Updated November 17, 2020

This topic discusses the items supported for the latest version of SecureAuth products. Please contact support at support.secureauth.com  for assistance or with any questions.

SecureAuth is constantly adding support for new browsers and devices to the product. If you do not see the required OS or browser listed here, be sure to visit this document often to see if it has been added.

To get information about product deployment types and the supported Windows server operating systems for new installs and upgrades, see SecureAuth product deployment guide

Products and components

SecureAuth IdP version 9.1: SecureAuth deprecated support on July 31, 2020. 

SecureAuth IdP version 9.2: SecureAuth will deprecate support on December 31, 2020.

Operating System NameOS Version SupportBrowser SupportSupported by SecureAuth® Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
Mac OS X 10.9 (Mavericks)10.9.0 +Safari, ChromeYesYesYesYesFor security reasons Mavericks versions less than 10.9.2 should not be used (see CVE-2014-1266 )
Mac OS X 10.10 (Yosemite)10.10.2Safari, ChromeYesYesYesYes
El Capitan10.11Safari, ChromeYesYesYesYes
Windows 8AllIE, Chrome, FirefoxYesYesYesYes
Windows 8.1AllIE, Chrome, FirefoxYesYesYesYes
Windows 10AllIE, Chrome, FirefoxYesYesYesYes
Windows Server 2016AllIE, Chrome, FirefoxYesYesYesYes
Windows Server 2019AllIE, Chrome, FirefoxNoNoYesYes19.07 customers must use v19.07.1+
Chrome OS (Chromebook & Chromebox)Chrome OS 41 - 45ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Chrome OS (Chromebook & Chromebox)Chrome OS 46 - 54ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Chrome OS (Chromebook & Chromebox)Chrome OS 55ChromeYesYesYesYesAt this time, SecureAuth only supports native X.509 v3 and Fingerprint workflows with Chrome OS – Java workflows are not supported
Identity Platform VersionSecureAuth Connector Version
SecureAuth Agent

20.06

1.0.34

1.2.1

19.07.11.0.321.1.1

19.07

0.1.73

1.0.0.30

Desktop Browser (IdP + Cert)VersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx
Microsoft Internet Explorer10+YesYesYes
Microsoft Edge41+YesYesYesCertificate delivery not supported
Mozilla Firefox31+YesYesYes
Apple Safari8+YesYesYes
Google Chrome40+Yes*Yes*Yes

* Versions 47 and earlier will not work with 9.1.x or later.

Version 39 and later running on OS X will not work with Java certificate delivery functionality

Desktop Browser (Identity Platform
New Experience UI)
VersionSupported by SecureAuth Identity Platform
20.06.xx

Microsoft Internet Explorer

11+

Yes

Microsoft Edge

83+

Yes

Microsoft Edge (Legacy)44 and earlierNot supported

Mozilla Firefox

83+

Yes

Apple Safari

77+

Yes

Google Chrome

13.1+

Yes

Product ComponentVersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
Java Certificate Applet8YesYesYesYesGoogle Chrome on OS X versions 39+ are not supported
JRE for RADIUS Server 1.0.1.108NoNoNoYes
JRE for RADIUS Server 19.06 and later8YesYesYesYesJRE version 8 of AdoptOpenJDK
Refer to SecureAuth IdP Java Troubleshooting for more information

User Directory

VersionSupported by SecureAuth Identity Platform
9.2.x9.3.x19.07.xx (hybrid)*19.07.xx (cloud)20.06.xx (hybrid)*20.06.xx (cloud)
Active Directory (AD)2003 - 2016YesYesYesYesYesYes
LDAP v3v3YesYesYesNoYesYes
AD-LDS2008, 2012YesYesYesNoYesNo
Lotus Dominov9YesYesYesNoYesNo
MS-SQL2005 +YesYesYesYesYesYes
ODBCAll SecureAuth IdP Supported OS PlatformsYesYesYesNoYesNo
ASPNETDB.NET2 +YesYesYesNoYesNo
SecureAuth IdP Web Service (Multi-data Store)SecureAuth IdP 7.5 +YesYesYesNoYesNo
Sun ONE (ODSEE)11.1.1.5.0YesYesYesNoYesNo
Azure AD2015YesYesYesNoYesYes
Oracle Database11.2, 12.1YesYesYesNoYesYes
NetIQ eDirectory8.8 SP8YesYesYesNoYesYes

* Not all directories are supported in the Identity Platform New Experience, but all are supported through the Classic Experience.

Accepted Identity TypesVersionSecureAuth Identity Platform Support
9.2.x9.3.x19.07.xx20.06.xx
SecureAuth Web SSO Token2.0 - 4.5YesYesYesYes
SAML2.0YesYesYesYes
OpenID2.0YesYesYesYes
Integrated Windows - NTLM / Kerberos2003 - 2012R2YesYesYesYes
X.509 CertificateX.509 v3YesYesYesYes
Common Access Card (CAC)N/AYesYesYesYes
Personal Identity Verification (PIV) CardN/AYesYesYesYes
SmartcardN/AYesYesYesYes
Cisco ISE / pxGrid1.3YesYesYesYes
Post-authentication ActionVersionSupported by SecureAuth Identity PlatformNotes
9.2.x9.3.x19.07.xx20.06.xx
SAML1.1, 2.0YesYesYesYes1.1 support is limited
OpenID2.0YesYesYesYes
OpenID Connect (limited profile support)1.0YesYesYesYes
OpenID Connect (full profile support)1.0YesYesYesYes
WS-Federation1.2, 1.3YesYesYesYes
WS-Trust1.2, 1.3YesYesYesYes
MobileSupported iOS / Android VersionsYesYesYesYesThe mobile app uses a browser for authentication, so multiple mobile apps can read the authentication cookie to enable SSO.
Web Token (FBA)Supported BrowsersYesYesYesYes
X.509 Certificate (Java and Native)SecureAuth CAYesYesYesYes
OAuth2.0YesYesYesYes
Form-basedN/AYesYesYesYes

