Advanced Authetication and Access Management Platform

Multi-Factor Authentication for your ever changing needs

When you commit and invest time, resources and budget in a multi-factor or two factor solution it might be to meet a specific challenge. Point solutions are often just that and are not flexible enough when facing future challenges. Rest assured, there is a better way. Our intelligent flexible multi-factor authentication solution is built to meet today’s challenges and tomorrow’s ever changing needs.

Enterprise single sign-on Solutions

SecureLogin streamlines user authentication for enterprise applications by providing a single login experience to the users. It eliminates password reset calls, protects against unauthorized access to business applications, and integrates with almost any authentication device.

Secure web resources across cloud mobile and enterprise

As the demands of secure web access becomes more complex organizations face some formidable challenges. Access Manager® provides a simple yet secure and scalable solution that can handle all your web access needs. Whether your users are using their phone or laptop to access internal or cloud based services, Access Manager keeps it secure while delivering a single sign-on experience.

Multi-Factor Authentication

One framework for every authentication

Organizations are usually forced to manage and maintain multiple infrastructures. Not only are multiple authentication infrastructures complicated to manage, they are less secure. What you need is a single authentication framework for all of your devices and methods. Having a single framework keeps costs down as Advanced Authentication scales to any size environment.

Centralized policy engine

Advanced Authentication framework is robust enough to manage large environments with diverse authentication needs, but simple enough to require little administration. With our two factor (or more) authentication capabilities, you can create authentication policies specific to users, groups, devices or locations. The web interface keeps configuration clean regardless of complexity. Delegated administration and tracking of changes keeps policies consistent and secure. And because the policy engine in the Advanced Authentication framework is flexible, it crosses all authentication methods, alleviating redundant work and inconsistent authentication.

Multi-Site Support

Large organizations requiring worldwide deployment of their authentication policies will appreciate Advanced Authentication’s support for multi-site configurations. Advanced Authentication is designed to scale to any performance or location requirement that you may have.

High Availability: redundancy and load balancing

Advanced Authentication is designed for High Availability providing continuous uninterrupted operations. Application availability, reliability and performance are ensured with internal server load balancing capabilities. While replication between a primary and secondary locations (over LAN or WAN) ensures data integrity. Multiple updated data stores are always available for rapid disaster recovery (DR).

Authenticate to the right level of user verification

Every organization has some private information (financial, customer, regulated, etc.) that requires an added level of user verification not possible with traditional credentials. It’s that type of information that warrants a higher level of authentication based on the situation. Is the requester in the building, as expected, or across the country or beyond? Are they using a known device or one not seen before? Perhaps there is other criteria from which you want to control the authentication level. We offer risk based access control that enables you to match the type of authentication to the potential risk of the information or service being accessed.

Advanced authentication for Active Directory Federation Services (ADFS)

You can configure ADFS to use our Advanced Authentication framework. If your organization uses any ADFS services and have multi-factor authentication or other types of strong authentication requirements, you will be glad to know that Advanced Authentication integrates into those environments. Of course it also supports ADFS setup in other Microsoft Azure configurations that your business applications may be using. And because Advanced Authentication integrates natively into ADFS, you have the flexibility to use any authentication type that you like.

FIPS 140-2 Inside

Because National Institute of Standards and Technology’s (NIST) standards for encryption have been recognized over the world, Federal Information Processing Standard (FIPS) 140-2 is important to any corporation. Advanced Authentication does meet these standards so security conscious businesses as well as organizations operating in regulated industries can deploy with confidence.


Using global positioning (GPS) technology, geo-fencing allows the administrators to define authentication policies based on a user’s specific location, such as a building or campus. The policies can be configured to limit access to only those users in the allowed locations(s). This feature differs greatly from typical geo-location using IP address lookup which relies upon accurate IP address reporting and larger geographic region definitions.

Compared to other location based technologies, geo-fencing offers a superior option with high accuracy and resistance to spoofing.

