Strengths: Simplifies management of strong authentication in just about any environment necessary – from applications to cloud-based resources.
Weaknesses: None that we found.
Verdict: Easy to set up and well-conceived front-end for all of your assets and locations that require security authentication.
SecureAuth IdP is a specialised web server that can act as a portal with strong authentication tied to the applications or web/cloud locations to which it allows connections. Using what the vendor calls "adaptive authentication," it centralises strong authentication for a number of resources into a single gateway. It does this by creating realms, which really are specific use cases. These realms are specific to a particular asset and they provide customised strong authentication to those assets. Users cannot enter the asset except via IdP. The system can be on-premises or cloud-based, but most often is on-premises.
Each realm has associated policies and those can manage such things as user on-boarding, access to cloud resources and access to applications. Because IdP uses CSS to create the portal, it can be branded easily in any manner the user wishes. Most important, because it simply is a very smart front-end, it does not take over many of the backend tasks of the customer's organisation. For example, no PII is passed to the portal itself. It remains within the organisation's control, as it would if IdP was not present.
That said, IdP does everything necessary to manage single sign-on and two-factor authentication across the assets and locations that it serves. The integration between the web presence and the managed assets is tight enough that there is no awkward feeling of a layered architecture. Everything fits nicely together. All of the strong authentication functions are managed by IdP using both its own and connected resources. We liked the clean, smooth functioning workflows that resulted.
Configuration is straightforward. Everything is laid out as workflows and the system accepts third-party tokens. It also uses existing directory stores. By design it does not have any of its own. However, it can tie to and span multiple stores so it could, for example, use Active Directory and another similar directory services, such as SQL, LDAP or REST.
The IdP administrator dashboard is laid-out well. It has top-level menus for creating realms, workflows, managing data and creating the portals needed. These portals usually go onto a jump page from which users can move to the assets for which the portal acts as an authentication front-end. After selecting a resource from the jump page, the user goes through the gateway having authenticated to the IdP's single sign-on.
IdP supports more than 20 methods of authentication, all major federation protocols and APIs. It is supplied as a virtual appliance. Although it typically is supplied as a VMware appliance, other hypervisors are supported. Additionally, logging is very good and can be passed as syslogs to SIEMs.
Pricing for IdP is reasonable, certainly considering all it does, and since it can be installed as a virtual appliance there is little additional hardware overhead. Support is provided as part of the licencing. And the website is very good. It contains a knowledge base and documentation as well as access to the support team. You can even download virtual appliance images directly from the site.
There is a lot to like about SecureAuth's approach. Even though it is built on a web platform, it is anything but a standard web portal. It has the mission of centralising and controlling authentication or, as SecureAuth puts it, providing identity security. It does that very well, indeed.