Android and iOS mobile devices:


Android Mobile DeviceiOS Mobile Device
Authenticate
App Version

5.x
(Lollipop)

6.x
(Marshmallow)

7.x
(Nougat)

8.x
(Oreo)

9.x
(Pie)

10.x
(Q)

iOS
11.x
iOS
12.x
iOS
13.x
19.12.xx xxxxxxxxx
20.03.xx
xxxxx
xx


Android and Apple paired watches, and Chromebook:


Android 
Wear OS Paired Watch
Apple Series Paired WatchChromebook
Authenticate
App Version
AW
w1

AW
w2

Apple
Series 1
Apple
Series 2
Apple
Series 3
Apple
Series 4
Chrome OS
19.12.xx xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(76.x.x.x)
20.03.xx xxx
(watchOS 4)
x
(watchOS 4)
x
(watchOS 4 and 5)
x
(watchOS 4 and 5)
x
(80.x.x.x)

Supported Servers

Supported ProtocolsSecureAuth Identity Platform Adaptive
Authentication IP Checking Feature
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • PAP
  • PEAP (NetMotion only)
  • MS-CHAPv2 for Cisco and Netscaler


PlatformRADIUS end user IP
Cisco SystemsCalling-Station-Id
Citrix NetScalerCalling-Station-Id
Juniper NetworksTunnel-Client-Endpoint
Palo Alto NetworksPalo Alto-Client-Source-IP
Port Settings

Inbound:

  • Allow RADIUS Listener – Default is UDP port 1812.
  • Block TCP port 8088 – This port is used for the administrative web interface and should be blocked for security reasons.
RADIUS VPN and Product Support

The following basic connectivity parameters must be configured on RADIUS clients to be used with the Identity Platform:

  • RADIUS server IP address
  • Shared secret to use between the RADIUS server and RADIUS clients
  • Port 1812 to use for RADIUS authentication requests
  • Timeout value Retries value
  • Connection profile that will use the SecureAuth RADIUS authentication serverGroup policy of the connection profile to identify resources end users can access once logged on the network

A valid certificate must be installed if using NetMotion Wireless VPN.

The following is a sample RADIUS authentication server configuration:

Add Server DialogSecureAuth Identity Platform
RADIUS Server Information
Notes
NameRADIUS Server friendly description name

This configuration enables the administrator to control static IP assignment of the VPN client via SecureAuth Identity Platform and the RADIUS server.

NOTE: SecureAuth IdP RADIUS server v19.06 or later can be configured to pass an IP address to the VPN for static IP assignment to the VPN client (for example: PC or Mac). See SecureAuth IdP RADIUS Server Static IP Address Configuration Guide for steps. 

RADIUS ServerIP Address or Name of the RADIUS Server
Authentication Port1812
Shared SecretSecureAuth RADIUS Shared Secret
Timeout60 Seconds (recommended)
Retries3 (recommended)
YubiKey ProductsSupported by SecureAuth® Identity Platform
9.2.x9.3.x19.07.xx20.06.xx
YubiKey 5YesYesYesYes
YubiKey 5 NanoYesYesYesYes
YubiKey 4YesYesYesYes
YubiKey 4 NanoYesYesYesYes
YubiKey NeoYesYesYesYes
YubiKey Neo-NYesYesYesYes
YubiKey Edge / YubiKey Edge-NYesYesYesYes
YubiKey Standard / YubiKey NanoYesYesYesYes

Tested FIDO2 devices

SecureAuth Identity Platform version 20.06.xx supports the following FIDO2 devices; however, any WebAuthn-compliant device should work for enrollment and authentication on supported browsers.

FIDO2 DeviceTypeLogin DeviceBrowserNotes

Windows Hello OS

PIN

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge


Windows Hello OS

Fingerprint

Windows desktop, laptop

Google Chrome

Mozilla Firefox

Microsoft Edge


Android OS

PIN

Android mobile

Google Chrome

Mozilla Firefox


Android OS

Fingerprint

Android mobile

Google Chrome

Mozilla Firefox


Mac OS

Password

Mac desktop, laptop

Google Chrome


Mac OS

Fingerprint

Mac desktop, laptop

Google Chrome


Google Titan Security Key

NFC

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

USB

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

Google Titan Security Key

Bluetooth

Windows desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

*Supported on Windows desktop / laptop only

YubiKey 5

USB

Windows desktop, laptop

Mac desktop, laptop

Android mobile

Google Chrome

Mozilla Firefox

Microsoft Edge*

Apple Safari*

*Supported on Windows desktop / laptop only

YubiKey 5

NFC

Android mobile

Google Chrome

Mozilla Firefox