SecureAuth compatibility guide
Updated November 17, 2020
This topic discusses the items supported for the latest version of SecureAuth products. Please contact support at support.secureauth.com for assistance or with any questions.
Note
SecureAuth is constantly adding support for new browsers and devices to the product. If you do not see the required OS or browser listed here, be sure to visit this document often to see if it has been added.
To get information about product deployment types and the supported Windows server operating systems for new installs and upgrades, see SecureAuth product deployment guide.
Products and Components
Note
SecureAuth IdP version 9.1: SecureAuth deprecated support on July 31, 2020.
SecureAuth IdP version 9.2: SecureAuth will deprecate support on December 31, 2020.
Operating System Name | OS Version Support | Browser Support | Supported by SecureAuth® Identity Platform | Notes | |||
|---|---|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | ||||
Mac OS X 10.9 (Mavericks) | 10.9.0 + | Safari, Chrome | Yes | Yes | Yes | Yes | For security reasons Mavericks versions less than 10.9.2 should not be used (see CVE-2014-1266 ) |
Mac OS X 10.10 (Yosemite) | 10.10.2 | Safari, Chrome | Yes | Yes | Yes | Yes | |
El Capitan | 10.11 | Safari, Chrome | Yes | Yes | Yes | Yes | |
Windows 7 | All | IE, Chrome, Firefox | Yes | Yes | Yes | Yes | SecureAuth will deprecate support for Windows 7 in November 2020. |
Windows 8 | All | IE, Chrome, Firefox | Yes | Yes | Yes | Yes | |
Windows 8.1 | All | IE, Chrome, Firefox | Yes | Yes | Yes | Yes | |
Windows 10 | All | IE, Chrome, Firefox | Yes | Yes | Yes | Yes | |
Windows Server 2016 | All | IE, Chrome, Firefox | Yes | Yes | Yes | Yes | |
Chrome OS (Chromebook & Chromebox) | Chrome OS 41 - 45 | Chrome | Yes | Yes | Yes | Yes | At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported |
Chrome OS (Chromebook & Chromebox) | Chrome OS 46 - 54 | Chrome | Yes | Yes | Yes | Yes | At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported |
Chrome OS (Chromebook & Chromebox) | Chrome OS 55 | Chrome | Yes | Yes | Yes | Yes | At this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported |
Identity Platform version | SecureAuth Connector version | SecureAuth Agent |
|---|---|---|
20.06 | 1.0.34 | 1.2.1 |
19.07.01 | 1.0.33 | 1.1.1 |
19.07 | 0.1.73 | 1.0.0.30 |
Desktop Browser (IdP + Cert) | Version | Supported by SecureAuth Identity Platform | Notes | ||
|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | |||
Microsoft Internet Explorer | 10+ | Yes | Yes | Yes | |
Microsoft Edge | 41+ | Yes | Yes | Yes | Certificate delivery not supported |
Mozilla Firefox | 31+ | Yes | Yes | Yes | |
Apple Safari | 8+ | Yes | Yes | Yes | |
Google Chrome | 40+ | Yes* | Yes* | Yes | * Versions 47 and earlier will not work with 9.1.x or later. Version 39 and later running on OS X will not work with Java certificate delivery functionality |
Desktop Browser (Identity Platform New Experience UI) | Version | Supported by SecureAuth Identity Platform 20.06.xx |
|---|---|---|
Internet Explorer | 11+ | Yes |
Microsoft Edge | 83+ | Yes |
Microsoft Edge (Legacy) | 44 and earlier | Not supported |
Mozilla Firefox | 83+ | Yes |
Apple Safari | 77+ | Yes |
Google Chrome | 13.1+ | Yes |
Product Component | Version | Supported by SecureAuth Identity Platform | Notes | |||
|---|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | |||
Java Certificate Applet | 8 | Yes | Yes | Yes | Yes | Google Chrome on OS X versions 39+ are not supported |
JRE for RADIUS Server 1.0.1.10 | 8 | No | No | No | Yes | |
JRE for RADIUS Server 19.06 and later | 8 | Yes | Yes | Yes | Yes | JRE version 8 of AdoptOpenJDK |
Note
Refer to SecureAuth IdP Java Troubleshooting for more information
User Directory | Version | Supported by SecureAuth Identity Platform | |||||
|---|---|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx (hybrid) | 19.07.xx (cloud) | 20.06.xx (hybrid)* | 20.06.xx (cloud) | ||
Active Directory (AD) | 2003 - 2016 | Yes | Yes | Yes | Yes | Yes | Yes |
LDAP v3 | v3 | Yes | Yes | Yes | No | Yes | Yes |
AD-LDS | 2008, 2012 | Yes | Yes | Yes | No | Yes | No |
Lotus Domino | v9 | Yes | Yes | Yes | No | Yes | No |
MS-SQL | 2005 + | Yes | Yes | Yes | Yes | Yes | Yes |
ODBC | All SecureAuth IdP Supported OS Platforms | Yes | Yes | Yes | No | Yes | No |
ASPNETDB | .NET2 + | Yes | Yes | Yes | No | Yes | No |
SecureAuth IdP Web Service (Multi-data Store) | SecureAuth IdP 7.5 + | Yes | Yes | Yes | No | Yes | No |
Sun ONE (ODSEE) | 11.1.1.5.0 | Yes | Yes | Yes | No | Yes | No |
Azure AD | 2015 | Yes | Yes | Yes | No | Yes | Yes |
Oracle Database | 11.2, 12.1 | Yes | Yes | Yes | No | Yes | Yes |
NetIQ eDirectory | 8.8 SP8 | Yes | Yes | Yes | No | Yes | Yes |
* Not all directories are supported in the Identity Platform New Experience, but all are supported through the Classic Experience.
