SecurEnvoy support all LDAP v2 and v3 compliant directory servers for example Microsoft Active Directory or LDS. All stored authentication data is generated and encrypted with AES 256-bit encryption and is kept within the customer LDAP server. SecurEnvoy do not store or keep any sensitive customer seed records. The Seed records are dynamically generated by the Server/phone are and are stored with a FIPS 140 approved encryption algorithm, this encrypted data is generated and stored at the customer premise. The innovative approach allows the SecurEnvoy security server to generate the first part of the seed, the second part of the seed is generated from a “Fingerprint” from the phone when time the Soft Token application is run for enrolment and each time the Soft Token application is run to generate a passcode. Secure Copy protection locks the Seed record for generating passcodes to the phone.SecurEnvoy Soft Token, is OATH TOTP compliant, but with additional security enhancements to the OATH specification. This allows users who may have issues with SMS deliverability to use a soft token, or for customers who wish to manage and reduce their existing SMS costs. The SecurEnvoy “Reporting Wizard” provides detailed information about what mode of operation each user is setup for, allowing Administrators to control and monitor their 2FA estate.Īll SecurEnvoy customers can utilise the latest Soft Token at no additional cost. User deployment can be achieved on Group membership, OU or any other LDAP filtering. User Administration is significantly reduced, as SecurEnvoy’s “Deployment Wizard” can automate user deployment and allows the user to be in control of which device they use and the type of authentication method they prefer. It is the choice of the user to choose whether they want their two-factor authentication passcode sent via what device and by what method! For the organisation there is nothing they need to do. The security server automatically deletes the old phone’s seed record rendering the old phone safe to dispose of or resell.Įnd-user convenience of enrolment and a simple process. Then simply scan the QR Code to provision the new phone with a new seed record at no additional cost. They use their old phone app or SMS to make a two-factor authentication to the enrolment portal. Users can self-migrate to a new phone model by simply enrolling their new phone.
0 Comments
Leave a Reply. |