Second Factor Skipping

For organizations that want to balance speed of access with their security needs, NetIQ Advanced Authentication allows administrators to configure a grace period between authentications where a second factor isn’t required. The user is still required to fulfill the complete authentication requirement initially. Separately, your organization may choose to use Access Manager’s risk based authentication engine to define when second factor authentication is required.

Mobile Workforce Support–Offline Login

Travelers on-the-go required to perform multi-factor authentication to access private information can now do so anytime they need. Meaning, that even without connectivity users are able to get work done.

Broad platform support

We are dedicated to your success in providing security across a broad number of platforms. As such, Advanced Authentication provides an OS X authentication plug-in as well as a Linux Pluggable Authentication Module. This is in addition to the existing Windows Credential Provider. Now you can use methods based on iOS, Android and Windows Mobile to authenticate to Windows 7+ and OS X 10+ computers for business-critical initiatives. Broad platform support enables you to accelerate full coverage and reduce the cost created if multiple solutions were required.

Standards based Application Integration

Advanced authentication provides an OAuth interface that provides clients an easy way to integrate their applications. Once in place, applications can leverage Advanced Authentication’s policy engine to match the appropriate method(s) to the situation to provide the ‘right’ level of security.

Web based user enrollment

Advanced Authentication provides an easy self-explanatory workflow for the end user registration experience. By simplifying the registration of iOS, Android and Windows Phone devices as well as workstation connected biometrics, card reads and others, your users will effectively register their devices, your system will easily scale and your help desk will not be overrun with registration issue calls.

Web based administration and configuration portal

Administrative and configuration operations are web based. The simple elegant interface provides for network and RADIUS configuration, database connection, configuration of all authenticators, authentication chain design (2FA / MFA) and assignment, roles delegation and other key operations in one tool.

Help Desk Module

Help Desk module provides the capabilities to ensure a good end-to-end customer experience. This includes un-enrolling and assist in re-enrolling methods, assign tokens (when needed), and assignment of specific user roles. If a user contacts the Help Desk with an authentication issue related to Advance Authentication, your Help Desk Agent will be able to provide the positive customer support experience expected. This builds strong relationships and further support for your MFA efforts.

Emergency OTP

Use this Advanced Authentication feature when a user has no previously enrolled authentication method available. Perhaps your user misplaced their token, took their phone swimming or they could just be at a workstation where the card reader has failed. In any event they still need access. The Emergency OTP access process is part of the Help Desk Module and allows for an OTP to be generated for the user in these urgent situations.

External Proxy

Advanced Authentication HTTP Proxy serves as a barrier between the Internet and your authentication server. This means that traveling and remote users have access to advanced authentication services while your server remains safe behind your corporate security.

Support for non-Domain Clients

In a day and age where employees and contractors are using their own devices (BYOD), it’s likely that they’re not part of your corporate domain. Because Advanced Authentication doesn’t require domain membership multi-factor authentication isn’t limited to just your corporate devices. Your users can bring their Windows, Mac OS X and even Linux based systems and you can enforce Advanced Authentication to your resources as needed.

Event logging

Advanced Authentication lets you define which types of authentication events are logged for later retrieval. Typical events include both successful and unsuccessful authentication attempts, as well as changes in enrollment or configuration.


Customized reports allow administrators to identify user authentication behavior or abnormalities that may be important for their environment. Analysis can be performed on persons, authentication methods or various types of authentication trends.

Reports can also be focused on the servers themselves, potentially identifying ways to optimize configurations or expand deployments.

Access Manaegement

Risk-based Authentication

Use Access Manager’s risk-based authentication engine to increase the security of your web-based and federated services. Administrators can set up risk profiles to determine the level of identity verification as well as the authentication type(s) to be presented to the user. Higher risk profiles could invoke an access denial or a step-up authentication with stronger methods or challenges.

