Try SecurEnvoy

Multi-Factor Authentication (MFA) Solution Opportunities

Extensive MFA solutions for enhanced security across your whole organisation. From user password security, through to VPN, Remote Desktop, Web portals, On-premise and Public Cloud Applications, Server and Workstation logons and customisable APIs for full application integration.

Comprehensive MFA that is flexible and scalable.

Start Free Trial   Download Brochure

MFA Solution

A full set of MFA solutions across your whole infrastructure


MFA Solution Opportunities

Perimeter Security

Network perimeters are no longer linear
The modern working environment has been completely transformed, with
increased uptake in remote working, changing working habits and BYOD
becoming ever more popular. Adverse weather and lockdowns can also
impact employees attending a physical office. As a result, organisations’
network perimeters are no longer linear or bound to a physical location.

Verified Remote Access
SecurEnvoy MFA can be applied to VPNs and other access methods,
meaning that users connecting through the perimeter from a remote
location or device can be verified and their remote connection secured.
You can improve ease of access and reduce the risk of unsecured remote

Perimeter Security
Securing “All user” Access
at the perimeter.

MFA Solution

  • Secure access through the perimeter of your network by implementing MFA on remote access methods
  • Traditional VPNs or more advanced
    remote access methods
  • Simple MFA for users
  • MFA verified and secured remote access

Secure Cloud Applications
Providing visibility of users.
Maintain compliance in the cloud.

MFA Solution

  • Protect your cloud applications with
    SecurEnvoy MFA
  • Maintain compliance across cloud apps
    by implementing SecurEnvoy MFA on all
    access into cloud applications
  • This can be achieved via SAML, WS-FED
    or ADFS to name a few common methods

Secure Cloud Applications

Extend MFA to cloud apps too
Research has shown that, on average, each user accesses between three
to seven SaaS applications. Usually, these applications contain access to
critical data (HR, CRM, etc.) and fall under auditor scrutiny. Because they
are cloud applications, they are often treated differently – but it doesn’t
have to be this way. Organisations may struggle because in certain
platforms, enabling MFA may require additional licensing on the platform.
In addition, the user is often left with multiple tokens which could cause

Compliant cloud apps
Access to cloud platforms is under the increasingly watchful eye of
auditors and would-be bad actors, because of the data and access
possibilities that are available in these platforms. Historically, to attempt
to combat these, organisations have relied on ADFS to federate with these
applications. SecurEnvoy MFA can integrate with these federations to
secure the authentication and satisfy audit points.

On-Premise MFA – for increased security

Ensuring your deployment is fully on-premise
Many forms of MFA require an internet connection in order to send a request to a mobile phone whether you are using SMS or Push OTP. If you need a fully on-premise solution, consider using an OTP app on phone or hardware tokens. SecurEnvoy MFA gives you the option to use these tighter controls, or more flexible solutions as the need arises.

LAN enrolment for additional security
For even tighter security, you might also want to consider using internal enrolment for new users on the local area network, rather than public-facing enrolment. SecurEnvoy lets you choose the enrolment method most suited for the security levels required in different parts of your organisation.

On-premise MFA
Complete on-premise MFA
No public cloud enrolment

MFA Solution

  • SecurEnvoy enables a fully secure on-premise MFA solution for added security
  • OTP apps or hardware tokens fully on-premise
  • Secure user enrolment via LAN

Desktop Services
MFA at the desktop.
Ensuring controlled access.

MFA Solution

  • Shield the direct login to the Windows
    endpoint (Server or Workstation) with
    SecurEnvoy Windows Logon Agent
  • MFA applied login before any resources
    are even accessed

Desktop Services

Seamless MFA solution for every user
SecurEnvoy’s Windows Logon Agent has native integration with Microsoft,
meaning users are not prompted to access a third party system as part of
the login verification. Users are asked for their username, password, and
method of multi-factor authentication within the usual Microsoft method.
MFA is implemented at the largest attack surface and users can carry on
working with minimal interruptions.

Offline users are supported
SecurEnvoy’s unique offline mode can always provide MFA, whether the
user is connected to the network or not. Pre-printed codes or ‘always on’
type connections are a thing of the past. Today, there might be times
where users are offline but still need access. Working with the
SecurEnvoy Authenticator, the Soft Token can always be used. Soft Token
will be defaulted to if a PUSH is not responded to. Hardware Tokens are
also designed for full offline functionality.

Secure ActiveSync Provisioning

Self-service device management
Using Microsoft Exchange with ActiveSync allows businesses to grant
access to user devices. Using devices increases user acceptance, as well
as productivity. However, security risks grow when devices connect to
corporate email systems. Controls must be put in place to stop multiple
devices connecting and also mitigate ATO (Account Take Over) attacks
which are prevalent in today’s online community.

