Skip Links

Smartphones take center stage in two-factor authentication schemes

SecureAuth IdP wins test of 8 software-based authentication systems that deliver enterprise-level security

By David Strom, Network World
May 20, 2013 06:01 AM ET

Page 6 of 9

As with the others that have user portals, you can automatically provision and revoke tokens for particular users without getting IT resources tied up. You can set up enrollment to happen automatically, or for users to receive activation codes via email or SMS for particular kinds of tokens.

SafeNet's reporting module is one of its strengths, providing dozens of built-in pre-formatted auditing, billing, and usage reports that can be customized and scheduled to run and export their results via email.

The cost for a 100-token configuration for just soft token licenses is $2.10 per token per month, and this increases to $2.40 per token per month for both software and hardware tokens. This is on the lower end of the scale and represents good value for the money.

SecureAuth IdP

We think SecureAuth’s two-factor solution, called IdP, is the best of the breed that we tested. You can run it as an appliance or (what we tested) as a cloud service. It has a plethora of menus and choices. IdP features some odd true/false dialog boxes that can be a bit daunting, but underneath it all it is a very capable product.

IdP supports a wide variety of tokens, hard and soft. Indeed, IdP has an interesting workflow option where you can add third, fourth, fifth factors for your logins, if your users would bear with the additional authentications. You can mix and match authentication methods too, and also have a "silent" two-factor validation check happen in the background once a user has been identified. All of this is accomplished with IdP's Web-based management console.

Users have a self-service Web-based portal where they can update their second factor connections or even reset their Active Directory password without any IT involvement. You can set up a separate help desk Web app where you or the user can easily revoke certificates or disable tokens that have gone awry. There is no additional software to download or any agents to install, unlike some of the other products.  

One thing IdP doesn't do is two-way synchronization with any of its identity stores. Although it does support a wide collection of them, including Active Directory, Novell eDirectory, SunOne and other LDAP providers, it just uses these directories to validate the user ID and pull the relevant information for the second factor process. Others in this review can do two-way updates of their directories.

Given their expertise with SSO and SAML, it isn't surprising that they could easily setup two-factor logins to various Web services such as Google Apps and Salesforce with relative ease. But what is lacking is the ability to add Web code to a server as PhoneFactor and others do. They work around this issue by having a special agent that adds SAML federation to either IIS, JBoss or Tomcat servers and can translate the Web code into a SAML request that IdP understands.

Reports aren't as simple to setup as some of its competitors and will require some customization and configuration of the Web management console. Once created, they can be exported as well.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News