapped to the user and the enterprise, and, using the data store, the user name and password is used as a second factor." Coplan refers to the technology as the "anti-PKI PKI." 

IEP can leverage different protocols to allow the authentication to take place. So a user might be allowed access to a cloud service using SAML and then an internal resource, such as a SharePoint repository, using form-based authentication, without having to log in twice.SecureAuth is placing heavy emphasis on the growing use of cloud applications. It supports several major cloud providers, including Salesforce.com and Google Apps, out of the box (the administrator need only provide a URL for the IEP appliance), and enables easy support for any SAML-compliant service. The 6.0 release supports deployment of IEP on Amazon EC2 and adds preconfigured native support for SuccessFactors, Concure, ADP and Microsoft Live@edu.

Coplan says that although remote access to corporate resources is still the most common use case for multifactor authentication, cloud is changing the landscape for the use of combined authentication, SSO and identity management. "Cloud adoption is a catalyst for change," he says. The first step, he explains, is strong authentication for security and risk mitigation, followed by SSO as an incentive to drive user adoption. The next question is the role authentication/SSO plays in an organization's identity management program.

"Enterprises see a change in how applications are consumed, a change in infrastructure and topology, and need better control over who is using what applications," he says. "Authentication and SSO become a kind of choke point where you can start to impose those controls."

The new release also greatly expands IEP's multitenant capacity for supporting "unlimited" applications from a single appliance. (SecureAuth says 90 percent of its appliances are deployed as virtual machines.) So, IEP can be deployed to support different business units, departments, etc., within an enterprise and support a SaaS model across it.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: SaaS SSO (subscription required).