Sudarsan Kannan

Where is my authentication framework?  Does a free solution restrict or support that framework?

Blog Post created by Sudarsan Kannan Employee on Jun 1, 2020

An organization or lines of business within organizations should consider having an integrated authentication strategy and framework. An authentication solution should aid in advancing that framework in meeting specific identity and security objectives. Such organizations looking at free Microsoft Azure AD MFA or RSA SecurID Access need to use these critical elements when building or supporting such authentication framework. 


Protect applications beyond Windows-based and browser-based

Most organizations will continue to manage a hybrid IT model with non-windows applications and infrastructure existing in both cloud and on-premise. These infrastructure systems like switches, routers, VPN’s, server systems (*nix) need privileged access by super-admins. IAM teams need to think about how to securely enable 2FA/MFA for those privileged admins and end-users with a native integration that doesn’t compromise user experience. RSA SecurID Access provides an agent-based approach that can protect remote access infrastructure such as VPN’s, Citrix access gateway Windows Remote desktop sessions, critical server environments including Linux systems.


Support non standard protocol applications through a combination of technology ecosystem and an extensible API model

For legacy applications that do not support standard protocols (eg. SAML, RADIUS, OIDC) organizations need to think about extending MFA capabilities using an API approach or pre-built integration with technology vendors.  RSA Ready program helps organizations have an out of the box certified integrations with 500+ applications through 100+ technology vendor partnership. RSA SecurID Access can enable MFA to non-browser or non-SAML based applications through native integration with network vendors such as Palo-Alto Networks or provide out of the box MFA integration with electronic medical records applications such as Epic systems. RSA SecurID Access helps organizations to extend their deployment to meet enterprise grade requirements by exposing API/SDK for any custom integration.


Support dynamic workforce with authentication choices and a simplified experience across the entire MFA lifecycle including user onboarding

Supporting a broad range of user types and providing clear paths for those users to self-register any MFA method consistently as part of on-boarding is critical. RSA SecurID Access on-boarding experience through out of the box capability or extensible REST APIs helps organizations to create simplified user experience while on-boarding users all backed by a powerful policy engine. Besides on-boarding, a framework needs to handle what/if scenarios such as credential recovery and emergency access. What if users need a break glass approach to gain access to applications or self-service capabilities when their phones are misplaced or forgotten. What if contractors need 1-time code to access systems without the overhead of distributing tokens or using mobile phones. RSA SecurID Access provides options to help handle emergency situations and variety of user types and scenarios.


As discussed above any security sensitive organization looking to advance their authentication framework should consider appropriate critical elements.  IAM practitioners within those organizations need to contemplate whether having a free solution advances or restricts those elements in supporting diverse workforce access applications across their hybrid IT environment.