What is the SecureAuth® Identity Platform?
The SecureAuth® Identity Platform is a flexible and adaptable identity and access management solution that helps organizations prevent the misuse of credentials and eliminate identity-related breaches. The Identity Platform provides organizations with the same secure and dependable SecureAuth identity and data safety as previous versions while giving organizations the freedom to choose the deployment model that works best: cloud, hybrid, or on-premises (on-prem).
The SecureAuth® Intelligent Identity Cloud model was created to assist customers who do not want to host their own environment, as well as the following benefits:
Retain identity and data security: As with SecureAuth IdP version 9.3 and earlier, the Identity Platform offers the same layered-on multi-factor authentication that gives identity management features to your data stores. Admins can use the same configurable workflows, adaptive authentication, and single-sign on (SSO) destinations.
Automatic software updates: Software stays up-to-date without the downtime of manual updates, giving you the advantages of the latest in security updates. SecureAuth ensures that customers get the latest vulnerability-driven fixes quickly, while planning around customer scheduled feature releases.
Single-tenant model: SecureAuth hosts each customer's software separately on the cloud, so data is separated among customers. This means that if one customer suffers a security breach, only that customer's data is impacted.
Additional security: On-prem local data store gives additional security to profile data, such as tokens and seeds. The SecureAuth Connector looks up user ID information, including first names, last names, user names, passwords, email addresses, phone numbers, and groups stored on the local data store server to identify users to deliver two-factor authentication. Using real-time users' credentials on site is by design and this added security differentiates the SecureAuth cloud deployment from our competitors. SecureAuth user IDs remain at the customer site so the data is not constantly being pulled into the cloud through synchronization, as occurs with competitor solutions. Therefore, delays do not occur between SecureAuth user ID changes in the data store (Active Directory, SQL Server) and corporate network cloud applications because user IDs remain in your local data stores.
Lower cost of ownership: Organizations no longer need a facility to host the software or specialized staff to manage the software.
Data security: With cloud-based multi-factor authentication (MFA), get secure access to applications, systems, and files, all while keeping assets safe across the enterprise.
Customized energy consumption: Use only the server capacity that you need to right-size your enterprise's carbon footprint, while attaining a sustainable solution.
In addition to choosing a model of use, such as cloud, hybrid, or on-prem, your organization also has a choice of Identity Platform packages, which are discussed later in this topic.
Identity Platform deployment models
Some reasons for using the cloud, hybrid, and on-prem solutions are discussed next.
Cloud model use cases
The use cases for moving to SecureAuth Intelligent Identity Cloud are discussed in the bullet points above. The SecureAuth Intelligent Identity Cloud is administered by using the Identity Platform user interface (UI); however, as shown in the table below, if your team uses certain post-authentication and endpoint features, you will administer those features by using the Classic Experience UI.
Hybrid model use cases
The hybrid model might be right for organizations in the following scenarios.
Organization has customizations that are business-critical but are not supported in the Identity Platform cloud deployment.
Organization needs to remain on Integrated Windows Authentication (IWA), Simple Certificate Enrollment Protocol (SCEP), or data stores other than Active Directory or Microsoft SQL Server, which are not yet supported by the Identity Platform cloud deployment.
Existing customers want to access their appliance over Remote Desktop Protocol (RDP) to gain more control over the appliance. (Cloud deployment does not support RDP.)
Admins will administer the hybrid model by using SecureAuth IdP version 9.3 or the Identity Platform.
On-prem model use cases
The on-prem model might be right for organizations in the following scenarios.
Government organizations that require maximum security off the cloud or that have specific security concerns where a cloud solution will not work.
Organizations that must align with specific legal or regulatory compliance, where your legal team might not approve moving your data to the cloud, even with SecureAuth's General Data Protection Regulation (GDPR) compliance.
Admins will administer the on-prem model by using SecureAuth IdP version 9.2.
The following table compares the different ways to use the Identity Platform and where features and functionality reside for cloud, hybrid, and on-prem environments.
Major features/functionality | Cloud | Hybrid | On premises |
|---|---|---|---|
Data stores | Hosted by customer | Hosted by customer | Hosted by customer |
Services | Reside on the cloud and on customer servers | Reside on the cloud and on customer appliances | Reside on customer appliances |
Newest User Interface | Identity Platform | Identity Platform | SecureAuth IdP 9.2 |
Applications, add* | Identity Platform, Application Manager (for SAML** and WS-Federation); other Post-Authentication features, Classic Experience, realms | Identity Platform, Application Manager (for SAML** and WS-Federation); other Post-Authentication features, Classic Experience, realms | SecureAuth IdP 9.2, realms |
Global MFA set up* | Identity Platform | Identity Platform | SecureAuth IdP 9.2 |
Adaptive Authentication setup (including Policies) | Identity Platform | Identity Platform | SecureAuth IdP 9.2 |
Endpoints products (Login for Endpoints, Authenticate mobile app, SecureAuth RADIUS server) | Identity Platform for some pieces; Classic Experience, realms for other pieces | Identity Platform for some pieces; Classic Experience, realms for other pieces | Classic Experience, realms |
IWA, data stores other than Active Directory or SQL Server, Admin UI customizations, SCEP, some custom MFA methods, highly customized themes | Unavailable in the Identity Platform | Available in Classic Experience | Available in SecureAuth IdP 9.2 |
* If you are integrating a supported application in the Identity Platform by using the SAML or WS-Federation templates, configure the supported application by using the Global Multi-Factor Authentication and Policies pages in the Identity Platform. Configure unsupported post-authentication pages in the SecureAuth Classic Experience.
** Security Assertion Markup Language
Identity Platform packages
SecureAuth offers three packages to secure your organization's identities and authentication profile data.
To learn about the security features available in the SecureAuth® Identity Platform packages, see your SecureAuth Sales Representative.
If you are unsure of the package your organization has purchased or if your organization wants to change to a different package, contact your SecureAuth Account Manager.