Download the new On-Premise MFA E-Guide >

Multi-Factor Authentication (MFA) Solution Opportunities

Extensive MFA solutions for enhanced security across your whole organisation. From user password security, through to VPN, Remote Desktop, Web portals, On-premise and Public Cloud Applications, Server and Workstation logons and customisable APIs for full application integration.

Comprehensive MFA that is flexible and scalable.

Start Free Trial Download Brochure

A full set of MFA solutions across your whole infrastructure

Download the
MFA On-Premise Guide >

Perimeter Security

Network perimeters are no longer linear
The modern working environment has been completely transformed, with increased uptake in remote working, changing working habits and BYOD becoming ever more popular. Adverse weather and lockdowns can also impact employees attending a physical office. As a result, organisations’ network perimeters are no longer linear or bound to a physical location.

Verified Remote Access
SecurEnvoy MFA can be applied to VPNs and other access methods, meaning that users connecting through the perimeter from a remote location or device can be verified and their remote connection secured. You can improve ease of access and reduce the risk of unsecured remote access.

Perimeter Security
Securing “All user” Access at the perimeter.

Secure access through the perimeter of your network by implementing MFA on remote access methods
Traditional VPNs or more advanced remote access methods
Simple MFA for users
MFA verified and secured remote access

Secure Cloud Applications
Providing visibility of users. Maintain compliance in the cloud.

Protect your cloud applications with SecurEnvoy MFA
Maintain compliance across cloud apps by implementing SecurEnvoy MFA on all access into cloud applications
This can be achieved via SAML, WS-FED or ADFS to name a few common methods

Secure Cloud Applications

Extend MFA to cloud apps too
Research has shown that, on average, each user accesses between three to seven SaaS applications. Usually, these applications contain access to critical data (HR, CRM, etc.) and fall under auditor scrutiny. Because they are cloud applications, they are often treated differently – but it doesn’t have to be this way. Organisations may struggle because in certain platforms, enabling MFA may require additional licensing on the platform. In addition, the user is often left with multiple tokens which could cause confusion.

Compliant cloud apps
Access to cloud platforms is under the increasingly watchful eye of auditors and would-be bad actors, because of the data and access possibilities that are available in these platforms. Historically, to attempt to combat these, organisations have relied on ADFS to federate with these applications. SecurEnvoy MFA can integrate with these federations to secure the authentication and satisfy audit points.

On-Premise MFA – for increased security

Ensuring your deployment is fully on-premise
Many forms of MFA require an internet connection in order to send a request to a mobile phone whether you are using SMS or Push OTP. If you need a fully on-premise solution, consider using an OTP app on phone or hardware tokens. SecurEnvoy MFA gives you the option to use these tighter controls, or more flexible solutions as the need arises.

LAN enrolment for additional security
For even tighter security, you might also want to consider using internal enrolment for new users on the local area network, rather than public-facing enrolment. SecurEnvoy lets you choose the enrolment method most suited for the security levels required in different parts of your organisation.

On-premise MFA
Complete on-premise MFA No public cloud enrolment

SecurEnvoy enables a fully secure on-premise MFA solution for added security
OTP apps or hardware tokens fully on-premise
Secure user enrolment via LAN

Desktop Services
MFA at the desktop. Ensuring controlled access.

Shield the direct login to the Windows endpoint (Server or Workstation) with SecurEnvoy Windows Logon Agent
MFA applied login before any resources are even accessed

Desktop Services

Seamless MFA solution for every user
SecurEnvoy’s Windows Logon Agent has native integration with Microsoft, meaning users are not prompted to access a third party system as part of the login verification. Users are asked for their username, password, and method of multi-factor authentication within the usual Microsoft method. MFA is implemented at the largest attack surface and users can carry on working with minimal interruptions.

Offline users are supported
SecurEnvoy’s unique offline mode can always provide MFA, whether the user is connected to the network or not. Pre-printed codes or ‘always on’ type connections are a thing of the past. Today, there might be times where users are offline but still need access. Working with the SecurEnvoy Authenticator, the Soft Token can always be used. Soft Token will be defaulted to if a PUSH is not responded to. Hardware Tokens are also designed for full offline functionality.

Secure ActiveSync Provisioning

Self-service device management
Using Microsoft Exchange with ActiveSync allows businesses to grant access to user devices. Using devices increases user acceptance, as well as productivity. However, security risks grow when devices connect to corporate email systems. Controls must be put in place to stop multiple devices connecting and also mitigate ATO (Account Take Over) attacks which are prevalent in today’s online community.

Increase productivity and security
Device management can become an overhead. The process of onboarding new employees and also managing their departure when they leave a company, and catering for when a user changes or loses their device – are pain points that must be managed. All of this takes time and resource away from your business operations.