Used together with Advanced Authentication, Access Manager enables organizations to select the authentication methods that fit the context of the authentication. Using the right authentication type provides high security for sensitive information while simplifying access for authorized users.

Single Sign-on Everywhere

Access Manager enables single sign-on, which means your employees and partners only have to remember one login for authorized access to all corporate web-based applications. This not only makes your environment more secure, it makes secure authenticated access convenient and fast, creating more productive users and lowering your support costs.

Standards-based Federation

Give your employees secure access to externally hosted applications. Present a single view of applications, information and services delivered from multiple partners to your customers. Or, enable business-to-business interactions or collaboration with one or more partners. Access Manager offers all of this and more using standards-based technologies.

Single Point of Administration

Manage and configure your environment from a single console. No need to touch individual web servers or configure individual agents.

Microsoft Certified 365 Single Sign-on

Access Manager provides an integrated single sign-on experience to your Office 365 applications and hosted information without the need for complicated Active Directory Federation Services (ADFS) configurations. And because it’s Microsoft certified you know that it’s every bit as reliable.

Access Manager provides intuitive wizards for configuration of single sign-on to Office 365. And because Access Manager provides a rich set of web-access management features, you can use it for all your internal and cloud-based access needs.

Simplified Access to SharePoint

Using the WS-Federation standard, Access Manager simplifies the management of different user communities to Microsoft SharePoint. Access Manager lets you avoid complicated Active Directory Federation Services (ADFS) configurations or the need to setup trusts across domains.

Access Manager gives your users a single SharePoint password adhering to a single policy regardless of where their account resides.

Manage and Control Web Services

Secure your web services and protect your information against authentication attacks and unauthorized access through security tokens. Access Manager uses a standards-based Secure Token Service (STS) that issues and validates security tokens to act as a trusted authority.

Enterprise web services can use STS to enforce appropriate security token policies across web service providers and consumers. Access Manager STS allows the secure identity propagation and token exchange between web services and facilitates secure identity delegation and impersonation.

Self Service Password Administration

Self Service Password Reset enables users to reset their passwords or unlock their accounts without calling the help desk. And because Access Manager distributes password updates in real time across all your physical and virtual resources, your entire environment is password-maintenance free.

Support for Legacy Environments

For those situations where federation isn’t the best fit, Access Manager can serve as a reverse proxy that protects your web resources.

Customizable Portal

Administrators have the ability to customize user interfaces, such as the optional login page and portal. With minimal effort, you can brand the login page with your own corporate logo and colors.

If you don’t already have a centralized place from which users launch their applications, Access Manager’s built-in portal provides an easy way for your administrators to configure their users’ experience as they access applications and services from their laptops, tablets and smartphones. The portal optimizes the view for each form factor to make navigation quick. Users also have the flexibility to choose favorites as well as the type of view they want to experience.

Mobile Access

For those that want to move their web-based apps out to their mobile users, Access Manager does that for you. It supports the MobileAccess app which keeps them secure and simple to access. Within the app, your users are presented a corporate view of their business applications made to fit the form factor they are using. With a single touch of an icon, the selected application is loaded. Users can also group or favorite the apps that they use most.

For those of you who are delivering services through native mobile apps, Access Manager includes an SDK (iOS and Android) as well. Whether it’s for customer facing or internal use, Access Manager enforces the right access controls for these applications. We use open standards so you can avoid vendor lock-in. Using Access Manager provides secure access as well as audit information when needed.

Broad support of social identities

Often people find it easier to use their social credentials (such as Facebook, Twitter, Google, LinkedIn, etc.) because they’re easy to remember. Not only does it support the most common social credentials, Access Manager comes integrated with the most common social identity sources right out-of-the-box.

Access Manager’s support for social identities makes it easy for you to engage your customers and give them personalized service or web experience. It enables you to increase your customer satisfaction and participation by catering to their interests because you know who they are. And when customers are allowed to use their social identity to login, they won’t leave your site.