Enterprise IDM with a learning curve
SecureAuth is an enterprise IDM that has the usual tradeoffs between deep features and a complex interface, but for the most part ticks all the boxes businesses will need for identity security.
Several identity management (IDM) systems that claim to be suited for the enterprise come from Big Tech vendors, such as our Editors’ Choice honorees in the category, Okta and VMware Workspace One Access. The SecureAuth brand may not be as well known, but it’s no less legitimate for the enterprise audience, and it has the feature portfolio and customer roster to prove it.
If you’re deploying SecureAuth using a cloud instance connected to your on-premises directory, the process is similar to that of a lot of other IDM tools we’ve reviewed: you start by installing a software agent (the SecureAuth Connector) and configuring it to gain access to your corporate directory (in SecureAuth terms, a Data Store). The Data Store can be an Active Directory or LDAP environment, an Oracle or SQL database, or a NetIQ eDirectory. SecureAuth initiates the connection between the Connector and the service using a downloadable configuration file and a one-time passcode sent to the admin’s email.
Once the Connector is online, you can configure it from the SecureAuth admin console. SecureAuth recommends that you install and configure multiple connectors in order to enable redundancy, ideally before adding any Data Stores.
Using the SecureAuth Connector to directly manage users in Active Directory or an LDAP repository is a similar process that involves providing connection details for the directory (the domain and service account credentials) and identifying the attribute used to search for user accounts.
Optionally, you can configure which attributes in your directory correspond to data elements in SecureAuth and which attributes you’ll make writeable to SecureAuth. Data Stores using Oracle or SQL Server are a little more complex and involve making a database connection, creating stored procedures to handle various data access needs, and mapping database fields to SecureAuth attributes.
One nice thing about enabling authentication to business apps through an IDM suite is that it typically involves standards like SAML (Security Assertion Markup Language), which means the process for configuring authentication into those apps rarely varies. SecureAuth features a catalog of applications that offer a streamlined setup process including pre-filled values and application icons. It’s worth noting that while app authentication is standards-based, every cloud service has some nuance in terms of what’s required from attributes and cryptographic signing, so SecureAuth’s template-based configuration is critical to getting your applications configured quickly and efficiently.
The platform’s modern interface offers an intuitive view of the configuration process. This gives you quick insight into the crucial details to which you need to pay attention while tucking away elements that you’re only going to need in fringe cases. If I had a complaint, it’d be that you actually have to switch to the legacy interface if you need to configure things such as which attributes to pass as part of the SAML assertion, and the legacy interface is decidedly less intuitive. That said, this is definitely something I expect SecureAuth to clean up in the future as the new UI continues to mature.
One other gripe that’s really a personal preference is that you have no access to logs in the admin console when using SecureAuth in a cloud deployment. The stated reason is that SecureAuth expects customers to leverage a SIEM (Security Information and Event Management) tool such as Splunk, which I wholly endorse. The nit I’m picking is that if I’m trying to troubleshoot authentication issues into a business app, I’d rather not have to jump back and forth between my SIEM and SecureAuth in order to test the authentication, view the relevant log events, adjust the configuration, and repeat. I’d prefer to have the option to view log events within SecureAuth, even if only a small subset of recent event history.
Another key feature that customers often leverage a third-party tool to manage is workflow-based approvals. Like VMWare with Workspace One Access, SecureAuth integrates with tools such as ServiceNow to permit users to request access to an application or service and then facilitate gathering the approvals necessary to authorize the request.
Multi-factor authentication (MFA) is a primary reason why every business should be using an IDM, and authentication policies are the component that wires authentication attempts into one or more additional authentication factors. That makes these two elements among the more critical for any IDM solution.
SecureAuth’s authentication policies are configured as logical rule sets that evaluate various aspects of an authentication attempt and decide how to handle it. Data points such as geolocation and group membership can be combined to block attempts from certain geographic areas unless the user is in an exception group. SecureAuth also offers rules based on risk or threat level (at additional cost) in order to leverage additional authentication factors (or block attempts outright) if the risk associated with an authentication attempt reaches a given threshold. SecureAuth supports ingesting third-party threat feeds in order to improve decision-making capabilities associated with threat-based rules. Once configured, policies can be associated with applications either through the policy or the application configuration process.
For organizations looking to incorporate their mobile device management (MDM) or universal endpoint management (UEM) platform into their authentication process, SecureAuth offers several options. For one, you can use your MDM to facilitate users enrolling their devices with SecureAuth. Identifying MDM-registered devices as part of the authentication process is somewhat limited; as of this writing only Entrada is supported, which doesn’t compare well with solutions like Okta, Microsoft Azure AD, or even PortalGuard, each of which integrates flexibly with a number of third-party MDM solutions.
SecureAuth offers three subscription levels that cater to a range of needs. The Secure plan offers up to five SAML apps, MFA for those web apps, self-service capabilities, and auditing/logging for just $1 per user each month. Stepping up to the Protect tier supports single sign-on (SSO) to unlimited apps, adaptive authentication, and MFA for endpoints (Apple macOS, Linux, or Microsoft Windows) for a $3 monthly fee. Customers of the $6 monthly Prevent plan also gain access to biometric MFA, risk and threat-based prevention (including the ability to ingest third-party risk data), and support for FIDO2 keys.
Overall, SecureAuth is a highly functional IDM that can hold its own with other enterprise-oriented platforms, including our Editors’ Choice award winners Okta and VMware. Where it falls a bit short is in usability, since you’ll need to be both IT- and SAML-savvy to use it effectively.
Sign up for Lab Report to get the latest reviews and top product advice delivered right to your inbox.
Your subscription has been confirmed. Keep an eye on your inbox!
Tim Ferrill is an IT professional and writer living in Southern California. Follow him on Twitter @tferrill.
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
© 1996-2021 Ziff Davis. PCMag Digital Group
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.