1 Introduction
Digital identity is a primary vector of attack in nearly all the headline-grabbing data breaches of the last few years. Bad actors, such as fraudsters, state agents, and even malicious insiders or contractors, start by getting access to user accounts, then searching for administrative or service accounts to take over in order to exploit the elevated privileges that they possess. Whether the attackers’ goal is stealing credit card information, health records, or intellectual property, their Techniques, Tactics, and Procedures (TTPs) almost always include compromising passwords and using privileged accounts.
Eliminating passwords is an important goal in many organizations today. SSO helps to remove some passwords, but puts greater pressure on organizations to protect identities. Strong, multi-factor authentication (MFA) is a requirement and important step to take in helping secure access to sensitive resources. MFA methods run the gamut from SMS OTP to hardware tokens to mobile biometric applications on smartphones. While MFA is necessary, it is not a panacea, and often risk-based adaptive authentication is needed as well for stronger security posture, a better end user experience, and to fully enable passwordless authentication. Adaptive authentication solutions evaluate various user, device, and environmental attributes against pre-defined policies to determine real-time risk levels that either grants the user access, step-up the user an MFA method, redirect or deny the access attempt. MFA, in concert with adaptive authentication, are often used to protect critical assets in governments and the finance, healthcare, pharmaceutical, aerospace, and defense industries.
Identity federation is the foundational element for enabling Single Sign-On (SSO) between different domains. Thousands of organizations across the globe depend on identity federation for mission critical applications. Federation technology silently powers connections between colleges and universities, banks and other financial institutions, medical service providers to hospitals, e-commerce brands and retail sites, government departments to agencies, employers and employee benefits providers, subsidiaries and holding companies, suppliers to commercial buyers, sub-contractors to prime contractors, online publications to other media companies, etc.
The classic federation use case is a set of users in one domain leveraging their identity credentials and authentication events to gain access to another domain, without having to explicitly maintain distinct accounts and login with different passwords. Identity federation is one of the main technologies that helps organizations move away from password-based authentication. Since federation is seamless between organizations and transparent to the users, it makes moving between federated web properties a much better user experience.
SecureAuth’s IdP is their primary integrated IAM and CIAM solution set. Today, SecureAuth supports a large array of authentication methods, adaptive authentication, identity federation for SSO, and user self-service.
SecureAuth was founded in 2005 and is based in Irvine, California. The company has a large customer base, primarily centered in North America. Their Windows Server 2012-based product, is available primarily for on-premise deployments as a hardened virtual appliance. It can also run in hybrid mode with the SecureAuth Cloud Access IDaaS, which features customer profile storage.