Documentation


The SecureAuth® Identity Platform is a flexible and adaptable identity and access management solution that helps organizations prevent the misuse of credentials and eliminate identity-related breaches. The Identity Platform provides organizations with the same secure and dependable SecureAuth identity and data safety as previous versions while giving organizations the freedom to choose the deployment model that works best: cloud, hybrid, or on-premises (on-prem).

The SecureAuth® Intelligent Identity Cloud model was created to assist customers who do not want to host their own environment, as well as the following benefits:

  • Retain identity and data security: As with SecureAuth IdP version 9.3 and earlier, the Identity Platform offers the same layered-on multi-factor authentication that gives identity management features to your data stores. Admins can use the same configurable workflows, adaptive authentication, and single-sign on (SSO) destinations.
  • Automatic software updates: Software stays up-to-date without the downtime of manual updates, giving you the advantages of the latest in security updates. SecureAuth ensures that customers get the latest vulnerability-driven fixes quickly, while planning around customer scheduled feature releases.
  • Single-tenant model: SecureAuth hosts each customer's software separately on the cloud, so data is separated among customers. This means that if one customer suffers a security breach, only that customer's data is impacted. 
  • Additional security: On-prem local data store gives additional security to profile data, such as tokens and seeds. The SecureAuth Connector looks up user ID information, including first names, last names, user names, passwords, email addresses, phone numbers, and groups stored on the local data store server to identify users to deliver two-factor authentication. Using real-time users' credentials on site is by design and this added security differentiates the SecureAuth cloud deployment from our competitors. SecureAuth user IDs remain at the customer site so the data is not constantly being pulled into the cloud through synchronization, as occurs with competitor solutions. Therefore, delays do not occur between SecureAuth user ID changes in the data store (Active Directory, SQL Server) and corporate network cloud apps because user IDs remain in your local data stores.
  • Lower cost of ownership: Organizations no longer need a facility to host the software or specialized staff to manage the software.
  • Data security: With cloud-based multi-factor authentication (MFA), get secure access to applications, systems, and files, all while keeping assets safe across the enterprise.
  • Customized energy consumption: Use only the server capacity that you need to right-size your enterprise's carbon footprint, while attaining a sustainable solution.

In addition to choosing a model of use, such as cloud, hybrid, or on-prem, your organization also has a choice of Identity Platform packages, which are discussed later in this topic.



Identity Platform deployment models 

The use cases for moving to SecureAuth Intelligent Identity Cloud are discussed in the bullet points above. The SecureAuth Intelligent Identity Cloud is administered by using the Identity Platform user interface (UI); however, as shown in the table below, if your team uses certain post-authentication and endpoint features, you will administer those features by using the Classic IdP Experience UI. 

Some reasons for using the hybrid and on-prem solutions are discussed next.

Hybrid model use cases

The hybrid model might be right for organizations in the following scenarios.

  • Organization does not want to burden their infrastructure by adding another server, so SecureAuth stores authentication profile information on the SecureAuth® Intelligent Identity Cloud, while leaving existing information on-prem. 
  • Organization needs to move a percentage of their data to a modern cloud architecture to achieve a milestone or goal, while leaving the remainder of information on-prem. Such an organization might opt to move multi-factor authentication information, which can be safely stored on the SecureAuth Intelligent Identity Cloud, while retaining other pieces (usernames, passwords, etc.) on-prem.

Admins will administer the hybrid model based on the feature set your organization uses, working in the appropriate UI, either the Identity Platform or the Classic IdP Experience. For example:

  • Use the Identity Platform UI to configure end-to-end authentication for third-party applications that support SAML and WS-Federation integrations and connect to and manage the data stores.
  • Use the Classic IdP Experience for RADIUS and endpoint integrations, identity management and password reset integrations, and any non-SAML and WS-Federation integrations.
  • Use the Identity Platform UI to configure and manage data store connections.

On-prem model use cases

The on-prem model might be right for organizations in the following scenarios.

  • Government organizations that require maximum security off the cloud or that have specific security concerns where a cloud solution will not work.
  • Organizations that use certain features not supported in the Identity Platform, including: Integrated Windows Authentication (IWA), data stores other than Active Directory or SQL Server, Admin UI customizations, Simple Certificate Enrollment Protocol (SCEP), some custom MFA methods, highly customized themes. Although these features are not available in the Identity Platform, they are slated for future releases.
  • Organizations that must align with specific legal or regulatory compliance, where your legal team might not approve moving your data to the cloud, even with SecureAuth's General Data Protection Regulation (GDPR) compliance.

Admins will administer the on-prem model as in the following examples:

  • Use the Identity Platform UI to set authentication for third-party applications that support SAML and WS-Federation integrations and connect to and manage the data stores.
  • Use the Classic IdP Experience for RADIUS and endpoint integrations, MFA integrations, identity management and password reset integrations, and any non-SAML and WS-Federation integrations.
  • Use the Classic IdP Experience UI to manually configure a data store connection for any realm you create in the Classic IdP Experience.

The following table compares the different ways to use the Identity Platform and where features and functionality reside for cloud, hybrid, and on-prem environments.

Major features/functionalityCloudHybridOn premises
Data storesHosted by customer Hosted by customerHosted by customer
ServicesReside on the cloud and on customer appliancesReside on the cloud and on customer appliancesReside on customer appliances
Newest User InterfaceIdentity PlatformIdentity PlatformIdentity Platform
Applications, add*Identity Platform, Application Manager (for SAML** and WS-Federation); other Post-Authentication features, Classic IdP Experience, realmsIdentity Platform,
Application Manager (for SAML** and WS-Federation); other Post-Authentication features, Classic IdP Experience, realms
Identity Platform,
Application Manager (for SAML** and WS-Federation); other Post-Authentication features, Classic IdP Experience, realms
Global MFA set up*Identity PlatformIdentity PlatformIdentity Platform
Adaptive Authentication setupIdentity PlatformIdentity PlatformIdentity Platform
PoliciesCompleted in the Identity PlatformCloud customers use the Identity Platform; on-prem customers use Classic IdP Experience, realmsCompleted in Classic IdP Experience
Endpoints products (Login for Endpoints, Authenticate mobile app, SecureAuth RADIUS server)Classic IdP Experience, realmsClassic IdP Experience, realmsClassic IdP Experience, realms
IWA, data stores other than Active Directory or SQL Server,
Admin UI customizations, SCEP, some custom MFA methods,
highly customized themes
Unavailable in the Identity PlatformUnavailable in the Identity PlatformAvailable in Classic dP Experience

* If you are integrating a supported application in the Identity Platform by using the SAML or WS-Federation templates (but that do not include identity management, password reset, portal, OIDC integration, for example), configure the supported application from the Global Multi-Factor Authentication and Policies pages in the Identity Platform. Configure unsupported applications in the SecureAuth Classic IdP Experience. Additionally, when deploying the different environments, note the following:
Cloud and hybrid deployments: if you configure applications using the Classic IdP Experience, you must install and configure the SecureAuth Connector to establish communication between the Identity Platform and your data stores.
On-prem deployments: you must integrate your database manually for the unsupported applications.

** Security Assertion Markup Language



Identity Platform packages 

SecureAuth offers three packages to secure your organization's identities and authentication profile data.

To learn about the security features available in the SecureAuth® Identity Platform packages, see SecureAuth Identity Platform Licensing Packages.

If you are unsure of the package your organization has purchased or if your organization wants to change to a different package, contact your Account Manager.