Generic selectors
Exact matches only
Search in title
Search in content

Two-Factor Authentication Methods

Various Login Methods

The SecSign ID Server is more than just a simple two-factor authentication (2FA)

The SecSign ID Server offers its users various 2FA methods with appropriate licensing, including:

SecSign ID

PKI-based Challenge Response Authentication via Smartphone Apps and Desktop Apps

Fido

The SecSign ID Server is a Certified FIDO Server allowing users to also use FIDO Tokens and Platform Authenticators

Smart Card

You can use a Smart card / Signature card to perform 2FA authentication, for example against a website

TOTP

With One Time Password Generators, for instance, hardware tokens but also apps like Authy, Microsoft Authenticator, Google Authenticator, and more.

Mail OTP

When logging in, the user also receives an email with a One Time Password

How can these two-factor authentication methods be used/integrated?

On one hand, we offer ready-made plugins which can directly utilize these methods, such as the Atlassian plugins. On the other hand, these methods can also be used through an Open ID Connect (oAuth) OIDC or SAML integrations.

How should the activation/onboarding of 2FA proceed?

First, it must be checked whether 1. entirely new users who are not yet “known” or 2. existing users who may already have a password and username login or other authentication credentials.
For 1., it must be decided how strongly these new users need to be identified. For this, we have various onboarding and identification options in our server. This ranges from a simple self-enrollment (user registers themselves), through on-site identification and registration by Registration Authorities (RA positions) (trained employees of the own company) this can also be done via video identification, up to using the personal ID card with its eID function.

What solution is being sought?

Is there already an existing leading Identity Provider solution in use?
When introducing a 2FA solution, it is necessary to carefully examine in which systems the 2FA should be implemented.

If only a specific solution needs to be secured, it can be done quite simply, for example, through integration with a plugin or directly via a REST API.

If the goal is to be able to centrally control/manage 2FA and/or access rules and integrate 2FA into different systems, it should be considered to integrate the SecSign ID Server via Open ID Connect (oAuth) OIDC or SAML. And in this case, it should also be checked whether the SecSign ID Server should then not itself become the IDP. Here, it is of course possible to connect an existing Active Directory (AD) or other user sources to the SecSign ID Server.

Sec PKI

The All-Rounder

If you prefer to operate everything in-house or on-premise, that is also perfectly feasible.

Benefit from everything being perfectly designed to work together by one company, and forget about cobbled-together legacy systems that require you to bring in dozens of different manufacturers!

SecSign 2FA