Increase productivity and security
Device management can become an overhead. The process of
onboarding new employees and also managing their departure when they
leave a company, and catering for when a user changes or loses their
device – are pain points that must be managed. All of this takes time and
resource away from your business operations.

SecurEnvoy MFA seamlessly complements existing Exchange
technologies, to bring a more secure and simple method to onboard user

Secure ActiveSync Provisioning
Protect ActiveSync.
Quarantine via MFA.

Secure ActiveSync Provisioning

  • With SecurEnvoy MFA new user devices
    can be automatically quarantined, then
    released by the user after successful
  • Provides secure, easy onboarding and
    changeover of devices
  • A smooth process focused on the
    end-user keeps user producivity high

Password Security
Broken Password Processes.
Self Service.

Password Security

  • With SecurEnvoy SecurPassword, users
    can use their existing personal devices to prove their identity
  • Tokenless 2-factor authentication
  • Reset domain passwords in real-time
  • Reduce helpdesk calls and costs

Password Security

More applications, more password issues
Users are expected to remember increasing numbers of passwords for
more and more online applications, resulting in potential security
breaches, through using the same password time and time again, or the
risk of being locked out when a password is forgotten. The burden is then
on the IT helpdesk to check the identity of the user and deal with resets.
According to Gartner, password resets can account for 40% of support

Reduce password issues with SecurPassword
SecurEnvoy SecurPassword provides a strong, self-service authentication
process for users to authenticate and reset their Windows password
quickly and easily, without resorting to help from their IT support desk.
They can use their own devices to authenticate, and a range of different
authentication options (SMS, Smart Phone Soft Token, OneSwipe, Desktop
Soft Token, Voice Call, Email) are available.

Find out more about SecurPassword >

Infrastructure Authentication

Protecting the protectors
Rightly so, organisations acquire numerous security products and
platforms to reduce security risks within their own environments. These
solutions make up the fabric of any IT environment and include solutions
like firewalls, monitoring solutions, privileged access management
solutions, wireless networks, switches, and other core services. RADIUS is
a commonly used protocol by these solutions and integrating with
SecurEnvoy MFA enables access to be protected.

Verify, then access
Multiple services could depend upon the availability of the infrastructure.
In addition, data from these infrastructure and operation platforms is
often relied upon for audit and compliance purposes. We are able to
avoid a compromise of the defences, and ensure that the audit data is
tamper proof, by integrating with SecurEnvoy MFA.

Infrastructure Authentication
Achieve Compliance.
Securing Privileged Access.

Infrastructure Authentication

  • Protect the keys to your kingdom with
  • Support for RADIUS enables integrating
    SecurEnvoy with a variety of other
    security products
  • These could be Unix based (EG: Ubuntu
    or Red Hat) or Windows-based security
    products or platforms

Auth via API
Securing third party systems.
Integrate Business to consumer

Authentication via API

  • Enable custom-built applications and
    scripts to call for MFA from SecurEnvoy
  • JIT (just-in-time) provisioning can also be
    achieved, with users automatically
    enrolled into SecurEnvoy by the API, and
    prompted for Token options

Authentication via API

Shield custom-built applications
SecurEnvoy offers two APIs, REST and .NET API. These APIs can enable
custom applications and scripts to call the APIs for MFA. Most used in
custom-built websites, however custom applications can also be
protected. Currently protecting a financial services customer’s banking
app, we are providing JIT provisioning to the users and MFA enablement
without the need to enrol manually first or install browser cookies. Finally,
these APIs can also be called upon to automate common administrative
level functions.

Remove hardcoded credentials
As is often the case with custom applications, sometimes credentials are
hardcoded into application scripts for remote calling. This no longer
needs to be the case. By removing the clear text passwords and replacing
these with API commands, the security of the application itself is
improved and the user experience is also secured with the integration of
SecurEnvoy MFA.

IIS Webservers

IIS is everywhere
If you have ever worked with a Microsoft based web server, or a Microsoft
based web application, chances are you have used IIS. However, its
built-in authentication types are quite limited. Deploying SecurEnvoy IIS
Agent onto the IIS Servers can protect all IIS applications with MFA.

MFA enabled web applications
Regardless as to whether the IIS application is Microsoft (e.g. Outlook
Web Access) or a custom developed application, SecurEnvoy can help
protect any application within IIS with MFA. The user experience isn’t
disruptive, with users prompted for their usual MFA method. For
developers, we provide comprehensive documentation and examples of
API calls and commands.

IIS Web Servers
Achieve Compliance.
Securing “All user” Access.

IIS Web Servers

  • Safeguard IIS based web applications
    with SecurEnvoy MFA using SecurEnvoy
    IIS Server Agent

Simple, effective and flexible MFA.
Proven and trusted by 1000s of customers worldwide.