Strengths: Simple to use and configure, highly compatible with existing architecture
Weaknesses: Arguably may not be considered true "something you have/something you know" authentication - used with an SSL VPN only
Verdict: Specialised product with good feature set and ease of use
Coupled with Cisco Adaptive Security Appliance (ASA) SSL VPN, SecureAuth can offer same-day deployment with x.509 level user authentication. The product integrates seamlessly with many third-party applications such as Microsoft Active Directory, SQL and Oracle database.
A key feature is the out-of-band certification registration to protect end users from man-in-the-middle attacks. SecureAuth reduces costs by not using expensive tokens, data servers or other devices to provide strong multi-factor authentication to end users. The use of self registration and automated certificates reduces administration workloads and calls to the helpdesk.
SecureAuth is easy to configure and works well with Active Directory. Once the product is deployed the administrator can organise group and enrolment policies, as well as certificate configurations. End users have an equally smooth ride when obtaining their certificates.
An end user logs into a secure authentication server and registers to receive a password. To obtain a certificate, he or she is then given a one-time, out-of-band password by phone, text message, email or by answering security questions. After receiving the one-time pass users are able to download the certification that authenticates them to log on to the VPN.
The SecureAuth device under test performed well. Product integration with the Cisco ASA SSL VPN was flawless.
Two-factor authentication is applied twice, first during the registration phase, when you use your password and the one-time password sent to you to obtain the certificate. The second time occurs when using your certificate and user password to access the VPN.
Documentation is good, very short and straight to the point. The product manuals are so concise that there is no need for a table of contents. There is good use of screenshots to assist in the step-by-step configuration.
The company’s support offerings include 24/7 technical assistance via phone and email, as well as access to technical documentation. The web-based support requires a user name and password to gain access to its features.