Solution Brief

ADAPTIVE AUTHENTICATION FOR ENDPOINTS

Secure Windows and Mac systems with Multi-Factor Authentication

Request a Demo

Control Credential Risk at the Endpoint

Strong authentication provides the most effective protection when it is enforced everywhere. Unfortunately, many multi-factor authentication (MFA) solutions stop at protecting applications and network devices. SecureAuth Login for Windows and SecureAuth Login for Mac ensure that your organization is protected from unique risks faced at the login prompt of your servers, desktops, and laptops.

Protecting Servers

SecureAuth Login for Windows ensures that the users accessing your systems via terminal services are who they say they are.

  • Enforce MFA for privileged users like administrators
  • Risk-based authentication changes the level of authentication to match the level of risk (High risk=denial; Low risk=no MFA)
  • Define granular policies to step up authentication or minimize friction based on specific scenarios

Protecting Desktops & Laptops

Guarding against local threats for Windows and Mac systems

  • Reduce risk of unattended machines being accessed by an unauthorized insider
  • Help enforce use of correct identities in multi-user environments
  • Require extra authentication to protect in “evil maid” scenarios
  • Block use of systems in high risk / hostile geographies or environments

Highlights

Complete Identity Platform

  • Rich set of MFA methods including Push-to-Accept, Yubikey, SMS, Voice, and Email
  • Adaptive Authentication support in Windows; coming soon for Mac
  • IP- and Geo-based adaptive authentication layers trigger on connecting system IP for servers and endpoint IP for laptops and desktops
  • Self-service password reset from the login prompt in Windows; coming soon for Mac
  • Validated with FIPS 140-2 compliant cryptographic libraries
  • Offline support for disconnected systems (must have connectivity for initial setup)
  • Bypass Group to allows Adaptive MFA to be disabled for specific users

The Solution

  • Push-to-Accept Notification: Push-to-Accept on SecureAuth Authenticate for iOS/Android
  • Passcode Notification: Passcode sent to SecureAuth Authenticate for iOS/Android
  • Passcode from SMS/Text: Passcode sent via SMS/text
  • Passcode from Voice Call: Passcode received in call to phone
  • Passcode from Email: Passcode sent to email
  • Timed Passcode: OATH OTP from SecureAuth Authenticate
  • YubiKey Series 4 & 5 support (OTP, TOTP, & HOTP only)
  • Symbol-to-Accept Notification: Select the correct symbol displaying on both phone & PC
  • Security Questions: Knowledge-based questions and answers
Push-to-Accept Notification
Push-to-Accept on SecureAuth Authenticate for iOS/Android
Passcode Notification
Passcode sent to SecureAuth Authenticate for iOS/Android
Passcode from SMS/Text
Passcode sent via SMS/text
Passcode from Voice Call
Passcode received in call to phone
Passcode from Email
Passcode sent to email
Timed Passcode
OATH OTP from SecureAuth Authenticate
YubiKey Series 4 & 5
Support (OTP, TOTP, & HOTP only)
Symbol-to-Accept Notification
Select the correct symbol displaying on both phone & PC
Security Questions
Knowledge-based questions and answers

About SecureAuth

SecureAuth, the secure identity company, provides the most advanced identity security solution for large organizations globally to enable secure access to systems, applications, and data. Our customers leverage our flexible, enterprise-grade identity and access platform coupled with the SecureAuth Intelligent Identity Cloud service to deliver the most secure, frictionless user experience for their customers, partners and employees, everywhere, exponentially reducing the threat surface, enabling user adoption and meeting business demands. To learn more, visit www.secureauth.com, or connect with us at info@secureauth.com, Twitter, and LinkedIn.