Documentation


Updated August 28, 2020

This topic discusses the items supported for the latest version of SecureAuth products. Please contact support at support.secureauth.com  for assistance or with any questions.

SecureAuth is constantly adding support for new browsers and devices to the product. If you do not see the required OS or browser listed here, be sure to visit this document often to see if it has been added.

To get information about product deployment types and the supported Windows server operating systems for new installs and upgrades, see SecureAuth product deployment guide

Products and Components

SecureAuth IdP version 9.1: SecureAuth deprecated support on July 31, 2020. 

SecureAuth IdP version 9.2: SecureAuth will deprecate support on December 31, 2020.

Operating Systems
Operating System NameOS Version SupportBrowser SupportSupported by SecureAuth® Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
Mac OS X 10.9 (Mavericks)10.9.0 +Safari, ChromeYesYesYesYesFor security reasons Mavericks versions less than 10.9.2 should not be used (see CVE-2014-1266 )
Mac OS X 10.10 (Yosemite)10.10.2Safari, ChromeYesYesYesYes
El Capitan10.11Safari, ChromeYesYesYesYes
Windows 7 AllIE, Chrome, FirefoxYesYesYesYesSecureAuth will deprecate support for Windows 7 in November 2020.
Windows 8AllIE, Chrome, FirefoxYesYesYesYes
Windows 8.1AllIE, Chrome, FirefoxYesYesYesYes
Windows 10AllIE, Chrome, FirefoxYesYesYesYes
Windows Server 2016AllIE, Chrome, FirefoxYesYesYesYes
Chrome OS (Chromebook & Chromebox)Chrome OS 41 - 45ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Chrome OS (Chromebook & Chromebox)Chrome OS 46 - 54ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Chrome OS (Chromebook & Chromebox)Chrome OS 55ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Browser for End User Login
Desktop Browser (IdP + Cert)VersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx
Microsoft Internet Explorer10+YesYesYes
Microsoft Edge41+YesYesYesCertificate delivery not supported
Mozilla Firefox31+YesYesYes
Apple Safari8+YesYesYes
Google Chrome40+Yes*Yes*Yes

* Versions 47 and earlier will not work with 9.1.x or later.

Version 39 and later running on OS X will not work with Java certificate delivery functionality

Desktop Browser (Identity Platform
New Experience UI)
VersionSupported by SecureAuth Identity PlatformNotes
20.06.xx

Internet Explorer

11+

Yes


Microsoft Edge

83+

Yes


Microsoft Edge (Legacy)44 and earlierNot supported

Mozilla Firefox

83+

Yes


Apple Safari

77+

Yes


Google Chrome

13.1+

Yes


Java
Product ComponentVersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
Java Certificate Applet8YesYesYesYesGoogle Chrome on OS X versions 39+ are not supported
JRE for RADIUS Server 1.0.1.108NoNoNoYes
JRE for RADIUS Server 19.06 and later8YesYesYesYesJRE version 8 of AdoptOpenJDK
Refer to SecureAuth IdP Java Troubleshooting for more information
Directories

User Directory

VersionSupported by SecureAuth Identity Platform
9.2.x9.3.x19.07.xx (hybrid)19.07.xx (cloud)20.06.xx (hybrid)*20.06.xx (cloud)
Active Directory (AD)2003 - 2016YesYesYesYesYesYes
LDAP v3v3YesYesYesNoYesYes
AD-LDS2008, 2012YesYesYesNoYesNo
Lotus Dominov9YesYesYesNoYesNo
MS-SQL2005 +YesYesYesYesYesYes
ODBCAll SecureAuth IdP Supported OS PlatformsYesYesYesNoYesNo
ASPNETDB.NET2 +YesYesYesNoYesNo
SecureAuth IdP Web Service (Multi-data Store)SecureAuth IdP 7.5 +YesYesYesNoYesNo
Sun ONE (ODSEE)11.1.1.5.0YesYesYesNoYesNo
Azure AD2015YesYesYesNoYesYes
Oracle Database11.2, 12.1YesYesYesNoYesYes
NetIQ eDirectory8.8 SP8YesYesYesNoYesYes

* Not all directories are supported in the Identity Platform New Experience, but all are supported through the Classic Experience.

Identity Types
Accepted Identity TypesVersionSecureAuth Identity Platform Support
9.2.x9.3.x19.07.xx20.06.xx
SecureAuth Web SSO Token2.0 - 4.5YesYesYesYes
SAML2.0YesYesYesYes
OpenID2.0YesYesYesYes
Integrated Windows - NTLM / Kerberos2003 - 2012R2YesYesYesYes
X.509 CertificateX.509 v3YesYesYesYes
Common Access Card (CAC)N/AYesYesYesYes
Personal Identity Verification (PIV) CardN/AYesYesYesYes
SmartcardN/AYesYesYesYes
Cisco ISE / pxGrid1.3YesYesYesYes
SSO / Post-authentication Actions
Post-authentication ActionVersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
SAML1.1, 2.0YesYesYesYes1.1 support is limited
OpenID2.0YesYesYesYes
OpenID Connect (limited profile support)1.0YesYesYesYes
OpenID Connect (full profile support)1.0YesYesYesYes
WS-Federation1.2, 1.3YesYesYesYes
WS-Trust1.2, 1.3YesYesYesYes
MobileSupported iOS / Android VersionsYesYesYesYesThe mobile app uses a browser for authentication, so multiple mobile apps can read the authentication cookie to enable SSO.
Web Token (FBA)Supported BrowsersYesYesYesYes
X.509 Certificate (Java and Native)SecureAuth CAYesYesYesYes
OAuth2.0YesYesYesYes
Form-basedN/AYesYesYesYes
Authenticate App

