SecureAuth Review | PCMag

Several Identity Management Systems (IDMs) that claim to be fit for the business come from Big Tech vendors, such as our Editors’ Choice award winners in the Okta category and VMware Workspace One Access. The SecureAuth brand might not be as well-known, but it’s no less legitimate for the corporate audience, and it has the portfolio of features and the customer list to prove it.

Get started with SecureAuth

If you deploy SecureAuth using a cloud instance connected to your on-premises directory, the process is similar to many other IDM tools we’ve looked at: you start by installing a software agent (the SecureAuth connector) and configuring to access your corporate directory (in SecureAuth terms, a data store). The data store can be an Active Directory or LDAP environment, an Oracle or SQL database, or a NetIQ eDirectory. SecureAuth initiates the connection between the connector and the service using a downloadable configuration file and a one-time password sent to the administrator email address.

Once the connector is online, you can configure it from the SecureAuth administrative console. SecureAuth recommends that you install and configure multiple connectors to enable redundancy, ideally before adding datastores.

Using the SecureAuth connector to directly manage users in Active Directory or an LDAP repository is a similar process that involves providing connection details for the directory (domain and service account credentials) and ” identify the attribute used to search for user accounts.

Optionally, you can configure the attributes in your directory that correspond to the data elements in SecureAuth and the attributes that you will make writable by SecureAuth. Data stores using Oracle or SQL Server are a bit more complex and involve establishing a connection to a database, creating stored procedures to handle various data access needs, and mapping database fields. to SecureAuth attributes.

Application authentication

A good thing about enabling authentication to commercial applications through an IDM suite is that it usually involves standards like Security Assertion Markup Language (SAML), which means that the process of setting up authentication in these applications rarely varies. SecureAuth offers a catalog of apps that offer a streamlined setup process including pre-populated values ​​and app icons. It should be noted that while application authentication is standards-based, each cloud service has nuances in terms of what is required of attributes and cryptographic signature. SecureAuth’s template-based configuration is therefore essential to configure your applications quickly and efficiently.

The modern platform interface provides an intuitive view of the setup process. This gives you a quick overview of the crucial details you need to pay attention to while tidying up the items you will only need in marginal cases. If I had one complaint it would be that you actually had to switch to the legacy interface if you need to configure things like attributes to pass as part of the SAML assertion, and the legacy interface is decidedly less intuitive. . That said, it’s definitely something I expect SecureAuth to clean up in the future as the new UI continues to mature.

Another gripe that is really a personal preference is that you don’t have access to the logs in the admin console when using SecureAuth in a cloud deployment. The reason given is that SecureAuth expects customers to take advantage of a Security Information and Event Management (SIEM) tool like Splunk, which I fully endorse. The nit I choose is that if I’m trying to troubleshoot authentication issues in a commercial app, I’d rather not have to go back and forth between my SIEM and SecureAuth in order to test authentication, view events from relevant log, adjust the configuration and start over. I would prefer to have the option to view log events in SecureAuth, although this is only a small subset of recent event history.

Another key feature that customers often use to manage a third-party tool is workflow-based approvals. Like VMWare with Workspace One Access, SecureAuth integrates with tools like ServiceNow to allow users to request access to an application or service, and then make it easy to collect the approvals needed to authorize the request.

Basic authentication and MFA

Multi-factor authentication (MFA) is the primary reason every business should use an IDM, and authentication policies are the component that ties authentication attempts to one or more additional authentication factors. This makes these two among the most critical elements of any IDM solution.

SecureAuth authentication policies are configured as sets of logical rules that evaluate various aspects of an authentication attempt and decide how to handle it. Data points such as geolocation and group membership can be combined to block attempts from certain geographic areas, unless the user is part of an exception group. SecureAuth also offers rules based on risk or threat level (at an additional cost) to take advantage of additional authentication factors (or outright block attempts) if the risk associated with an authentication attempt reaches a given threshold. SecureAuth supports ingestion of third-party threat streams to improve decision-making capabilities associated with threat-based rules. Once configured, policies can be associated with applications through the policy or the application configuration process.

For organizations looking to integrate their Mobile Device Management (MDM) or Universal Endpoint Management (UEM) platform into their authentication process, SecureAuth offers several options. On the one hand, you can use your MDM to make it easier for users to enroll their devices with SecureAuth. The identification of devices registered by MDM as part of the authentication process is somewhat limited; As of this writing, only Entrada is supported, which doesn’t compare well with solutions like Okta, Microsoft Azure AD, or even PortalGuard, each of which integrates flexibly with a number of MDM solutions. third parties.

SecureAuth pricing

SecureAuth offers three subscription levels that meet a variety of needs. The Secure plan offers up to five SAML, MFA apps for these web apps, self-service capabilities, and audit / recording for just $ 1 per user per month. Upgrade Protect supports single sign-on (SSO) for an unlimited number of applications, adaptive authentication, and MFA authentication for endpoints (Apple macOS, Linux, or Microsoft Windows) for a monthly fee $ 3. Customers on the $ 6 monthly Prevent plan also have access to multi-factor biometric authentication, risk and threat-based prevention (including the ability to ingest third-party risk data), and support. load FIDO2 keys.

Overall, SecureAuth is a highly functional IDM that can hold its own with other enterprise-oriented platforms, including our Editors’ Choice award winners Okta and VMware. Where it is a bit lacking is in terms of usability, as you will need to be familiar with both IT and SAML to use it effectively.