WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS



Similar documents
White Paper. What is an Identity Provider, and Why Should My Organization Become One?

SECUREAUTH IDP AND OFFICE 365

Copyright 2013, 3CX Ltd.

WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION

STRONGER AUTHENTICATION for CA SiteMinder

Mobile Device Management Version 8. Last updated:

ADDING STRONGER AUTHENTICATION for VPN Access Control

The increasing popularity of mobile devices is rapidly changing how and where we

A Guide to New Features in Propalms OneGate 4.0

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Business Case for Voltage Secur Mobile Edition

RSA SecurID Two-factor Authentication

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

A brief on Two-Factor Authentication

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Entrust IdentityGuard Comprehensive

Preparing for GO!Enterprise MDM On-Demand Service

Configuration Guide BES12. Version 12.3

ForeScout MDM Enterprise

Employee Active Directory Self-Service Quick Setup Guide

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

nexus Hybrid Access Gateway

DUO SECURITY CISCO VPN USER GUIDE 1/27/2016

Configuration Guide BES12. Version 12.2

NetIQ Advanced Authentication Framework

Cisco Mobile Collaboration Management Service

Multi-Factor Authentication Job Aide

Mobile Iron User Guide

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Sophos Mobile Control SaaS startup guide. Product version: 6

The ForeScout Difference

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide BES12. Version 12.1

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Improving Online Security with Strong, Personalized User Authentication

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Introduction to the EIS Guide

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Self Service Portal and 2FA User Guide

Symantec Managed PKI Service Deployment Options

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

McAfee Cloud Single Sign On

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Configuration Guide. BES12 Cloud

mobilecho: 5-Step Deployment Plan for Mobile File Management

Frequently Asked Questions Aerohive ID Manager

An Overview of Samsung KNOX Active Directory and Group Policy Features

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

How To Use Salesforce Identity Features

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Setting Up and Accessing VPN

Office 365 deployment checklists

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

BlackBerry Enterprise Service 10. Version: Configuration Guide

Egnyte Cloud File Server. White Paper

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Office 365 deploym. ployment checklists. Chapter 27

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

E-commerce: Competing the Advantages of a Mobile Enterprise

EMR Link Server Interface Installation

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Flexible Identity Federation

Remote Access Services Apple Macintosh - Installation Guide

Centrify Cloud Connector Deployment Guide

Advanced Configuration Steps


External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

ManageEngine Desktop Central. Mobile Device Management User Guide

The Top 5 Federated Single Sign-On Scenarios

Sophos Mobile Control Installation guide


Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Identity in the Cloud

Vodafone Secure Device Manager Administration User Guide

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

Ensuring the security of your mobile business intelligence

BlackShield ID Best Practice

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Using RD Gateway with Azure Multifactor Authentication

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Zenprise Device Manager 6.1.5

ACCESS MANAGEMENT UTILITY SERVICE via SECOND FACTOR AUTHENTICATION (2FA)

Initial DUO 2 Factor Setup, Install, Login and Verification

When enterprise mobility strategies are discussed, security is usually one of the first topics

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Transcription:

WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user experience. 2FaaS enables both enterprises and OEMs to implement 2-Factor Authentication without servers, on-premises hardware, coding, or data synchronization while still maintaining internal control of data and users access. With 2FaaS, no user information, PHI, PII, or password credentials are ever stored with SecureAuth or in the cloud. SecureAuth has two 2FaaS offerings: 2FaaS RADIUS is aimed to protect VPNs and websites utilizing RADIUS or RESTful protocols with one type of 2-Factor Authentication called PUSH (Accept or Deny). This is a very simple to install application (or mobile app) for your company to provide a 2-Factor login solution with corporate-provided or BYOD mobile devices that become the something you have for 2-Factor Authentication. This means that you are no longer required to administer and distribute tokens, smart cards, USB keys, or any other physical token to your users for 2-Factor Authentication. All they need is the web and a smartphone or tablet device. The product scales from as few as one user to hundreds of thousands of users. Self-enrollment of the profile information is also a part of the 2FaaS solution. 2FaaS is a system in which enterprises can point their RADIUS-compliant devices to a SecureAuth 2FaaS hosted RADIUS server for the purpose for conducting secure second factor authentication. 2FaaS RADIUS is very easy to integrate and works with many existing RADIUS products and supports the 2FaaS PUSH 2-Factor Authentication app that runs on ios, Android, and Windows Phone. 2FaaS WEB also scales from a few as one user to millions of thousands users. Self-enrollment of the profile information is included in the 2FaaS WEB solution, as well as a Device Fingerprinting solution that will recognize whether a user has successfully authenticated previously on a certain device (mobile or desktop). This helps the login process to remember the user and to subsequently, not keep prompting the user for second factor authentication until the fingerprint changes significantly (e.g.. IP change, a browser upgrade, or Wi-Fi location change). WHITEPAPER 2

