Value Added Modules

A Simple Way to Customize and Extend the SecureAuth Cloud IAM Solution

Many of our clients have systems that work with SecureAuth products out-of-the-box. Just deploy and configure.

Some clients, however, require additional customization to work with us. For this, SecureAuth provides Tailoring Frontline Services, a staff of developers specializing in taking our products and customizing them to work seamlessly with your system. Some of these custom solutions prove useful beyond the needs of an individual client, so we offer them to other clients as ready-to-use modules.

Value-Added Modules (VAMs) are software components that are developed by SecureAuth Tailoring Frontline Services to fit the needs of customers seeking a simple way to adapt their system to our cybersecurity solutions. Think of these VAMs as adapters or connectors, enabling you to link SecureAuth products to your system without additional development.

.Net SAML Consumer

This Value-Added Module enables SecureAuth customers to integrate the .NET SAML Consumer into their current Internet Information Services (IIS) environment.
In order to perform this integration, you need the following components:

  • IS Server
  • SecureAuth setup in your environment or an accessible environment
  • .NET SAML Consumer compressed file
  • Valid X509 certificate to sign the assertion
  • .NET Framework 4.5 or later

Deployment Guide

ADFS 2FA Module

Curious about the SecureAuth ADFS Two-Factor Adapter Value-Added Module (VAM), and how to configure it for use in an ADFS 3.0 environment? The SecureAuth ADFS Two-Factor Adapter is a Multi-Factor Authentication Provider that uses the SecureAuth Authentication APIs to send One-Time Passwords (OTPs) for use in authentication by an ADFS Federated application.

The SecureAuth ADFS Two-Factor VAM enables current ADFS customers to add strong authentication to their existing ADFS integrations. Many customers have comprehensive ADFS implementations that provide the convenience of SSO access but lack strong security, thereby putting all their applications at risk from a single breach. With this add-on module, Push-to-accept, SMS, voice, email, KBQ, and OATH authentication can be enabled as well as advanced IP threat analysis.

Solution Brief | Deployment Guide


Epic CareLink

The Epic CareLink Value-Added Module (VAM) provides installation and configuration assistance to enable Epic CareLink system applications to access SecureAuth for authentication and authorization.

Deployment Guide



SecureAuth’s Epic EPCS Value-Added Module (VAM) enables seamless integration between SecureAuth Multi-Factor Authentication (MFA) and Epic’s Hyperspace platform for the E-Prescribing of Controlled Substances (EPCS) system. Using this integrated package, qualified physicians can write prescriptions quickly and securely while meeting DEA requirements for e-prescribing.

SecureAuth’s flexible authentication framework allows providers to deploy DEA compliant Two-Factor Authentication (2FA) in ways that are not intrusive on physicians; and in many cases SecureAuth can actually optimize workflows by reducing clicks. Its aim is to provide the quickest way to ensure that the accessing physician is the one authorized to approve the prescription, per DEA standards.

Deployment Guide


SecureAuth Health Analyzer

The SecureAuth Health Analyzer tests SecureAuth Realms to gather the following information, and generate an HTML report based on the results. The elements tested include:

  • Average health and security score of all realms combined
  • Number of Identity Manager (IdM) Realms
  • Number of SSO Realms
  • Number of Network Realms
  • Machine Name & Host Name
  • Whether the machine is joined to a domain
  • Whether the server has an enabled firewall
  • IPv4 and Ipv6 address

Solution Brief | Deployment Guide


IP Blacklisting

This Value-Added Module (VAM) adds the IP Blacklisting provider feature to SecureAuth versions 9.2 and 9.3.

It consists of a customization that allows the administrator to add a Risk User Provider for Adaptive Authentication and specifies to send the IP in the service call. With this, a client service with the IP could send back a risk score which will be used to specify desired scenarios. The VAM will give you the opportunity to set the course of the authentication process depending on the user’s IP.

Deployment Guide


OAM 2FA Adapter

The OAM 2FA Plug-In Value-Added Module (VAM) connects SecureAuth with Oracle Access Manager (OAM) and its supporting servers for Two-Factor Authentication (2FA).

Deployment Guide


PeopleSoft Value-Added Module

The PeopleSoft Value-Added Module (VAM) provides deployment and configuration on the SecureAuth appliance to enable authentication and authorization of applications on PeopleSoft.

Deployment Guide


PingFederate 2FA Plugin

The PingFederate 2FA Value-Added Module (VAM) integrates SecureAuth and PingFederate servers (version 8.3 or later). This integration enables customers of PingFederate to add SecureAuth to their SSO solution for even stronger identity security.

The integration relies upon a SecureAuth PingFederate two-factor authentication (2FA) value- added module (VAM) — a piece of software that enables PingFederate to perform 2FA through the SecureAuth API.

NOTE: This guide pertains to integrations using PingFederate version 8.3 and later.

SecureAuth can also integrate with PingFederate via integration via SAML SSO. Please review the “PingFederate SAML Integration Guide” for more information.

Deployment Guide | Ping SAML Integration Guide


Radius 2FA

The Radius 2FA Value-Added Module (VAM) (formerly called RSA Hard Token Migration Value-Added Module (VAM)) provides a migration path for our customers leading away from RSA security tokens and toward more advanced 2-factor authentication (2FA) methods. Customers can continue to use their existing RSA tokens when authenticating to SecureAuth, allowing a phased retirement of the legacy hard token technology. This gives SecureAuth the ability to validate RSA soft and hard tokens by using the RSA RADIUS Validation client. Because the integration utilizes RADIUS, the Radius 2FA VAM can be used with RSA and other legacy hard token modules.

Deployment Guide


SAML Logout

The SAML Logout Value-Added Module enables applications using SAML Logout to access SecureAuth for authentication and authorization.

Deployment Guide


Self-Service Verification Value-Added Module

Self-Service Verification provides a method for validating that contact information has been updated properly. While the normal self-service post-authentication page allows the user to update their contact information (such as emails and phone numbers), there is no assurance that the user has updated with a valid phone number or email.

The Self-Service Verification page enforces validity of the updated information. Once a user changes their email address or phone number, they are directed to verify that change with an OTP code sent to either their email or phone.

Deployment Guide


SecureAuth SAML SLO (Single Logout)

The Single Log-Out (SLO) Value-Added Module (VAM) enables applications using SAML Logout to access SecureAuth for authentication and authorization, and supports cascading logout. When a user clicks a logout link in a relying application that is in session with other relying applications, it will send a logout request to the SLO endpoint. In turn the SLO service will go through all other applications that have been logged in during the current session, and dispatch a logout assertion to each relying application endpoint.

This VAM can be added to the SecureAuth appliance using an installer that supplements the appliance with all necessary files and modifies the configurations accordingly.

Deployment Guide

Pin It on Pinterest