Extensive MFA solutions for enhanced security across your whole organisation. From user password security, through to VPN, Remote Desktop, Web portals, On-premise and Public Cloud Applications, Server and Workstation logons and customisable APIs for full application integration.
Comprehensive MFA that is flexible and scalable.
Network perimeters are no longer linear
The modern working environment has been completely transformed, with
increased uptake in remote working, changing working habits and BYOD
becoming ever more popular. Adverse weather and lockdowns can also
impact employees attending a physical office. As a result, organisations’
network perimeters are no longer linear or bound to a physical location.
Verified Remote Access
SecurEnvoy MFA can be applied to VPNs and other access methods,
meaning that users connecting through the perimeter from a remote
location or device can be verified and their remote connection secured.
You can improve ease of access and reduce the risk of unsecured remote
Extend MFA to cloud apps too
Research has shown that, on average, each user accesses between three
to seven SaaS applications. Usually, these applications contain access to
critical data (HR, CRM, etc.) and fall under auditor scrutiny. Because they
are cloud applications, they are often treated differently – but it doesn’t
have to be this way. Organisations may struggle because in certain
platforms, enabling MFA may require additional licensing on the platform.
In addition, the user is often left with multiple tokens which could cause
Compliant cloud apps
Access to cloud platforms is under the increasingly watchful eye of
auditors and would-be bad actors, because of the data and access
possibilities that are available in these platforms. Historically, to attempt
to combat these, organisations have relied on ADFS to federate with these
applications. SecurEnvoy MFA can integrate with these federations to
secure the authentication and satisfy audit points.
Ensuring your deployment is fully on-premise
Many forms of MFA require an internet connection in order to send a request to a mobile phone whether you are using SMS or Push OTP. If you need a fully on-premise solution, consider using an OTP app on phone or hardware tokens. SecurEnvoy MFA gives you the option to use these tighter controls, or more flexible solutions as the need arises.
LAN enrolment for additional security
For even tighter security, you might also want to consider using internal enrolment for new users on the local area network, rather than public-facing enrolment. SecurEnvoy lets you choose the enrolment method most suited for the security levels required in different parts of your organisation.
Seamless MFA solution for every user
SecurEnvoy’s Windows Logon Agent has native integration with Microsoft,
meaning users are not prompted to access a third party system as part of
the login verification. Users are asked for their username, password, and
method of multi-factor authentication within the usual Microsoft method.
MFA is implemented at the largest attack surface and users can carry on
working with minimal interruptions.
Offline users are supported
SecurEnvoy’s unique offline mode can always provide MFA, whether the
user is connected to the network or not. Pre-printed codes or ‘always on’
type connections are a thing of the past. Today, there might be times
where users are offline but still need access. Working with the
SecurEnvoy Authenticator, the Soft Token can always be used. Soft Token
will be defaulted to if a PUSH is not responded to. Hardware Tokens are
also designed for full offline functionality.
Self-service device management
Using Microsoft Exchange with ActiveSync allows businesses to grant
access to user devices. Using devices increases user acceptance, as well
as productivity. However, security risks grow when devices connect to
corporate email systems. Controls must be put in place to stop multiple
devices connecting and also mitigate ATO (Account Take Over) attacks
which are prevalent in today’s online community.
Increase productivity and security
Device management can become an overhead. The process of
onboarding new employees and also managing their departure when they
leave a company, and catering for when a user changes or loses their
device – are pain points that must be managed. All of this takes time and
resource away from your business operations.
SecurEnvoy MFA seamlessly complements existing Exchange
technologies, to bring a more secure and simple method to onboard user
More applications, more password issues
Users are expected to remember increasing numbers of passwords for
more and more online applications, resulting in potential security
breaches, through using the same password time and time again, or the
risk of being locked out when a password is forgotten. The burden is then
on the IT helpdesk to check the identity of the user and deal with resets.
According to Gartner, password resets can account for 40% of support
Reduce password issues with SecurPassword
SecurEnvoy SecurPassword provides a strong, self-service authentication
process for users to authenticate and reset their Windows password
quickly and easily, without resorting to help from their IT support desk.
They can use their own devices to authenticate, and a range of different
authentication options (SMS, Smart Phone Soft Token, OneSwipe, Desktop
Soft Token, Voice Call, Email) are available.
Protecting the protectors
Rightly so, organisations acquire numerous security products and
platforms to reduce security risks within their own environments. These
solutions make up the fabric of any IT environment and include solutions
like firewalls, monitoring solutions, privileged access management
solutions, wireless networks, switches, and other core services. RADIUS is
a commonly used protocol by these solutions and integrating with
SecurEnvoy MFA enables access to be protected.
Verify, then access
Multiple services could depend upon the availability of the infrastructure.
In addition, data from these infrastructure and operation platforms is
often relied upon for audit and compliance purposes. We are able to
avoid a compromise of the defences, and ensure that the audit data is
tamper proof, by integrating with SecurEnvoy MFA.
Shield custom-built applications
SecurEnvoy offers two APIs, REST and .NET API. These APIs can enable
custom applications and scripts to call the APIs for MFA. Most used in
custom-built websites, however custom applications can also be
protected. Currently protecting a financial services customer’s banking
app, we are providing JIT provisioning to the users and MFA enablement
without the need to enrol manually first or install browser cookies. Finally,
these APIs can also be called upon to automate common administrative
Remove hardcoded credentials
As is often the case with custom applications, sometimes credentials are
hardcoded into application scripts for remote calling. This no longer
needs to be the case. By removing the clear text passwords and replacing
these with API commands, the security of the application itself is
improved and the user experience is also secured with the integration of
IIS is everywhere
If you have ever worked with a Microsoft based web server, or a Microsoft
based web application, chances are you have used IIS. However, its
built-in authentication types are quite limited. Deploying SecurEnvoy IIS
Agent onto the IIS Servers can protect all IIS applications with MFA.
MFA enabled web applications
Regardless as to whether the IIS application is Microsoft (e.g. Outlook
Web Access) or a custom developed application, SecurEnvoy can help
protect any application within IIS with MFA. The user experience isn’t
disruptive, with users prompted for their usual MFA method. For
developers, we provide comprehensive documentation and examples of
API calls and commands.