Advanced Authentication

Docker based containers for ultimate flexibility

Advanced Authentication is now offered as Docker containers. Docker not only provides greater flexibility in deployment, but it is often the distribution model of choice for cloud environments. Docker containers can be deployed and managed via a variety of virtualization, hypervisor or cloud-based technologies. It's now easier than ever to configure Advanced Authentication in specialized models optimized for performance or availability.

One framework for every authentication

Organizations are usually forced to manage and maintain multiple infrastructures. Not only are multiple authentication infrastructures complicated to manage, they are less secure. What you need is a single authentication framework for all of your devices and methods. Having a single framework keeps costs down as Advanced Authentication scales to any size environment.

Authenticate to the right level of user verification

Every organization has some private information (financial, customer, regulated, etc.) that requires an added level of user verification not possible with traditional credentials. It's that type of information that warrants a higher level of authentication based on the situation. Is the requester in the building, as expected, or across the country or beyond? Are they using a known device, or one not seen before? Perhaps there is other criteria from which you want to control the authentication level. We offer risk-based access control that enables you to match the type of authentication to the potential risk of the information or service being accessed.

Mobile Workforce Support–Offline Login

Travelers on-the-go required to perform multi-factor authentication to access private information can now do so anytime they need. Meaning, that even without connectivity users are able to get work done.

Broad platform support

We are dedicated to your success in providing security across a broad number of platforms. As such, Advanced Authentication provides an OS X authentication plug-in as well as a Linux Pluggable Authentication Module. This is in addition to the existing Windows Credential Provider. Now you can use methods based on iOS, Android and Windows Mobile to authenticate to Windows 7+ and OS X 10+ computers for business-critical initiatives. Broad platform support enables you to accelerate full coverage and reduce the cost created if multiple solutions were required.

Multi-Site Support

Large organizations requiring worldwide deployment of their authentication policies will appreciate Advanced Authentication's support for multi-site configurations. Advanced Authentication is designed to scale to any performance or location requirement that you may have.

High Availability: redundancy and load balancing

Advanced Authentication is designed for High Availability providing continuous uninterrupted operations. Application availability, reliability and performance are ensured with internal server load balancing capabilities. While replication between a primary and secondary locations (over LAN or WAN) ensures data integrity. Multiple updated data stores are always available for rapid disaster recovery (DR).

Advanced authentication for Active Directory Federation Services (ADFS)

You can configure ADFS to use our Advanced Authentication framework. If your organization uses any ADFS services and have multi-factor authentication or other types of strong authentication requirements, you will be glad to know that Advanced Authentication integrates into those environments. Of course it also supports ADFS setup in other Microsoft Azure configurations that your business applications may be using. And because Advanced Authentication integrates natively into ADFS, you have the flexibility to use any authentication type that you like.

FIPS 140-2 Inside

Because National Institute of Standards and Technology's (NIST) standards for encryption have been recognized over the world, Federal Information Processing Standard (FIPS) 140-2 is important to any corporation. Advanced Authentication does meet these standards so security conscious businesses as well as organizations operating in regulated industries can deploy with confidence.


Using global positioning (GPS) technology, geo-fencing allows the administrators to define authentication policies based on a user's specific location, such as a building or campus. The policies can be configured to limit access to only those users in the allowed location(s). This feature differs greatly from typical geo-location using IP address lookup which relies upon accurate IP address reporting and larger geographic region definitions.

Compared to other location-based technologies, geo-fencing offers a superior option with high accuracy and resistance to spoofing.

Face Recognition Method

Advanced Authentication supports Windows Hello that allows both face and fingerprint recognition methods to be used for authentication, allowing either or both biometrics to be used as a multi-factor authentication. Face recognition can also be used as a strong authentication in which users can present their face to the camera to get authenticated in a matter of seconds. The face recognition method can also be invoked through Microsoft Cognitive Services (Azure).

Second Factor Skipping

For organizations that want to balance speed of access with their security needs, NetIQ Advanced Authentication allows administrators to configure a grace period between authentications where a second factor isn't required. The user is still required to fulfill the complete authentication requirement initially. Separately, your organization may choose to use Access Manager's risk based authentication engine to define when second factor authentication is required.