2FaaS WEB is a system in which enterprises can point their existing web services or devices to a SecureAuth 2FaaS / 2-Factor Authorization server in the cloud. 2FaaS WEB is very easy to integrate and works with many existing web product (and customer) websites to provide multiple 2-Factor mechanisms, including SMS, Voice, and E-mail One-time Passwords (OTPs). Cloud Apps Mobile Apps INTERNET External Users VPN / Gateway Internal Users Enterprise Web Apps Enterprise Directory(s) TABLE OF CONTENTS Whitepaper... 1 Executive Overview... 2 Introduction: What is 2FaaS and Why Use It?... 4 2FaaS RADIUS PUSH Authentication Use Cases... 4 2FaaS RADIUS PUSH Authentication Advantages... 4 2FaaS RADIUS PUSH Registration Workflow... 5 What is 2FaaS WEB and Why Use It?... 9 2FaaS WEB Use Cases... 10 2FaaS WEB Advantages... 10 2FaaS WEB Workflow... 11 Yet Another Security Product?... 12 Why Use 2FaaS: Five Reasons... 12 Free Trial... 13 WHITEPAPER 3

INTRODUCTION: WHAT IS 2FaaS AND WHY USE IT? 2-Factor as a Service is a cloud-based solution that deploys within mobile, cloud, or web applications, enabling secure and effortless out-of-band 2- Factor Authentication for your enterprise without hardware, servers, or moving your identities to the cloud. 2FaaS employs standard protocols, is simple to configure, and upholds strong security for all of your resources and convenience for your end-users. 2FaaS does not integrate with your first factor of authentication by design, meaning that 2FaaS does not touch or replicate any user data or passwords or personally identifiable information to data stores on-premises or in the cloud. 2FaaS is an agentless product that does not require downloads, virtual system installations, plugins, or filters (e.g. Java applets or ISAPI filters). 2FaaS RADIUS is the first 2-Factor Authentication solution in the industry to provide a RADIUS Server in the Cloud so that organizations are not required to purchase an expensive and complex RADIUS on-premises 2-Factor Authentication server for its own network. Included in the 2FaaS WEB solution are Voice, SMS Text, or E-mail OTPs for authentication without requiring any installations on the network. Both products perform simple Target Redirects to send users to the 2FaaS services in the cloud for secure 2-Factor Authentication and then back to the onsite VPN or website. 2FaaS RADIUS PUSH AUTHENTICATION USE CASES Network Components VPN, Wi-Fi Any Solution that Supports RADIUS Applications Cloud, Web, Mobile Simple RESTful SDK for Web Services Integration 2FaaS RADIUS PUSH AUTHENTICATION ADVANTAGES 100% Cloud-based No Servers, Hardware, or Thick Clients Required No Synchronization (2FaaS is not an LDAP Proxy ) or Replication of PII/Passwords to Cloud Services No Administrative Requirements for RADIUS WHITEPAPER 4