Accepted Identity Types | Version | SecureAuth Identity Platform Support | |||
|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | ||
SecureAuth Web SSO Token | 2.0 - 4.5 | Yes | Yes | Yes | Yes |
SAML | 2.0 | Yes | Yes | Yes | Yes |
OpenID | 2.0 | Yes | Yes | Yes | Yes |
Integrated Windows - NTLM / Kerberos | 2003 - 2012R2 | Yes | Yes | Yes | Yes |
X.509 Certificate | X.509 v3 | Yes | Yes | Yes | Yes |
Common Access Card (CAC) | N/A | Yes | Yes | Yes | Yes |
Personal Identity Verification (PIV) Card | N/A | Yes | Yes | Yes | Yes |
Smartcard | N/A | Yes | Yes | Yes | Yes |
Cisco ISE / pxGrid | 1.3 | Yes | Yes | Yes | Yes |
Post-authentication Action | Version | Supported by SecureAuth Identity Platform | Notes | |||
|---|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | |||
SAML | 1.1, 2.0 | Yes | Yes | Yes | Yes | 1.1 support is limited |
OpenID | 2.0 | Yes | Yes | Yes | Yes | |
OpenID Connect (limited profile support) | 1.0 | Yes | Yes | Yes | Yes | |
OpenID Connect (full profile support) | 1.0 | Yes | Yes | Yes | Yes | |
WS-Federation | 1.2, 1.3 | Yes | Yes | Yes | Yes | |
WS-Trust | 1.2, 1.3 | Yes | Yes | Yes | Yes | |
Mobile | Supported iOS / Android Versions | Yes | Yes | Yes | Yes | The mobile app uses a browser for authentication, so multiple mobile apps can read the authentication cookie to enable SSO. |
Web Token (FBA) | Supported Browsers | Yes | Yes | Yes | Yes | |
X.509 Certificate (Java and Native) | SecureAuth CA | Yes | Yes | Yes | Yes | |
OAuth | 2.0 | Yes | Yes | Yes | Yes | |
Form-based | N/A | Yes | Yes | Yes | Yes | |
Android and iOS mobile devices
Android Mobile Device | iOS Mobile Device | ||||||||
Authenticate App Version | 5.x (Lollipop) | 6.x (Marshmallow) | 7.x (Nougat) | 8.x (Oreo) | 9.x (Pie) | 10.x (Q) | iOS 11.x | iOS 12.x | iOS 13.x |
|---|---|---|---|---|---|---|---|---|---|
19.12.xx | x | x | x | x | x | x | x | x | x |
20.03.xx | x | x | x | x | x | x | x | ||
Android and Apple paired watches, and Chromebook
Android Wear OS Paired Watch | Apple Series Paired Watch | Chromebook | |||||
Authenticate App Version | AW w1 | AW w2 | Apple Series 1 | Apple Series 2 | Apple Series 3 | Apple Series 4 | Chrome OS |
|---|---|---|---|---|---|---|---|
19.12.xx | x | x | x (watchOS 4) | x (watchOS 4) | x (watchOS 4 and 5) | x (watchOS 4 and 5) | x (76.x.x.x) |
20.03.xx | x | x | x (watchOS 4) | x (watchOS 4) | x (watchOS 4 and 5) | x (watchOS 4 and 5) | x (80.x.x..x) |
Physical and Logical PC and Server Protection - Login for Windows | Supported by SecureAuth Identity Platform | Notes | |||
|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | ||
Windows 8.1 32-bit / 64-bit | Yes | Yes | Yes | Yes | Windows OS version |
Windows 10 64-bit | Yes | Yes | Yes | Yes | Windows OS version |
Windows 2012 64-bit | Yes | Yes | Yes | Yes | Windows Server OS version |
Windows 2012 R2 64-bit | Yes | Yes | Yes | Yes | Windows Server OS version |
Windows 2016 64-bit | Yes | Yes | Yes | Yes | Windows Server OS version |
Windows 2019 64-bit | Yes | Yes | Yes | Yes | Windows Server OS version |
Physical and Logical PC and Server Protection - Login for Mac | Supported by SecureAuth Identity Platform | Notes | |||
|---|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | ||
macOS 10.13: High Sierra (Lobo) | Yes | Yes | Yes | Yes | minimum macOS version |
macOS 10.14: Mojave (Liberty) | Yes | Yes | Yes | Yes | minimum macOS version |
