SecurEnvoy SecurAccess 5.3 review
A simple, cost-effective solution for two-factor authentication that's far easier to manage than standard passwords
SecurEnvoy aims to offer an easily managed authentication solution by using something most remote workers already have. SecurAccess can use any mobile phone to allow pass-codes to be issued via SMS. It can also issue pass-codes via email, but SMS is its primary mode of communication.
It was one of the first products to offer these services, and this latest version adds some welcome new features. First is support for any LDAP directory server, allowing SecurEnvoy to integrate with Active Directory and eDirectory, as well as many others.
It supports multiple LDAP domains at no extra cost, and you can use your own Radius server or the built-in version. It can also help you migrate away from tokens, as it forwards these requests to the token server until they expire or have been revoked.
We installed SecurEnvoy on a Windows Server 2003 R2 system. It took just a few minutes to select an LDAP directory server, provide its address and enter details of an administrative account. During this phase you can also enter details of other LDAP servers.
GSM modems are supported, but for testing we opted for a web SMS gateway service. SecurAccess supports all the main providers.
SMS network queue delays are handled by a preloading feature where users are sent their first pass-code when they register. After they've authenticated, the next one is sent ready for use. Inboxes are kept under control as new SMS messages overwrite previous ones.
A new on-demand service is aimed at users that authenticate infrequently. After logging in with SecurEnvoy, they're sent an SMS with a one-time PIN. Once they've read it, the message is removed from their mobile automatically.
Multiple one-time pass-codes in SMS texts can be useful for users who need to access the company network but can't get a signal. Day codes also avoid the need to send out new codes each time a user authenticates, as these are issued at specific times and remain valid for a set time.
The In Case of Emergency (ICE) feature handles secure access in a situation where the main premises are inaccessible. All members of ICE will be sent new pass-codes, allowing them to access services running from a remote site.
We found SecurAccess easy to use, especially with the help of the deployment wizard. This four-step process asks for a default pass-code type, ICE membership options and a domain. We then searched for undeclared users and deployed SecurAccess to them using either their mobile or email. When users first log on to the portal you can get them to provide their mobile numbers; it emails them their first PIN, then requests their mobile number when they log on and adds it to their profile.
SecurAccess is easy to deploy and manage, and is good value compared with many of the alternatives. Two-factor authentication just doesn't get any easier than this.
|Software subcategory||Other software|