Rapid Deployment 2-Factor Authentication in Hours Simple Acknowledgement Authentication User Experience True RADIUS Integration Web-based and Agentless No Installations Required Unlimited Scalability Low Cost due to Web-based Authentication Methods and Architecture 2FaaS RADIUS PUSH REGISTRATION WORKFLOW 2FaaS RADIUS Cloud Server 4 2FaaS Authentication Sequence 5 3 Firewall 1. SSL VPN Connection Initiated 2. Primary Authentication (can be LDAP, LOCAL, SQL, etc.) 3. RADIUS Request to 2FaaS RADIUS Server in the Cloud 4. Secondary Authentication Security s Service (2FaaS PUSH) 5. SSL VPN Receives Authentication Response 6. SSL VPN Connection Established Username Login 1 2 Password Submit 6 SSL VPN Primary Authentication 1. The 2FaaS Administrator sends a registration email to user s email address 2. User opens up the email in the mobile device. It contains two (2) links: Link 1 is to App Store to download the app Link 2 is to launch the app with certain encrypted data (User ID, Customer ID, Validity Period, GUID). This includes a QR code for rapid enrollment to verify the device. WHITEPAPER 5

2FaaS will push down the Activation Code (e.g. GUID) to be passed inside the URL; therefore, 2FaaS does not require encryption, as it is not passing down User ID and Customer ID. The link can be time sensitive (e.g. only valid for 24 hours), usage sensitive (e.g. can only be used to register 1 device), or both. 3. The mobile app opens and the user clicks Accept or Deny button to complete the registration. The app then makes a call back to 2FaaS server with the Mobile Device ID and Token ID to complete the registration (Optional) If the same user has multiple 2FaaS accounts with different companies, s/he can go through this multiple times, and the same Mobile Device ID + Token ID can be registered with multiple 2FaaS user accounts. For example, if the same user first registers with an iphone 4 and then iphone 5, 2FaaS will always send PUSH notifications to the last registered device, so it will be iphone 5 WHITEPAPER 6

Image: Example of 2FaaS PUSH E-mail Enrollment WHITEPAPER 7

2FaaS + _ User 01 User 02 User 03 Image: 2FaaS RADIUS App Installed Image: 2FaaS PUSH App Enrollments Image: Accept or Deny Request at Login WHITEPAPER 8

Image: 2FaaS Account Registration Log into this website and complete the signup registration process: http://www.2faas.com/guest/company/register.do WHAT IS 2FaaS WEB AND WHY USE IT? WHITEPAPER 9

2FaaS WEB is a cloud-based solution that deploys within mobile, cloud, or web applications, enabling secure and effortless out-of-band 2-Factor Authentication for any enterprise without hardware, servers, or moving identities to the cloud. 2-Factor Authentication is as easy as selecting a choice of SMS Text, Phone, or E-mail OTPs as second factors of authentication. It employs standard protocols, is simple to configure, and upholds strong security for all resources and convenience for end-users. 2FaaS WEB USE CASES Network Components Internet, VPN, Wi-Fi Any Solution that Supports the 2FaaS WEB API o Including but not limited to:.net, J2EE, RESTFUL, HTML5, PYTON, and others. Applications Cloud, Web, Mobile, Portal, OEM, and White Label Simple SDK for Integration 2FaaS WEB ADVANTAGES 100% Cloud-based No Servers, Hardware, or Thick Clients Required No User Information Synchronization PHI / PII, Password Credentials, and User Information Never Stored in the Cloud Rapid Deployment 2-Factor Authentication in Hours 100% Web-based and Agentless No Installations Required on Client, Server, or Edge Devices Unlimited Scalability Low Cost due to Web-based Authentication Methods and Architecture SMS, Voice, and E-mail 2-Factor Authentication Device Fingerprinting WHITEPAPER 10