macOS 10.15: Catalina | No | Yes | Yes | Yes | minimum macOS version |
Supported Servers | Supported Protocols | SecureAuth Identity Platform Adaptive Authentication IP Checking Feature | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| ||||||||||
Port Settings | ||||||||||||
Inbound:
| ||||||||||||
RADIUS VPN and Product Support | ||||||||||||
The following basic connectivity parameters must be configured on RADIUS clients to be used with the Identity Platform:
A valid certificate must be installed if using NetMotion Wireless VPN. The following is a sample RADIUS authentication server configuration: | ||||||||||||
Add Server Dialog | SecureAuth Identity Platform RADIUS Server Information | Notes | ||||||||||
Name | RADIUS Server friendly description name | This configuration enables the administrator to control static IP assignment of the VPN client via SecureAuth Identity Platform and the RADIUS server. NOTE: SecureAuth IdP RADIUS server v19.06 or later can be configured to pass an IP address to the VPN for static IP assignment to the VPN client (for example: PC or Mac). See SecureAuth IdP RADIUS Server Static IP Address Configuration Guide for steps. | ||||||||||
RADIUS Server | IP Address or Name of the RADIUS Server | |||||||||||
Authentication Port | 1812 | |||||||||||
Shared Secret | SecureAuth RADIUS Shared Secret | |||||||||||
Timeout | 60 Seconds (recommended) | |||||||||||
Retries | 3 (recommended) | |||||||||||
YubiKey Products | Supported by SecureAuth® Identity Platform | |||
|---|---|---|---|---|
9.2.x | 9.3.x | 19.07.xx | 20.06.xx | |
YubiKey 5 | Yes | Yes | Yes | Yes |
YubiKey 5 Nano | Yes | Yes | Yes | Yes |
YubiKey 4 | Yes | Yes | Yes | Yes |
YubiKey 4 Nano | Yes | Yes | Yes | Yes |
YubiKey Neo | Yes | Yes | Yes | Yes |
YubiKey Neo-N | Yes | Yes | Yes | Yes |
YubiKey Edge / YubiKey Edge-N | Yes | Yes | Yes | Yes |
YubiKey Standard / YubiKey Nano | Yes | Yes | Yes | Yes |
Tested FIDO2 devices
SecureAuth Identity Platform version 20.06.xx supports the following FIDO2 devices; however, any WebAuthn-compliant device should work for enrollment and authentication on supported browsers.
FIDO2 Device | Type | Login Device | Browser | Notes |
|---|---|---|---|---|
Windows Hello OS | PIN | Windows desktop, laptop | Google Chrome Mozilla Firefox Microsoft Edge | |
Windows Hello OS | Fingerprint | Windows desktop, laptop | Google Chrome Mozilla Firefox Microsoft Edge | |
Android OS | PIN | Android mobile | Google Chrome Mozilla Firefox | |
Android OS | Fingerprint | Android mobile | Google Chrome Mozilla Firefox | |
Mac OS | Password | Mac desktop, laptop | Google Chrome | |
Mac OS | Fingerprint | Mac desktop, laptop | Google Chrome | |
Google Titan Security Key | NFC | Windows desktop, laptop Android mobile | Google Chrome Mozilla Firefox Microsoft Edge* | *Supported on Windows desktop / laptop only |
Google Titan Security Key | USB | Windows desktop, laptop Android mobile | Google Chrome Mozilla Firefox Microsoft Edge* | *Supported on Windows desktop / laptop only |
Google Titan Security Key | Bluetooth | Windows desktop, laptop Android mobile | Google Chrome Mozilla Firefox Microsoft Edge* | *Supported on Windows desktop / laptop only |
YubiKey 5 | USB | Windows desktop, laptop Mac desktop, laptop Android mobile | Google Chrome Mozilla Firefox Microsoft Edge* Apple Safari* | *Supported on Windows desktop / laptop only |
YubiKey 5 | NFC | Android mobile | Google Chrome Mozilla Firefox |