As the number of cloud applications grow and continue to gain popularity within the business community by giving both mobile and static workforces a consistent experience when interacting with corporate data that is held within that Cloud App, the need to secure and police access to that corporate data becomes ever more critical to every organisation.
Adding locally controlled and administered Two-Factor Authentication (2FA) via One Time Passwords (OTP), over and above the user’s login credentials gives organizations the security, governance and peace of mind that access to their corporate data within the Cloud App cannot be compromised. Adding Celestix MFA to Cloud Apps is a simple and very cost effective way for organizations protect their IPR, and meet any governance requirements.
Celestix MFA leverages Active Directory Federation Services (AD FS) to enable user’s corporate AD Credentials (Windows Login) and 2FA/OTP, to be authenticated against both the corporate ‘on premises’ Active Directory and via RADIUS to the MFA Server, which negates the need for additional security databases. Once that authentication is successful, that authorization is relayed back to the Cloud App by the ADFS Server to allow the user to access the Cloud App in real time.
Celestix MFA authentication solution allows companies to embrace the use of smart devices in the workplace. By installing a soft token on a mobile device, it is transformed into a token capable of generating a OTP, that can be used to authenticate the user when working remotely. Celestix MFA can also simplify the authentication of remote users on devices that cannot utilize a soft token and for workers who may not own a corporate smart device such as contractors. MFA uses the GSM network to deliver OTPs via SMS and the email system for delivery of OTPs to an inbox or via an Instant Messenger. MFA client now supports QR codes. Users can scan the QR code and will be instantly logged in to the application in a secure manner
Celestix believes it shouldn’t be complicated and costly, but it should be secure and controlled. This is why MFA uses HOTP, a HMAC-based algorithm for generating OTPs. HOTP is an open standard that continues to receive extensive scrutiny from security industry experts and leading academics.
Some authentication products use time-based OTPs (leveraging a vendor assigned seed with the current time). MFA OTPs are event-based (using a key generated on-site by the IT manager in conjunction with a counter). As such, MFA OTPs are not susceptible to attacks that compromise the seed or predictable algorithms based on the current time.
Celestix MFA can be integrated with the most popular Cloud Apps like Microsoft Office 365, Salesforce.com, Google Apps and more. Integration guides can be found in the Technical Library at www.celestix.com/mfa.