2FaaS WEB WORKFLOW www.yourwebsite.com 5 2FaaS WEB 2-Factor Cloud Service 4 3 2FaaS WEB Authentication Sequence 1. Web Login Initiated 2. Primary Authentication (can be LDAP, LOCAL, SQL, etc.) 3. Request to 2FaaS RADIUS 2-Factor WEB Service in the Cloud 4. Secondary Authentication Security s Service (2FaaS Voice, SMS, or E-mail) 5. 2-Factor Verified and Web Login Permitted Username Login 1 2 2 Password Submit Firewall Web App User Database 1. User opens up a web browser on their desktop or mobile device and logs into web application 2. The user is redirected to the 2FaaS cloud 2-Factor Authentication service and verifies their desktop or mobile device by selecting a Voice, SMS, or E-mail verification 3. (Optional) To minimize the number of times that the user is required to enter a second factor of authentication, incorporate the 2FaaS WEB Device Fingerprinting http://www.secureauth.com/solution-briefs/2faas-device-2-factorauthentication/ 4. After the user verifies the identity via 2-Factor Authentication (Voice, SMS, or E-mail), the user is redirected back into the website or resource WHITEPAPER 11

YET ANOTHER SECURITY PRODUCT? 2FaaS should be thought of as an underlying ability. Most organizations will be required to purchase 2FaaS or similar products to help them acquire the ability to secure their critical data and logins and to comply with the increasingly strict PII regulations. It s not necessary to do so, but it s a long, cumbersome, and error-prone process if you use custom programming. Most organizations will find it more cost-effective to turn to market-tested solutions such as 2FaaS that streamline the 2-Factor Authentication process and strengthen their core identity foundation. WHY USE 2FaaS: FIVE REASONS 1. Mitigate Common Threats The most important reason to use 2FaaS is to start mitigating the many online risks that assault organizations VPNs or portal webs each day. It is no longer sufficient to rely solely on single factor of authentication (usually username and password); instead, 2FaaS provides the ability to start protecting critical access logins with a 2-Factor solution as soon as possible, requiring only hours to setup configuration without requiring installation on devices. 2. Embrace Cloud and Mobile As businesses move to embrace cloud and mobile environments, identity becomes the linchpin of any security effort. It is impossible to avoid working in the cloud and mobile environments, as many software providers are moving into SaaS and cloud models. Behemoths like Microsoft, Apple, Google, and VMware are all heavily invested in cloud computing and mobility. 3. Protect Existing Identity Investments Using 2FaaS helps preserve investments in existing identity tools like Active Directory. Most enterprises have sunk a lot of money into Active Directory, and they ve spent a ton of time tailoring AD to fit their organizations needs. In fact, most enterprises have structured their roles and policies according to AD concepts such as groups and attributes. Translating and migrating this lexicon of policies is more than just synching identities. Any identity solution that requires abandonment of those investments should be viewed cautiously. With that said, the first factor of authentication with Active Directory (or similar login) can be very easily compromised from the Internet if the something you have is not added into the mix. 2FaaS enables a very rapid way to deliver a second factor of authentication to your critical user logins and to protect critical information by WHITEPAPER 12

incorporating the corporate-provided or users BYOD devices, SMS, Voice, or E-mail as the second factor of authentication. 4. Keep Identities Safe and In-house There are major risks with outsourcing 2-Factor Authentication to Service Providers (SPs). In a heavily regulated industry, outsourcing identities also complicates compliance. This forces organizations to rely on third-party solutions to manage their identities, but what they fail or are breached? 2FaaS does not integrate with the first factor authentication at all, enabling enterprises to continue controlling logins on-premises. 5. Guard Against Expanding Insider Risks Outsourcing identities leads to worrying about insider threats from that Identity Service Provider. 2FaaS gives organizations a layer of security that is not controlled by insiders, but instead by the user. This workflow protects enterprises from any insider threats. Moreover, in this age of outsourcing and partnering, organizations of all sizes must grant access to contractors, partners, guests, and temporary employees. Without strong identity management tools in place, insider threats grow exponentially. FREE TRIAL Find out for yourself with a 30-day free trial of 2FaaS. Experience how straightforward and swift the process of enabling regulation-compliant 2- Factor Authentication for your cloud, mobile, and network/vpn applications can be. Start with the user directory you already have in place and immediately you ll be easily and securely connecting users to VPN resources and web portal applications. WHITEPAPER 13

888-80-InNet innetworktech.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information