Multifactor authentication: A buyer's guide to MFA products
A collection of articles that takes you from defining technology needs to purchasing options
The IDENTIKEY Authentication Server, which includes multifactor authentication software tools and DIGIPASS tokens offered by VASCO Data Security International Inc., adds additional security measures to standard username/password logins across a wide range of servers and services. This stops unauthorized logins, even when passwords have been compromised and shared among many different services.
These multifactor authentication (MFA) tools are appropriate for midsize and large enterprises, especially those that want to make use of a variety of external software-as-a-service offerings.
VASCO has been one of the leaders in multifactor authentication for two decades, as is evident from the breadth and depth of its offerings (see table below). It supports a wide selection of token and server types, mobile operating systems, phones and authentication methods.
This makes the product a lot more flexible and useful for a greater variety of use cases, as well as enabling it to secure a lot more applications than a number of its competitors. The downside is that there are multiple pieces of this MFA product that have to be purchased and integrated together to provide a full platform.
By contrast, cloud-based tools, such as Okta, have fewer moving parts and better integration.
IDENTIKEY servers and applications
The company has several product lines that work together. The VASCO IDENTIKEY Authentication Server family of products is the company's off-the-shelf authentication product that supports applications that can utilize industry standard protocols, such as Active Directory, RADIUS, Lightweight Directory Access Protocol and Simple Object Access Protocol (SOAP). In addition, VASCO provides DIGIPASS Authentication plugins for the Outlook Web App, Citrix StoreFront, Microsoft Active Directory Federation Services 3.0, Microsoft's Internet Information Service web server and Remote Desktop Web interfaces.
VASCO also offers an API-based tool called VACMAN Controller that the customer can integrate into their existing applications. The controller enables customers to add MFA support to any application and just about any workflow they wish.
The VASCO IDENTIKEY comes as Windows or Linux software, runs on most hypervisors (VMware, Citrix, Hyper-V) and is also available as a physical or virtual appliance for on-premises deployments, or as a cloud-based, managed authentication service.
VASCO DIGIPASS tokens
VASCO has been in the token business for a long time, dating back to when its tokens were first used to secure interactive voice response systems. In addition to the usual types of tokens mentioned, VASCO also supports web-based and Windows software-type tokens.
Administrators can determine which end users have access to certain user and DIGIPASS pools, as well as who can assign them, and which DIGIPASS types they can use on each policy.
Unfortunately, customers will also need to review separate manuals for each of these components. Provisioning and activation of the DIGIPASS software has become an easier task since VASCO released the User Self-Management website for that purpose.
The VASCO product requires a separate federation server for its Security Assertion Markup Language (SAML) 2.0 support, but once this is set up, the functionality is similar to other vendors' software.
IDENTIKEY Authentication Server reporting
Reports are available in a wide selection of PDF, HTML and XML formats. There are more than 30 report templates that can be customized in a variety of ways and then downloaded once they are complete.
There are also numerous preset policies that can be customized -- along with menus -- to set authentication for particular groups, or for situations such as logins from internal versus external machines. This makes getting the right reports generated for either management or support staff a lot easier and more useful.
VASCO IDENTIKEY pricing
There are also three grades for server software pricing: the standard level, which doesn't include any software application agents; the gold level, which includes 10 web-based applications, such as Outlook Web Access and Citrix Receiver, along with high-availability support; and the enterprise level, which includes all connectors and the higher support level.
Mobile software tokens cost extra, and VASCO sells through a two-tiered reseller network. Support for 24/7 responses is extra.
VASCO IDENTIKEY Authentication Server is a powerful tool that has sold many tokens over the years, and which supports a wide variety of applications and use cases. While its pricing is complex, VASCO offers comparative features to RSA, but at a more affordable price. This product also comes in a cloud-based version.
Learn more about the benefits of multifactor authentication in the enterprise
Learn why security experts believe multifactor authentication is a critical component for cloud security