SecureAuth is excited to announce its latest release of SecureAuth™ IdP 8.2. Release highlights include Cisco pxGrid support/integration, Adaptive and Authentication API enhancements, and Splunk support/integration. The theme of this release is to improve how security administrators utilize SecureAuth IdP and it’s adaptive access control engine with Single Sign-On (SSO) to improve security within the enterprise while making access less intrusive for the user.
Cisco pxGrid & Identity Services Engine (ISE) Integration
Cisco pxGrid and ISE owners can now leverage SecureAuth’s unique adaptive access control technology to increase security while allowing a seamless, integrated logon experience to corporate applications. SecureAuth IdP uses the Internet Protocol (IP) address as a factor to help determine the legitimacy of people trying to logon/authenticate to corporate applications. During the authentication process SecureAuth IdP send a user’s IP to Cisco pxGrid and/or ISE to check and see if that user is properly logged into the corporate network. If yes, SecureAuth gains confidence that authenticating user is who they claim to be and can allow access. If no, we require multi-factor authentication steps before granting access. Cisco pxGrid and ISE provide SecureAuth IdP yet another way to determine access risk and provide increased authentication when needed.
Adaptive and Authentication APIs
Many enterprises have legacy, customer facing, mobile and homegrown applications currently protected by only a User ID and Password. The SecureAuth Adaptive and Authentication APIs allow developers to easily add Adaptive and Two-Factor Authentication to these applications, enabling a consistent set of access control across the entire application landscape (on-prem – commercial and homegrown, as well as cloud (SaaS) and mobile applications.) The SecureAuth Adaptive API is new in version 8.2 and allows developers to add Adaptive Authentication capabilities by making a single API call to the SecureAuth IdP that checks IP reputation, group membership, country black/whitelist, and geo-velocity. All of these factors can all be leveraged to assign risk to the logon event returning recommended actions such as block, allow, redirect or step-up for multifactor authentication. In addition, Device recognition can be leveraged, enabling security administrators to analyze the logon device and tie it to a unique user. This enables a much better user logon experience and is much more secure than using a cookie alone. The SecureAuth Authentication API enables security administrators to check user ID, password, multiple forms of second factor such as SMS, knowledge base, OTP and many more. New in 8.2 are Push-to-Accept as well as PIN verification. Push-to-Accept is arguably one of the most convenient forms of second factor authentication, and this API allows developers to call these capabilities directly from their web applications.
SecureAuth is a frontline defender for your enterprise, and together with a number of significant logging enhancements, has built a Splunk dashboard application that will be available on Splunkbase™. This dashboard application helps security administrators more easily surface and analyze authentication related security threats. In addition to surfacing threat data, IdP system health and utilization data are clearly visualized. The visualization coupled with configurable Splunk alerts, enables enterprise security administrators to accelerate operational remediation and thwart attacks.
In addition to 20+ other authentication methods, SecureAuth™ IdP now supports “push-to-accept”. Push-to-accept allows security administrators to send a push notification to a user’s device (smartphone, tablet, PC) and require an “Accept” or “Deny” selection. Obviously if user is trying to log-in and gets a notification, they will respond in the affirmative. If they are not trying to authenticate, then the user knows someone else is trying to log-in with their credentials and can select “Deny”. Many users find this method of second factor very convenient and has very high user acceptance.
Watch a quick video on how this works: