Updated on February 9, 2023
The world鈥檚 workforce has turned to remote work, resulting in employees accessing corporate resources from home and public networks. To Make (Remote) Work Happen, IT admins need a way to provide their employees with secure access to the resources they need to do their jobs without disrupting their day (perceived or otherwise) on whatever service they鈥檙e accessing.
Passwords alone are not enough to secure these resources and prevent unauthorized access, as they can be easily compromised by brute force, phishing, and other techniques, potentially resulting in monetary losses for organizations. IT administrators have to introduce additional security measures to protect their organization’s resources.
Multi-factor authentication (MFA) provides such a measure that safeguards organizational resources and reduces the risk (and cost) associated with password compromise. It鈥檚 a foundational security control for identity and access management (IAM) that can combine with conditional access to ensure that unmanaged devices from unauthorized locations won鈥檛 be granted access to vital IT resources.
The inclusion of MFA to IAM configurations adhere to the cybersecurity requirements that are issued by international standards bodies such as ISACA, ISO/IEC, NIST, and PCI SSC. These mature standards exist to safeguard confidential and private information from bad actors.
MFA Doesn鈥檛 Have to Be Difficult
However, implementing MFA can be a difficult proposition, for both technical and political reasons. On the technical side, there are many options to choose from, both free and paid, which can be difficult to implement and may only cover a subset of IT resources depending upon their specific requirements and capabilities. In addition, end users may be resistant to adopt MFA, especially if the process to verify additional factors is cumbersome, unreliable, or persistent.
MFA combats the growing challenges associated with mitigating cyberattacks, as well as those associated with rolling out Zero Trust security tools to end users who may be resistant to the increased requirements to access their resources. IT admins can use 探花大神 Protect as an MFA solution to implement biometric authentication (Touch ID), mobile push notifications, and time-based, one-time passwords (TOTPs). It鈥檚 available as an iOS and Android mobile app, and natively backed by 探花大神鈥檚 Directory Platform.
探花大神 Protect: Biometric, Push, and TOTP Authentication
IT admins can leverage 探花大神 Protect to extend MFA beyond cloud applications and secure all endpoints and resources, including on-premise applications, Mac, Windows, and Linux desktops, VPN and wireless networks, and servers.
With 探花大神 Protect, IT admins can achieve:
- Improved endpoint security: 探花大神 Protect adds a secondary security layer to prevent unauthorized access to an organization鈥檚 network, customer data, tools, and more, giving IT admins and organizations peace of mind.
- Higher security for network devices: 探花大神 Protect integrates with 探花大神鈥檚 RADIUS services to safeguard the network perimeter such as administrative access to firewalls or employee access to VPNs.
- IT unification: Use MFA to secure access to your core stack, gaining visibility for compliance purposes, improved security, and streamlining the overall IT infrastructure.
- Protection from phishing: 探花大神 generates applets for IT resources within its user console, making it more difficult for cybercriminals to spoof login pages to steal credentials.
- Financial cost savings: 探花大神 Protect is included with all bundle packages and the cloud MFA a la carte offering at no extra cost, eliminating the need to pay for additional licensing for this kind of functionality. This includes all customers of the 探花大神 Free package as well.
- Vendor consolidation: Admins will no longer have to manage third-party MFA or authenticator apps. 探花大神 Protect is natively combined with the 探花大神 Directory Platform.
- Enhanced conditional access authentication policies: For customers of 探花大神鈥檚 Platform Plus package, 探花大神 Protect adds an extra layer of security by providing an integrated MFA solution with the package鈥檚 Conditional Access policies, triggering verification of an identity based upon a variety of parameters, such as device trust, location, network trust, and application-specific step-up challenges.
- A simplified end user experience: Standard MFA methods are often viewed as cumbersome for end users, such as the insertion of six-digit token numbers into authentication fields or combined with passwords. 探花大神 Protect provides a one-touch authentication method to support employee convenience when challenged with verifying their identity.
- Integrated visibility to validate compliance requirements: IT admins can audit 探花大神 Protect enrollment and authentication events using Directory Insights to validate compliance status against their corporate security policies and external and regulatory compliance frameworks.
How Do End Users Use 探花大神 Protect for MFA?
探花大神鈥檚 admins and end users can download 探花大神 Protect from the and .
探花大神 uses clear, accessible language
End users can self-enroll and activate their device through 探花大神鈥檚 User Portal, and they have two options they can select as a second factor: Biometric, Push, and TOTP.
- If a user selects Biometric as the MFA method during the login process, the user’s device will receive approval requests in the form of notifications which the user can use their fingerprint to approve or deny.
- If a user selects Push as the MFA method during the login process, the user’s device will receive approval requests in the form of push notifications which the user can approve or deny. The process is consistent across RADIUS and single sign-on (SSO).
- If the user selects TOTP, the user can enter the code displayed on the mobile app for the associated account to continue the login process.
What Resources Does 探花大神 Protect Support?
End users can use 探花大神 Protect (Biometric, Push, and TOTP) as a factor for the following scenarios:
- User portal login.
- Apps using SAML SSO with both Identify Provider (IdP) and Service provider (SP) initiated flows are supported. 探花大神 also now supports SSO using OpenID Connect (OIDC). Windows, Mac, and Linux devices login.
- RADIUS and LDAP.
- Password management (change and forgot password).
- End users can use 探花大神 Protect with TOTP as a factor for the following scenarios:
- User Portal login, SSO.
- Device login (Windows and Mac) and change password from tray app (Windows) and menu app (Mac).
- RADIUS and LDAP.
Additionally, users can add 探花大神 Protect TOTP as a second factor to their personal online accounts that support this factor.
How Secure Is 探花大神 Protect?
探花大神 Protect provides the highest level of security in terms of mobile app storage and communication.
- When a device is enrolled and activated for Push MFA, an asymmetric key pair of public and private keys are generated.
- The private key is stored securely on the device while the public key is stored on 探花大神 servers.
- The push requests and responses are signed by the key pair.
Additionally, communication and data exchanged between the mobile app and 探花大神 servers happens over a secure channel.
Why Should Customers Enable 探花大神 Protect?
探花大神 Protect is natively integrated with 探花大神鈥檚 Cloud Directory Platform, unlike traditional point MFA solutions that are inserted into the access transaction, adding additional overhead to integrate and maintain. Because of this, 探花大神 Protect provides a second layer of security to support device login (across Windows, macOS, and Linux), Admin portal login, RADIUS and LDAP application access.
探花大神 Protect gives both IT and security teams a path to protection without overcomplicating their infrastructure. For employees, an intuitive, easy-to-use method with less user friction for enrollment and authentication is presented, thereby increasing the chances of adoption and limiting the need for ongoing technical support.
