Multifactor authentication: A buyer's guide to MFA products
A collection of articles that takes you from defining technology needs to purchasing options
CA Technologies' Strong Authentication product is a multifactor authentication product that adds additional security measures -- using biometrics and smartphones -- to standard username/password logins for a variety of servers and services, such as Active Directory, Salesforce and the Outlook web app.
With CA Strong Authentication deployed, IT can require that end users provide an additional factor of verification through a variety of software-based token types (see table below) when accessing company resources and applications. This prevents unauthorized logins, even when passwords have been compromised or shared among many different services.
Strong Authentication is an appropriate product for bringing multifactor authentication technology to midsize organizations and large enterprises -- especially those that make use of a variety of external software as a service (SaaS)-based services, such as Google Docs or Dropbox.
Multifactor authentication (MFA) products have been available from CA for many years, both directly and through various channel partners. The Strong Authentication product line comes in both a Windows version (formerly known as AuthMinder) and as a SaaS called CA Secure Cloud, which incorporates CA Advanced Authentication SaaS, CA Single Sign-On SaaS and CA Identity Manager SaaS modules. It's supported on major browsers; PC; and for Android, iOS and Windows mobile devices.
In addition to these, there's a pair of Windows servers -- CA Risk Authentication and Identity Manager -- that companies can choose to deploy on-premises. Both of these are sold separately to handle identity federation and risk-based authentication tasks, respectively.
Strong Authentication integrates with CA's Risk Authentication and Single Sign-On, and all are components of the Advanced Authentication suite.
CA Strong Authentication token and authentication methods
Strong Authentication supports a variety of token methods – such as software and hardware tokens -- and authentication methods like two-factor authentication and knowledge-based authentication. CA offers out-of-band authentication as well, in terms of text message, email or voice delivery of one-time passwords.
CA Strong Authentication's server component provides a flexible administration console, and it does a good job of documenting authentication flows to simplify deployment and management. There are numerous examples and templates that make it easier to get this product set up.
Advanced features of CA's MFA product
For enterprises needing advanced federation features, there is a full integration to the CA Identity Manager product. The public key infrastructure and one-time password software-based credentials deliver a higher level of security than some of the other multifactor authentication products out there, thanks to CA's patented key protection technology, which provides for an additional layer of security.
The product includes full administration capabilities to configure policies, monitor activity and investigate suspected attacks. This makes it easier to keep track of authentication tokens and to understand which applications are running the tighter security methods.
CA Strong Authentication also includes reports for tracking administration, user authentication and transactional (including login) risk assessment. It works with most major applications, including VPNs, the Outlook web app, Salesforce, SharePoint and others.
Some drawbacks and benefits of CA Strong Authentication
The biggest drawback with CA Strong Authentication is having multiple pieces to manage and coordinate; although that can be a plus if you don't need them, and don't have to pay extra for them. That means CA's MFA product can end up being one of the lower cost offerings in the market. Also, some of the other vendors charge per mobile app, while CA's are free. All credential and token authentication options are included in the per-user pricing, whether delivered as SaaS or on-premises.
What you need to know before purchasing MFA software
Here's how to sync up MFA devices for public cloud
See how MFA security tokens have evolved over the years