SecureAuth compatibility guide

Updated November 17, 2020

This topic discusses the items supported for the latest version of SecureAuth products. Please contact support at support.secureauth.com for assistance or with any questions.

Note

SecureAuth is constantly adding support for new browsers and devices to the product. If you do not see the required OS or browser listed here, be sure to visit this document often to see if it has been added.

To get information about product deployment types and the supported Windows server operating systems for new installs and upgrades, see SecureAuth product deployment guide.

Products and Components

Note

SecureAuth IdP version 9.1: SecureAuth deprecated support on July 31, 2020.

SecureAuth IdP version 9.2: SecureAuth will deprecate support on December 31, 2020.

Operating System Name

OS Version Support

Browser Support

Supported by SecureAuth® Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

20.06.xx

Mac OS X 10.9 (Mavericks)

10.9.0 +

Safari, Chrome

Yes

Yes

Yes

Yes

For security reasons Mavericks versions less than 10.9.2 should not be used (see CVE-2014-1266 )

Mac OS X 10.10 (Yosemite)

10.10.2

Safari, Chrome

Yes

Yes

Yes

Yes

El Capitan

10.11

Safari, Chrome

Yes

Yes

Yes

Yes

Windows 7

All

IE, Chrome, Firefox

Yes

Yes

Yes

Yes

SecureAuth will deprecate support for Windows 7 in November 2020.

Windows 8

All

IE, Chrome, Firefox

Yes

Yes

Yes

Yes

Windows 8.1

All

IE, Chrome, Firefox

Yes

Yes

Yes

Yes

Windows 10

All

IE, Chrome, Firefox

Yes

Yes

Yes

Yes

Windows Server 2016

All

IE, Chrome, Firefox

Yes

Yes

Yes

Yes

Chrome OS (Chromebook & Chromebox)

Chrome OS 41 - 45

Chrome

Yes

Yes

Yes

Yes

At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported

Chrome OS (Chromebook & Chromebox)

Chrome OS 46 - 54

Chrome

Yes

Yes

Yes

Yes

At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported

Chrome OS (Chromebook & Chromebox)

Chrome OS 55

Chrome

Yes

Yes

Yes

Yes

At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported

Identity Platform version

SecureAuth Connector version

SecureAuth Agent

20.06

1.0.34

1.2.1

19.07.01

1.0.33

1.1.1

19.07

0.1.73

1.0.0.30

Desktop Browser (IdP + Cert)

Version

Supported by SecureAuth Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

Microsoft Internet Explorer

10+

Yes

Yes

Yes

Microsoft Edge

41+

Yes

Yes

Yes

Certificate delivery not supported

Mozilla Firefox

31+

Yes

Yes

Yes

Apple Safari

8+

Yes

Yes

Yes

Google Chrome

40+

Yes*

Yes*

Yes

* Versions 47 and earlier will not work with 9.1.x or later.

Version 39 and later running on OS X will not work with Java certificate delivery functionality

Desktop Browser (Identity Platform New Experience UI)

Version

Supported by SecureAuth Identity Platform

20.06.xx

Internet Explorer

11+

Yes

Microsoft Edge

83+

Yes

Microsoft Edge (Legacy)

44 and earlier

Not supported

Mozilla Firefox

83+

Yes

Apple Safari

77+

Yes

Google Chrome

13.1+

Yes

Product Component

Version

Supported by SecureAuth Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

20.06.xx

Java Certificate Applet

8

Yes

Yes

Yes

Yes

Google Chrome on OS X versions 39+ are not supported

JRE for RADIUS Server 1.0.1.10

8

No

No

No

Yes

JRE for RADIUS Server 19.06 and later

8

Yes

Yes

Yes

Yes

JRE version 8 of AdoptOpenJDK

Note

Refer to SecureAuth IdP Java Troubleshooting for more information

User Directory

Version

Supported by SecureAuth Identity Platform

9.2.x

9.3.x

19.07.xx (hybrid)

19.07.xx (cloud)

20.06.xx (hybrid)*

20.06.xx (cloud)

Active Directory (AD)

