Multifactor authentication: A buyer's guide to MFA products
A collection of articles that takes you from defining technology needs to purchasing options
SafeNet's Authentication Service (SAS) is a multifactor authentication (MFA) software product that adds supplementary security measures to standard user name/password logins for a variety of servers and services. It prevents unauthorized logins by enabling organizations to require additional factors (via biometrics or smartphones) when users attempt to access company resources and applications.
The solution is appropriate for midsize to large enterprises, especially for those that want to make use of a variety of external software as a service (SaaS)-based services.
While we cover just the SaaS version here, SafeNet also offers Windows-based Authentication Manager servers with similar features but for on-premises installations. This is comparable to the way some of the other vendors in this space (take CA, for example) also offer two separate products with essentially the same features.
Organizations with multifactor authentication needs that lean more towards on-premises server protection should consider SafeNet's Authentication Manager for Windows service rather than the SaaS edition.
SafeNet tokens and pricing
SafeNet has a variety of token, mobile and desktop authenticators (see table). Its wide selection even includes an interesting "grid" hardware-based token that asks users to type in a pattern, similar to what's available on most Android smartphones today.
The service is also unusual in that it offers subscription-based pricing, which includes a single copy of its server software and one SMS token per user. This makes it easier for organizations to calculate expected deployment costs. Additional tokens cost extra.
Subscriptions include all support and maintenance costs on a per-user per-month basis. And there are additional support plans that offer more coverage and faster response times for an added fee.
SafeNet management and administration
SafeNet has the most extensive policies, role assignments and user groups of any of the MFA products we tested, and this allows IT to more easily set up different authentication levels for different individuals and groups.
It also has a flexible and customizable token provisioning and approval workflow, which can include such entities as Issuing Authority, Shipping Authority and multiple approver levels. Once tokens are provisioned, users receive a self-enrollment email to complete the process.
There's even a self-service portal where users can reset their PINs or request additional tokens. SafeNet supports a variety of applications, including VPN, Salesforce, Outlook Web App, SharePoint, local network file shares and other SaaS-based services.
It also offers custom integrations with its Authentication API (in .NET and Java) to enable custom authentication from an application or network device that does not support or does not want to use such industry standards as RADIUS and Security Assertion Markup Language (SAML). In addition, SafeNet's management API supports user and token management without use of the standard Web user interface, and lets the integrator invoke any or all of the user interface functionality from external applications.
One of SafeNet's strengths is its reporting tools. It includes more than 40 reports across four different categories: billing, inventory management, compliance and security policy. All reports can be customized, run as required or scheduled to run at regular intervals.
Reports can be viewed through the management UI, downloaded or automatically delivered to specified email addresses or sent via FTP to a particular file server location.
SafeNet has been in the authentication game for quite some time, and the maturity of its product shows. With subscription pricing, a wide variety of tokens and applications supported, and solid reporting tools, it is a very effective choice to enable multifactor authentication for improving login security.
About the author:
David Strom is a freelance writer and former editor in chief of several information technology publications. He has written for many TechTarget properties since 2000. His blog can be found here and @dstrom on Twitter.
Learn the basics of multifactor authentication in the enterprise and read this comparison of the top multifactor authentication methods.
Learn why security experts believe multifactor authentication is a critical component for cloud security.