SecurEnvoy Multi-Factor
Authentication (MFA) Methods

A flexible authentication solution, that provides a wide range
of authentication methods, is key to ensuring successful
deployment and securing positive user adoption.

SecurEnvoy MFA gives you the power to select the best
authentication technology and method for different
business use cases. Easy to deploy and easy to use.

Authentication Methods

Flexible authentication methods for a wide range of scenarios

 

MFA Authentication Methods

Having the ability to enable a range of
authentication methods, means businesses can
select the correct authentication technology
to address varying use cases, considering
appropriate security levels, ease of deployment
and management, ease of use, total cost of
ownership and carbon footprint.

Phone as a Token

 

MFA Authentication Methods

The smartphone app delivers multi-factor authentication push notifications directly to
users’ phones for simple, fast and secure proof of identity. The app has the intelligence to
understand if a user is offline and can fail over to a standard OTP if the push is not received.
Additional security can be applied by enforcing PIN or Biometric to approve a push
notification.

Wearable devices, such as Smart Watches which act as remote displays for mobile phones,
can also be used to approve push notifications.

MFA Authentication Methods

The smartphone app is OATH TOTP token compliant with the ability to work effectively with
or without a network connection. The app supports configurable 30 or 60 second one-time
passcodes and supports multiple tokens and accounts. Additional security can be applied
by enforcing PIN or Biometric to unlock OTP codes.
Available on both Android and iOS platforms.

MFA Authentication Methods

Provide greater control on user access, with location-based metrics.

SecurEnvoy can guarantee user location at time of authentication, so strict policies can be
used to allow either exact pre-defined “safe” locations or an allowed amount of deviation
between the request and the authentication (PUSH) response. Corporations can be assured
that not only is the multi-factor approval process adhered to, but is coupled with exact
location access policies, to provide a deeper level of user access control.
Available on both Android and iOS platforms.

MFA Authentication Methods

Our SMS based MFA is zero-footprint and can be rolled out to both corporate and personal
devices quickly and easily. Highly configurable options are available to suit varying use
cases. A single multi-factor authentication passcode can be sent at the time of logon, in
real-time, following username and password entry. For users who experience bad signal
coverage, a pre-loaded passcode can be sent to a user’s phone to ensure access even
when no signal is present.

Additional options are available to either send multiple pre-loaded MFA passcodes or
alternatively send MFA passcodes periodically where a passcode can be reused daily and is
updated automatically.

Businesses can select from a range of SMS gateways to suit their needs.

Voice Call

 

Following the successful entry of a username and password/PIN, the user is presented on the
login screen with a 6-digt OTP. The user’s registered phone number will then ring and they will
be requested to enter the 6-digit OTP that has been displayed followed by the # key. Following
a successful entry of the one-time passcode the user will be authenticated.

Voice Call is available on both landline and mobile devices.

Voice Call Authentication

Software Tokens

 

Software Token Authentication

Desktop OATH compliant TOTP token applications are available for both Windows and MacOS
devices. The app resides in the system tray and supports both standard 30 and 60 second
6-digit random number generation.

Hardware Tokens

Yubikey USB tokens are fully supported within the SecurEnvoy platform. Yubikeys can be
configured as a primary method of user authentication and as a backup method of
authentication.

OATH compliant TOTP tokens are provided in credit card form factor. An e-ink display and
flexible lithium battery provides up to 5 years of use. Rated to IP68, the tokens are resilient to
withstand the rigours of day-to-day usage. Customer branding options are available.

Hardware Token Authentication

Email One-Time Passcode

 

Email Passcode Authentication

Email delivery of 6-digit one-time passcodes can be enabled in a similar way to SMS where
appropriate.