2003 - 2016

Yes

Yes

Yes

Yes

Yes

Yes

LDAP v3

v3

Yes

Yes

Yes

No

Yes

Yes

AD-LDS

2008, 2012

Yes

Yes

Yes

No

Yes

No

Lotus Domino

v9

Yes

Yes

Yes

No

Yes

No

MS-SQL

2005 +

Yes

Yes

Yes

Yes

Yes

Yes

ODBC

All SecureAuth IdP Supported OS Platforms

Yes

Yes

Yes

No

Yes

No

ASPNETDB

.NET2 +

Yes

Yes

Yes

No

Yes

No

SecureAuth IdP Web Service (Multi-data Store)

SecureAuth IdP 7.5 +

Yes

Yes

Yes

No

Yes

No

Sun ONE (ODSEE)

11.1.1.5.0

Yes

Yes

Yes

No

Yes

No

Azure AD

2015

Yes

Yes

Yes

No

Yes

Yes

Oracle Database

11.2, 12.1

Yes

Yes

Yes

No

Yes

Yes

NetIQ eDirectory

8.8 SP8

Yes

Yes

Yes

No

Yes

Yes

* Not all directories are supported in the Identity Platform New Experience, but all are supported through the Classic Experience.

Accepted Identity Types

Version

SecureAuth Identity Platform Support

9.2.x

9.3.x

19.07.xx

20.06.xx

SecureAuth Web SSO Token

2.0 - 4.5

Yes

Yes

Yes

Yes

SAML

2.0

Yes

Yes

Yes

Yes

OpenID

2.0

Yes

Yes

Yes

Yes

Integrated Windows - NTLM / Kerberos

2003 - 2012R2

Yes

Yes

Yes

Yes

X.509 Certificate

X.509 v3

Yes

Yes

Yes

Yes

Common Access Card (CAC)

N/A

Yes

Yes

Yes

Yes

Personal Identity Verification (PIV) Card

N/A

Yes

Yes

Yes

Yes

Smartcard

N/A

Yes

Yes

Yes

Yes

Cisco ISE / pxGrid

1.3

Yes

Yes

Yes

Yes

Post-authentication Action

Version

Supported by SecureAuth Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

20.06.xx

SAML

1.1, 2.0

Yes

Yes

Yes

Yes

1.1 support is limited

OpenID

2.0

Yes

Yes

Yes

Yes

OpenID Connect (limited profile support)

1.0

Yes

Yes

Yes

Yes

OpenID Connect (full profile support)

1.0

Yes

Yes

Yes

Yes

WS-Federation

1.2, 1.3

Yes

Yes

Yes

Yes

WS-Trust

1.2, 1.3

Yes

Yes

Yes

Yes

Mobile

Supported iOS / Android Versions

Yes

Yes

Yes

Yes

The mobile app uses a browser for authentication, so multiple mobile apps can read the authentication cookie to enable SSO.

Web Token (FBA)

Supported Browsers

Yes

Yes

Yes

Yes

X.509 Certificate (Java and Native)

SecureAuth CA

Yes

Yes

Yes

Yes

OAuth

2.0

Yes

Yes

Yes

Yes

Form-based

N/A

Yes

Yes

Yes

Yes

Android and iOS mobile devices

Android Mobile Device

iOS Mobile Device

Authenticate App Version

5.x

(Lollipop)

6.x

(Marshmallow)

7.x

(Nougat)

8.x

(Oreo)

9.x

(Pie)

10.x

(Q)

iOS

11.x

iOS

12.x

iOS

13.x

19.12.xx

x

x

x

x

x

x

x

x

x

20.03.xx

x

x

x

x

x

x

x

Android and Apple paired watches, and Chromebook

Android Wear OS Paired Watch

Apple Series Paired Watch

Chromebook

Authenticate App Version

AW w1

AW w2

Apple Series 1

Apple Series 2

Apple Series 3

Apple Series 4

Chrome OS

19.12.xx

x

x

x

(watchOS 4)

x

(watchOS 4)

x

(watchOS 4 and 5)

x

(watchOS 4 and 5)

x

(76.x.x.x)

20.03.xx

x

x

x

(watchOS 4)

x

(watchOS 4)

x

(watchOS 4 and 5)

x

(watchOS 4 and 5)

x

(80.x.x..x)

