Multi-Factor Authentication SecureAuth for SSL VPN
Strengths: Simple to use and configure and highly interoperable with existing architecture.
Weaknesses: Arguably may not be considered true "something you have/something you know" authentication - used with SSL VPN only.
Verdict: Specialized product with a good feature set and good ease of use all around.
SummaryStraight out of the gate, this product, coupled with Cisco Adaptive Security Appliance (ASA) SSL VPN, can offer same-day deployment with x.509-level user authentication. The product integrates seamlessly with many third-party applications, such as Microsoft Active Directory, SQL and Oracle database.
A key feature of this product is the out-of-band certification registration to protect end-users from man-in-the-middle attacks. The Multi-Factor offering reduces customer costs by not using expensive tokens, data servers or other costly devices to provide strong multifactor authentication to end-users. The simple to use “self registration” and automated certificates reduces administration workloads and reduces help desk trouble calls.
SecureAuth is easy to configure and can be deployed by any novice administrator. The use of Active Directory with this product works quite well. Once the product is deployed, the administrator can organize group and enrollment policies, as well as certificate configurations. End-users have an equally satisfactory experience when obtaining their certificates with SecureAuth.
An end-user logs in to a secure authentication server and goes through an easy registration form to receive a password. In order to receive a certificate they then are given a one-time “out-of-band” password by phone, SMS text message, email or by answering security questions. After receiving the one-time password, users are able to download the certification, which authenticates them to log on to the VPN.
The SecureAuth device performed well with no obvious problems within the configuration or end-user portions of deployment. Product integration with the Cisco ASA SSL VPN was flawless. The use of two-factor authentication occurs twice: first during the registration phase, when you use your password and the one-time password sent to you to obtain the certificate. The second time occurs when using your certificate and user password to access the VPN.
Documentation is good for this product. It is short and straight to the point.
Full 24/7 technical support is available via phone, chat and email, as well as access to technical documentation.
The SecureAuth SSL VPN has a base price of $3,000, with the addition of user license fees.