A standards-based integration framework that provides a multitude of authentication methods. The framework is available as a service or on-premise and is designed to serve as a central point of integration and administration for all authentication organization wide. To gain central point of administration and security control, organizations commonly use this framework to consolidate their authentication silo. The framework adheres to Federal Information Processing Standard (FIPS) 140-2 encryption, as well as integrates with FIDO 2 methods, all FIDO U2F devices, and OATH tokens. In addition to the server-side authentication capabilities, Advanced Authentication can work from Windows, Mac OS X, and Linux.
Through identity management, NetIQ helps enable their business through identity-based security. It offers a comprehensive set of identity and access services allowing workers to securely access resources from anywhere, on any device, at any location, and at the right time. NetIQ also empowers organizations to interact with their consumers effectively and securely.Read flyer
In recent years, multi-factor authentication has become commonplace across most industries. While organizations that handle regulated information need 2-factor it for compliance, its wide adoption is largely driven by high breach rates and rising digital security risks. Larger organizations turn to NetIQ Advance Authentication for reasons such as:
Because of their flexibility, large and geographically distributed organizations like the simplified deployment and administration models offered by Advanced Authentication’s Docker form factor. These containers can be configured to scale to any mix of dispersed or centralized authentication hotspots. OpenText also offers Advanced Authentication as a managed SaaS offering.
Specifically, multi-factor authentication is the use of different methods (what you know, what you have, what you are) for a particular session, but in reality, strong authentication deployments often involve a mix and match of authentication methods. Here are some common examples:
For password less access, services like eBay and Yahoo can be configured to be approved with a simple touch of the checkbox on their mobile apps (what you have). With their platform services, Microsoft takes a little different approach to password-less when used with their Authenticator app:
While these options offer greater protection against phishing attacks, they vary in speed and simplicity (number of steps). Based on their assessed risk and their tolerance for it, each organization can decide how many points of identity verification they want to implement. All the above options have the advantage over passwords in that they don’t require the user to remember yet another set of credentials, were a commonly replicated over the difference services the user consumes, are much harder to compromise then traditional username and password. The phone is a physical device, the fingerprint is biometric, and the OTPs are time sensitive. NetIQ Advanced Authentication supports the use cases above and much more.
The security aspect of simplifying digital access is the balance between protecting the business and delivering to its users (employee, consumers, etc.). Ideally, what security teams want to do is match the strength is the user’s identity verification to the risk posed by the access request. The lower the risk, the less intrusive the identify verification can be. Characteristics that affect measure risk a user’s request include:
So, an essential component of optimizing the digital access experience is to apply different authentication strategies to different sensitive levels of the information being accessed. Negligible risk personalized content often will not require any type of identity verification. Highly sensitive information may require multiple instances of identity verification. So far, this use case involves several technologies beyond just authentication:
Beyond the three components listed above, the greater the number of authentication options, the easier it is to match one to the situations. Security teams can evaluate and rank each authentication type available for each risk level range. They may determine that some passive authentication types (Windows Hello, voice, type) may need to be layered for higher risk situations. Advanced Authentication is an integrated part of NetIQ’s identity and access management portfolio.
You may consider the scenario described in the previous as an adaptive environment, but some organizations need an even higher security level. To reach zero trust level of security at the application and resource layers, organizations look to create a security posture where the default security behavior assumes a hostile environment. At this level, adaptive access requires the ability to measure risk throughout the user’s web session and invoke an authentication request and/or authorization change when predefined risk thresholds are reached. In addition to the criteria listed in the previous scenario, these additional metrics need to be gathered:
Beyond gathering risk information throughout the session is the ability to act on it. Adaptive access management is the ability to invoke an action such as:
In short, access management is the ability to recognize a threat and respond to it. The least intrusive option is to reverify or strengthen identity verification. A likely reaction to failed authentication invoked by a risk score would be to terminate the session.
NetIQ Advanced Authentication integrates with third-party products via RADIUS, SAML, OIDC/OAuth2, ADFS, Kerberos, REST, MobileAPIs, comAPIs and native Microsoft plug-ins.
The NetIQ Advanced Authentication framework supports many methods out-of-the-box, as well as additional specialized integrations. Partners and customers also have the option to leverage AA’s SDK to configure their own integration.