Tech topics

What is NetIQ Advanced Authentication?

Illustration of IT items with focus on a laptop

Overview

A standards-based integration framework that provides a multitude of authentication methods. The framework is available as a service or on-premise and is designed to serve as a central point of integration and administration for all authentication organization wide. To gain central point of administration and security control, organizations commonly use this framework to consolidate their authentication silo. The framework adheres to Federal Information Processing Standard (FIPS) 140-2 encryption, as well as integrates with FIDO 2 methods, all FIDO U2F devices, and OATH tokens. In addition to the server-side authentication capabilities, Advanced Authentication can work from Windows, Mac OS X, and Linux.

NetIQ powers your business

Through identity management, NetIQ helps enable their business through identity-based security. It offers a comprehensive set of identity and access services allowing workers to securely access resources from anywhere, on any device, at any location, and at the right time. NetIQ also empowers organizations to interact with their consumers effectively and securely.

Read the flyer

NetIQ Advanced Authentication

How can advanced authentication help me with MFA?

In recent years, multi-factor authentication has become commonplace across most industries. While organizations that handle regulated information need 2-factor it for compliance, its wide adoption is largely driven by high breach rates and rising digital security risks. Larger organizations turn to NetIQ Advance Authentication for reasons such as:

The attraction of investing in a framework that doesn’t lock it into proprietary implementation or devices.
Offers a wide variety of authentication options. The bigger the list of authentication options provided to the users, the easier it is to find a method that works well for each user’s (employee, contractor, customer, patient, citizen, etc.) situation.
The framework offers a centralized reporting system of how and when each user authenticated. It simplifies both compliance reports and security audits.

Because of their flexibility, large and geographically distributed organizations like the simplified deployment and administration models offered by Advanced Authentication’s Docker form factor. These containers can be configured to scale to any mix of dispersed or centralized authentication hotspots. OpenText also offers Advanced Authentication as a managed SaaS offering.

What are some common approaches to passwordless authentication?

Specifically, multi-factor authentication is the use of different methods (what you know, what you have, what you are) for a particular session, but in reality, strong authentication deployments often involve a mix and match of authentication methods. Here are some common examples:

For password less access, services like eBay and Yahoo can be configured to be approved with a simple touch of the checkbox on their mobile apps (what you have). With their platform services, Microsoft takes a little different approach to password-less when used with their Authenticator app:

Verified device – Touch finger ID (what you are) to get into Authenticator app then approve access (what you have).
New device – Touch finger ID (what you are) to get into Authenticator app; choose the option with the correct number displayed on the Microsoft service (what you have – mobile device and in this case it’s also the browser instance (usually desktop) accessing service, then approve access (what you have – mobile device).

While these options offer greater protection against phishing attacks, they vary in speed and simplicity (number of steps). Based on their assessed risk and their tolerance for it, each organization can decide how many points of identity verification they want to implement. All the above options have the advantage over passwords in that they don’t require the user to remember yet another set of credentials, were a commonly replicated over the difference services the user consumes, are much harder to compromise then traditional username and password. The phone is a physical device, the fingerprint is biometric, and the OTPs are time sensitive. NetIQ Advanced Authentication supports the use cases above and much more.

What role does advanced authentication play in optimizing the usability of digital assets?

The security aspect of simplifying digital access is the balance between protecting the business and delivering to its users (employee, consumers, etc.). Ideally, what security teams want to do is match the strength is the user’s identity verification to the risk posed by the access request. The lower the risk, the less intrusive the identify verification can be. Characteristics that affect measure risk a user’s request include:

The inherent risk of the information or service itself.
The level of access granted to the user – super users impose significant risk on organizations when their accounts are hacked.
The risk associated with the situation – such as inside the office during business hours vs halfway around the world from a hacker hotbed during the middle of the night.
Expected behavior – does this user typically access this information or is this the first time?

So, an essential component of optimizing the digital access experience is to apply different authentication strategies to different sensitive levels of the information being accessed. Negligible risk personalized content often will not require any type of identity verification. Highly sensitive information may require multiple instances of identity verification. So far, this use case involves several technologies beyond just authentication:

Identity governance to measure the inherent risk of the digital content being accessed and a way to effectively manage user entitlements of them.
Risk service to measure the risk associated with the context of the current access request of them. For a complete risk calculation, this service will need to incorporate resource risk information from identity governance.
An authentication implementation that the risk service invokes.

Beyond the three components listed above, the greater the number of authentication options, the easier it is to match one to the situations. Security teams can evaluate and rank each authentication type available for each risk level range. They may determine that some passive authentication types (Windows Hello, voice, type) may need to be layered for higher risk situations. Advanced Authentication is an integrated part of NetIQ’s identity and access management portfolio.

How can advanced authentication be used to build an adaptive access management environment?

You may consider the scenario described in the previous as an adaptive environment, but some organizations need an even higher security level. To reach zero trust level of security at the application and resource layers, organizations look to create a security posture where the default security behavior assumes a hostile environment. At this level, adaptive access requires the ability to measure risk throughout the user’s web session and invoke an authentication request and/or authorization change when predefined risk thresholds are reached. In addition to the criteria listed in the previous scenario, these additional metrics need to be gathered:

Ability to reassess risk at each additional access request as needed (i.e., higher risk resources that merit such protection).
The risk engine needs to be able to gather updated context and behavioral risk information through the session.

Beyond gathering risk information throughout the session is the ability to act on it. Adaptive access management is the ability to invoke an action such as:

Invoke a multi-factor authentication method such as a one-time password (OTP), biometric, or even a passive method such as type matching, face or voice ID.
Clamp down on authorization, limiting what can be accessed or saved during that session.
For high-risk situations, break the session altogether.

In short, access management is the ability to recognize a threat and respond to it. The least intrusive option is to reverify or strengthen identity verification. A likely reaction to failed authentication invoked by a risk score would be to terminate the session.

What methods and integrations does NetIQ Advanced Authentication support?

NetIQ Advanced Authentication integrates with third-party products via RADIUS, SAML, OIDC/OAuth2, ADFS, Kerberos, REST, MobileAPIs, comAPIs and native Microsoft plug-ins.

The NetIQ Advanced Authentication framework supports many methods out-of-the-box, as well as additional specialized integrations. Partners and customers also have the option to leverage AA’s SDK to configure their own integration.

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

Cloud MigrationCloud Migration

NextGen ServicesNextGen Services

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Resource libraryResource library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

Cloud Migration

NextGen Services

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Resource library

Blogs

Events

Communities

Customer stories

OpenText Navigator

Marketplace