Physical and Logical PC and Server Protection - Login for Windows

Supported by SecureAuth Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

20.06.xx

Windows 8.1 32-bit / 64-bit

Yes

Yes

Yes

Yes

Windows OS version

Windows 10 64-bit

Yes

Yes

Yes

Yes

Windows OS version

Windows 2012 64-bit

Yes

Yes

Yes

Yes

Windows Server OS version

Windows 2012 R2 64-bit

Yes

Yes

Yes

Yes

Windows Server OS version

Windows 2016 64-bit

Yes

Yes

Yes

Yes

Windows Server OS version

Windows 2019 64-bit

Yes

Yes

Yes

Yes

Windows Server OS version

Physical and Logical PC and Server Protection - Login for Mac

Supported by SecureAuth Identity Platform

Notes

9.2.x

9.3.x

19.07.xx

20.06.xx

macOS 10.13: High Sierra (Lobo)

Yes

Yes

Yes

Yes

minimum macOS version

macOS 10.14: Mojave (Liberty)

Yes

Yes

Yes

Yes

minimum macOS version

macOS 10.15: Catalina

No

Yes

Yes

Yes

minimum macOS version

Supported Servers

Supported Protocols

SecureAuth Identity Platform Adaptive Authentication IP Checking Feature

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

  • PAP

  • PEAP (NetMotion only)

  • MS-CHAPv2 for Cisco and Netscaler

Platform

RADIUS end user IP

Cisco Systems

Calling-Station-Id

Citrix NetScaler

Calling-Station-Id

Juniper Networks

Tunnel-Client-Endpoint

Palo Alto Networks

Palo Alto-Client-Source-IP

Port Settings

Inbound:

  • Allow RADIUS Listener – Default is UDP port 1812.

  • Block TCP port 8088 – This port is used for the administrative web interface and should be blocked for security reasons.

RADIUS VPN and Product Support

The following basic connectivity parameters must be configured on RADIUS clients to be used with the Identity Platform:

  • RADIUS server IP address

  • Shared secret to use between the RADIUS server and RADIUS clients

  • Port 1812 to use for RADIUS authentication requests, and Port "0" for accounting when applicable or if used as the default port

  • Timeout value Retries value

  • Connection profile that will use the SecureAuth RADIUS authentication serverGroup policy of the connection profile to identify resources end users can access once logged on the network

A valid certificate must be installed if using NetMotion Wireless VPN.

The following is a sample RADIUS authentication server configuration:

Add Server Dialog

SecureAuth Identity Platform RADIUS Server Information

Notes

Name

RADIUS Server friendly description name

This configuration enables the administrator to control static IP assignment of the VPN client via SecureAuth Identity Platform and the RADIUS server.

NOTE: SecureAuth IdP RADIUS server v19.06 or later can be configured to pass an IP address to the VPN for static IP assignment to the VPN client (for example: PC or Mac). See SecureAuth IdP RADIUS Server Static IP Address Configuration Guide for steps.

RADIUS Server

IP Address or Name of the RADIUS Server

Authentication Port

1812

Shared Secret

SecureAuth RADIUS Shared Secret

Timeout

60 Seconds (recommended)

Retries

3 (recommended)

YubiKey Products

Supported by SecureAuth® Identity Platform

9.2.x

9.3.x

19.07.xx

20.06.xx

YubiKey 5

Yes

Yes

Yes

Yes

YubiKey 5 Nano

Yes

Yes

Yes

Yes

YubiKey 4

Yes

Yes

Yes

Yes

YubiKey 4 Nano

Yes

Yes

Yes

Yes

YubiKey Neo

Yes

Yes

Yes

Yes

YubiKey Neo-N

Yes

Yes

Yes

Yes

YubiKey Edge / YubiKey Edge-N

Yes

Yes

Yes

Yes

YubiKey Standard / YubiKey Nano

Yes

Yes

Yes

Yes

Tested FIDO2 devices

SecureAuth Identity Platform version 20.06.xx supports the following FIDO2 devices; however, any WebAuthn-compliant device should work for enrollment and authentication on supported browsers.

FIDO2 Device

Type

Login Device

Browser

Notes

Windows Hello OS

PIN

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge

Windows Hello OS

Fingerprint

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge

Android OS

PIN

Android mobile

Google Chrome

Mozilla Firefox

Android OS

Fingerprint

Android mobile

Google Chrome

Mozilla Firefox

Mac OS

Password

Mac desktop, laptop

Google Chrome

Mac OS

Fingerprint

Mac desktop, laptop

Google Chrome

Google Titan Security Key

NFC

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

USB

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

Bluetooth

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

YubiKey 5

USB

Windows desktop, laptop

Mac desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

Apple Safari*

*Supported on Windows desktop / laptop only

YubiKey 5

NFC

Android mobile

Google Chrome

Mozilla Firefox