Android Mobile DeviceiOS Mobile DeviceAndroid 
Wear OS Paired Watch
Apple Series Paired WatchChromebook
Authenticate
App Version

4.4
(KitKat)

5.x
(Lollipop)

6.x
(Marshmallow)

7.x
(Nougat)

8.x
(Oreo)

9.x
(Pie)

10.x
(Q)

iOS
8.x
iOS
9.x
iOS
10.x
iOS
11.x
iOS
12.x
iOS
13.x
AW
w1

AW
w2

Apple
Series 1
Apple
Series 2
Apple
Series 3
Apple
Series 4
Chrome OS
5.0.xxxxxx

xxxx
xxxxxxx
5.1.x
xxxx



xx

xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4)

5.2.xxxxxx



x
xxxxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4)

5.3.x xxxxxx  
xxx
xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)

x
(72.x.x.x)

19.06.xx
xxxxx
xx
xx
xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(75.x.x.x)
19.09.xx
xxxxx
xx
xx
xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(76.x.x.x)
19.12.xx
xxxxxx


xxxxxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(76.x.x.x)
20.03.xx

xxxxx



xxxxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(80.x.x.x)
Login for Endpoints (Login for Windows / Login for Mac)

Physical and Logical PC and 
Server Protection - Login for Windows

Supported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
Windows 8.1 32-bit / 64-bitYesYesYesYesWindows OS version
Windows 10 64-bitYesYesYesYesWindows OS version
Windows 2012 64-bitYesYesYesYesWindows Server OS version
Windows 2012 R2 64-bitYesYesYesYesWindows Server OS version
Windows 2016 64-bitYesYesYesYesWindows Server OS version
Windows 2019 64-bitYesYesYesYesWindows Server OS version

Physical and Logical PC and 
Server Protection - Login for Mac

Supported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
macOS 10.13: High Sierra (Lobo)YesYesYesYesminimum macOS version

macOS 10.14: Mojave (Liberty)

YesYesYesYesminimum macOS version

macOS 10.15: Catalina

NoYesYesYesminimum macOS version
SecureAuth RADIUS Server

Supported Servers

Supported ProtocolsSecureAuth Identity Platform Adaptive
Authentication IP Checking Feature
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • PAP
  • PEAP (NetMotion only)
  • MS-CHAPv2 for Cisco and Netscaler


PlatformRADIUS end user IP
Cisco SystemsCalling-Station-Id
Citrix NetScalerCalling-Station-Id
Juniper NetworksTunnel-Client-Endpoint
Palo Alto NetworksPalo Alto-Client-Source-IP
Port Settings

Inbound:

  • Allow RADIUS Listener – Default is UDP port 1812.
  • Block TCP port 8088 – This port is used for the administrative web interface and should be blocked for security reasons.
RADIUS VPN and Product Support

The following basic connectivity parameters must be configured on RADIUS clients to be used with the Identity Platform:

  • RADIUS server IP address
  • Shared secret to use between the RADIUS server and RADIUS clients
  • Port 1812 to use for RADIUS authentication requests, and Port "0" for accounting when applicable or if used as the default port
  • Timeout value Retries value
  • Connection profile that will use the SecureAuth RADIUS authentication serverGroup policy of the connection profile to identify resources end users can access once logged on the network

A valid certificate must be installed if using NetMotion Wireless VPN.

The following is a sample RADIUS authentication server configuration:

Add Server DialogSecureAuth Identity Platform
RADIUS Server Information
Notes
NameRADIUS Server friendly description name

This configuration enables the administrator to control static IP assignment of the VPN client via SecureAuth Identity Platform and the RADIUS server.

NOTE: SecureAuth IdP RADIUS server v19.06 or later can be configured to pass an IP address to the VPN for static IP assignment to the VPN client (for example: PC or Mac). See SecureAuth IdP RADIUS Server Static IP Address Configuration Guide for steps. 



RADIUS ServerIP Address or Name of the RADIUS Server
Authentication Port1812
Shared SecretSecureAuth RADIUS Shared Secret
Timeout60 Seconds (recommended)
Retries3 (recommended)
Login Devices
YubiKey ProductsSupported by SecureAuth® Identity Platform
9.2.x9.3.x19.07.xx20.06.xx
YubiKey 5YesYesYesYes
YubiKey 5 NanoYesYesYesYes
YubiKey 4YesYesYesYes
YubiKey 4 NanoYesYesYesYes
YubiKey NeoYesYesYesYes
YubiKey Neo-NYesYesYesYes
YubiKey Edge / YubiKey Edge-NYesYesYesYes
YubiKey Standard / YubiKey NanoYesYesYesYes

Tested FIDO2 devices

SecureAuth Identity Platform version 20.06.xx supports the following FIDO2 devices; however, any WebAuthn-compliant device should work for enrollment and authentication on supported browsers.

FIDO2 DeviceTypeLogin DeviceBrowserNotes

Windows Hello OS

PIN

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge


Windows Hello OS

Fingerprint

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge


Android OS

PIN

Android mobile

Google Chrome

Mozilla Firefox


Android OS

Fingerprint

Android mobile

Google Chrome

Mozilla Firefox


Mac OS

Password

Mac desktop, laptop

Google Chrome


Mac OS

Fingerprint

Mac desktop, laptop

Google Chrome


Google Titan Security Key

NFC

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

USB

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

Bluetooth

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

YubiKey 5

USB

Windows desktop, laptop

Mac desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

Apple Safari*

*Supported on Windows desktop / laptop only

YubiKey 5

NFC

Android mobile

Google Chrome

Mozilla Firefox


  • No labels