Features

Docker based containers for ultimate flexibility

NetIQ Advanced Authentication is now offered as Docker containers. Docker is often the distribution model of choice for cloud environments. Docker containers can be deployed and managed with a variety of virtualization, hypervisor, or cloud-based technologies.

One framework for every authentication

Reduce complexity and risk by using a single authentication framework for all of your devices and methods. Having a single framework also keeps costs down as Advanced Authentication scales to any size environment.

Authenticate to the right level of user verification

We offer risk-based access control that enables you to match the type of authentication to the potential risk of the information or service being accessed. Control the criteria from which you determine the authentication level.

Mobile workforce support–offline login

Travelers on-the-go required to perform multi-factor authentication to access private information can now do so anytime they need. Even without connectivity, users are able to get work done.

Broad platform support

Advanced Authentication provides an OS X authentication plug-in as well as a Linux Pluggable Authentication Module and Windows Credential Provider. Use methods based on iOS, Android and Windows Mobile to authenticate to Windows 7+ and OS X 10+ computers for business-critical initiatives.

Multi-site support

Large organizations requiring worldwide deployment of their authentication policies will appreciate Advanced Authentication’s support for multi-site configurations. It will scale to nearly any performance or location requirement that you have.

High availability: redundancy and load balancing

Application availability, reliability, and performance are ensured with internal server load balancing capabilities. Replication between primary and secondary locations (over LAN or WAN) ensures data integrity. Multiple updated data stores are always available for rapid disaster recovery (DR).

Advanced authentication for Active Directory Federation Services (ADFS)

Advanced Authentication integrates into ADFS services and multi-factor authentication environments. It also supports ADFS setup in other Microsoft Azure configurations.

FIPS 140-2 inside

Because National Institute of Standards and Technology’s (NIST) standards for encryption have been recognized over the world, Federal Information Processing Standard (FIPS) 140-2 is important to any corporation. Advanced Authentication meets these standards so that organizations operating in regulated industries can deploy with confidence.

Geo-fencing

Geo-fencing uses global positioning (GPS) technology to define authentication policies based on a user’s specific location. Policies can limit access to only those users in the allowed location(s). This method is superior to typical geo-location using IP address lookup. IP lookup depends on accurate IP address reporting and larger geographic regional definitions that can be spoofed.

Face and fingerprint recognition

Advanced Authentication supports Windows Hello, which allows both face and fingerprint recognition for multi-factor authentication. The face recognition method can also be invoked through Microsoft Cognitive Services (Azure).

Second factor skipping

Advanced Authentication allows administrators to configure a grace period between authentications where a second factor isn’t required. The user is still required to fulfill the complete authentication requirement initially.

Support for federation

The OAuth interface gives clients an easy way to integrate applications. You can also use an XML-based protocol, SAML 2.0 to invoke security tokens containing assertions. Assertions are used for sending the information about a user from a SAML authority to a SAML consumer.

Web based user enrollment

Advanced Authentication provides an easy, self-explanatory workflow for user registration. Users can register iOS, Android, and Windows Phone devices as well as workstation connected biometrics, card reads, and more.

Web based administration and configuration portal

Administrative and configuration operations are web based. The web interface provides for network and RADIUS configuration, database connection, configuration of all authenticators, authentication chain design (2FA / MFA) and assignment, roles delegation, and other key operations in one tool.

Help desk module

Help Desk includes assistance with enrolling and un-enrolling, assigning tokens, and defining user roles. Help Desk Agents provide positive customer support experiences.

Emergency OTP

Emergency OTP helps users who have no previously enrolled authentication methods available. This access process generates an OTP for users in urgent situations, such as when tokens are misplaced, card readers fail, or phones go missing.

Support for non-domain clients

Advanced Authentication doesn’t require domain membership multi-factor authentication, so it isn’t limited to corporate devices. Users can bring their Windows, Mac OS X, and even Linux-based devices and still use Advanced Authentication as needed.

Windows 10 Hello

Advanced Authentication allows non-domain PCs to authenticate into a domain using Windows Hello, which includes face or fingerprint type authentication on Windows 10 machines.

Customizable user facing UI

Customize all user interfaces used in your portals and authentication screens with your own corporate colors, styles, and logos. Using CSS, Advanced Authentication web pages can be modified to be indistinguishable from your own pages.

High performance user repository

Advanced Authentication supports both Microsoft SQL Server and MySQL types of SQL repositories. Use an SQL repository instead of LDAP if desired, especially in cloud environments where high performance web interfaces may be used.

Centralized policy engine

Create authentication policies specific to users, groups, devices, or locations. Delegated administration and tracking of changes keeps policies consistent and secure. The policy engine is flexible and crosses all authentication methods, alleviating redundant work and inconsistent authentication.

Event logging

Advanced Authentication lets you define which types of authentication events are logged for later retrieval. Typical events include both successful and unsuccessful authentication attempts, as well as changes in enrollment or configuration.

Reporting

Customized reports help identify user authentication behavior or important abnormalities. View reports on persons, authentication methods, or authentication trends. You can also run reports on servers to potentially identify ways to optimize configurations or expand deployments.