SecurEnvoy MFA seamlessly complements existing Exchange technologies, to bring a more secure and simple method to onboard user devices.

Secure ActiveSync Provisioning
Protect ActiveSync.
Quarantine via MFA.

With SecurEnvoy MFA new user devices can be automatically quarantined, then released by the user after successful identification
Provides secure, easy onboarding and changeover of devices
A smooth process focused on the end-user keeps user producivity high

Password Security
Broken Password Processes. Self Service.

With SecurEnvoy SecurPassword, users can use their existing personal devices to prove their identity
Tokenless 2-factor authentication
Reset domain passwords in real-time
Reduce helpdesk calls and costs

Password Security

More applications, more password issues
Users are expected to remember increasing numbers of passwords for more and more online applications, resulting in potential security breaches, through using the same password time and time again, or the risk of being locked out when a password is forgotten. The burden is then on the IT helpdesk to check the identity of the user and deal with resets. According to Gartner, password resets can account for 40% of support calls.

Reduce password issues with SecurPassword
SecurEnvoy SecurPassword provides a strong, self-service authentication process for users to authenticate and reset their Windows password quickly and easily, without resorting to help from their IT support desk. They can use their own devices to authenticate, and a range of different authentication options (SMS, Smart Phone Soft Token, OneSwipe, Desktop Soft Token, Voice Call, Email) are available.

Find out more about SecurPassword >

Infrastructure Authentication

Protecting the protectors
Rightly so, organisations acquire numerous security products and platforms to reduce security risks within their own environments. These solutions make up the fabric of any IT environment and include solutions like firewalls, monitoring solutions, privileged access management solutions, wireless networks, switches, and other core services. RADIUS is a commonly used protocol by these solutions and integrating with SecurEnvoy MFA enables access to be protected.

Verify, then access
Multiple services could depend upon the availability of the infrastructure. In addition, data from these infrastructure and operation platforms is often relied upon for audit and compliance purposes. We are able to avoid a compromise of the defences, and ensure that the audit data is tamper proof, by integrating with SecurEnvoy MFA.

Infrastructure Authentication
Achieve Compliance.
Securing Privileged Access.

Protect the keys to your kingdom with MFA
Support for RADIUS enables integrating SecurEnvoy with a variety of other security products
These could be Unix based (EG: Ubuntu or Red Hat) or Windows-based security products or platforms

Auth via API
Securing third party systems.
Integrate Business to consumer

Enable custom-built applications and scripts to call for MFA from SecurEnvoy APIs
JIT (just-in-time) provisioning can also be achieved, with users automatically enrolled into SecurEnvoy by the API, and prompted for Token options

Authentication via API

Shield custom-built applications
SecurEnvoy offers two APIs, REST and .NET API. These APIs can enable custom applications and scripts to call the APIs for MFA. Most used in custom-built websites, however custom applications can also be protected. Currently protecting a financial services customer’s banking app, we are providing JIT provisioning to the users and MFA enablement without the need to enrol manually first or install browser cookies. Finally, these APIs can also be called upon to automate common administrative level functions.

Remove hardcoded credentials
As is often the case with custom applications, sometimes credentials are hardcoded into application scripts for remote calling. This no longer needs to be the case. By removing the clear text passwords and replacing these with API commands, the security of the application itself is improved and the user experience is also secured with the integration of SecurEnvoy MFA.

IIS Webservers

IIS is everywhere
If you have ever worked with a Microsoft based web server, or a Microsoft based web application, chances are you have used IIS. However, its built-in authentication types are quite limited. Deploying SecurEnvoy IIS Agent onto the IIS Servers can protect all IIS applications with MFA.

MFA enabled web applications
Regardless as to whether the IIS application is Microsoft (e.g. Outlook Web Access) or a custom developed application, SecurEnvoy can help protect any application within IIS with MFA. The user experience isn’t disruptive, with users prompted for their usual MFA method. For developers, we provide comprehensive documentation and examples of API calls and commands.

IIS Web Servers
Achieve Compliance.
Securing “All user” Access.

Safeguard IIS based web applications with SecurEnvoy MFA using SecurEnvoy IIS Server Agent

MFA Solution Case Studies

Case Studies

John Lewis Case Study

Simple, effective and flexible MFA. Proven and trusted by 1000s of customers worldwide.

Explore more - read the latest blogs

Why on-premise access management still matters in a cloud-focused world

The concept of cloud repatriation has emerged as a strategic response to the evolving needs of organisations, particularly concerning on-premise acces...

Adam Bruce

Access Management / Data Control / Data Security Awareness

Strengthening Remote Desktop Security with an RDP multi-factor authentication solution

Ensuring secure access to remote desktops has become more critical than ever before. With the growing reliance on remote work setups, since the Corona...

Jordan Delany

Insider Threat Protection / MFA / Remote Working