Support for Federation

Advanced authentication provides an OAuth interface that provides clients an easy way to integrate their applications. Once in place, applications can leverage Advanced Authentication's policy engine to match the appropriate method(s) to the situation to provide the 'right' level of security.

You also have the option to use an XML-based protocol, SAML 2.0. With SAML you can invoke security tokens containing assertions. The assertions are used for sending the information about a user from a SAML authority to a SAML consumer. Advanced Authentication also allows you to setup conditions to allow the authentication such as Geo-fencing.

Web based user enrollment

Advanced Authentication provides an easy self-explanatory workflow for the end user registration experience. By simplifying the registration of iOS, Android and Windows Phone devices as well as workstation connected biometrics, card reads and others, your users will effectively register their devices, your system will easily scale and your help desk will not be overrun with registration issue calls.

Web based administration and configuration portal

Administrative and configuration operations are web based. The simple elegant interface provides for network and RADIUS configuration, database connection, configuration of all authenticators, authentication chain design (2FA / MFA) and assignment, roles delegation and other key operations in one tool.

Help Desk Module

Help Desk module provides the capabilities to ensure a good end-to-end customer experience. This includes un-enrolling and assist in re-enrolling methods, assign tokens (when needed), and assignment of specific user roles. If a user contacts the Help Desk with an authentication issue related to Advance Authentication, your Help Desk Agent will be able to provide the positive customer support experience expected. This builds strong relationships and further support for your MFA efforts.

Emergency OTP

Use this Advanced Authentication feature when a user has no previously enrolled authentication method available. Perhaps your user misplaced their token, took their phone swimming or they could just be at a workstation where the card reader has failed. In any event they still need access. The Emergency OTP access process is part of the Help Desk Module and allows for an OTP to be generated for the user in these urgent situations.

Advanced Authentication HTTP Proxy serves as a barrier between the Internet and your authentication server. This means that traveling and remote users have access to advanced authentication services while your server remains safe behind your corporate security.

Support for non-Domain Clients

In a day and age where employees and contractors are using their own devices (BYOD), it's likely that they're not part of your corporate domain. Because Advanced Authentication doesn't require domain membership multi-factor authentication isn't limited to just your corporate devices. Your users can bring their Windows, Mac OS X and even Linux based systems and you can enforce Advanced Authentication to your resources as needed.

Windows 10 Hello

Advanced Authentication now allow non-domain join PCs to authentication into a domain using Windows Hello i.e., face or fingerprint type authentication Windows 10 machines.

Customizable User Facing UI

You can now customize all user facing interfaces used in your portals and authentication screens with your own corporate colors, styles and logos. Using CSS, Advanced Authentication web pages can be modified to be indistinguishable from your very own pages.

High Performance User Repository

You now have the option to use a SQL repository instead of LDAP if desired. Some organizations like the flexibility that SQL databases offer, especially in cloud environments where high performance web interfaces may be used. Advanced Authentication now supports both Microsoft SQL Server and MySQL types of SQL repositories.

Centralized policy engine

Advanced Authentication framework is robust enough to manage large environments with diverse authentication needs, but simple enough to require little administration. With our two factor (or more) authentication capabilities, you can create authentication policies specific to users, groups, devices or locations. The web interface keeps configuration clean regardless of complexity. Delegated administration and tracking of changes keeps policies consistent and secure. And because the policy engine in the Advanced Authentication framework is flexible, it crosses all authentication methods, alleviating redundant work and inconsistent authentication.

Event logging

Advanced Authentication lets you define which types of authentication events are logged for later retrieval. Typical events include both successful and unsuccessful authentication attempts, as well as changes in enrollment or configuration.


Customized reports allow administrators to identify user authentication behavior or abnormalities that may be important for their environment. Analysis can be performed on persons, authentication methods or various types of authentication trends.

Reports can also be focused on the servers themselves, potentially identifying ways to optimize configurations or expand deployments.