inWebo Multi-Factor Authentication Flavors

Below are the various flavors of multi-factor authentication supported by inWebo. Which one should you implement? This is very much dependent on your applications, use cases, and objectives (security, compliance, ease-of-use…). They all have in common that inWebo verifies a dynamic & cryptographic-based “password” (OTP, one-time password) to validate the user and/or device the identity. Ask us if you’re unsure which ones are relevant for you.

  • 2-factor authentication (2FA)
  • Step-up (or 2nd factor) authentication
  • Passwordless authentication
  • Device authentication
  • Transaction sealing

How do you add inWebo MFA to your application(s)? Thanks to a connector. Except for the API where you need to write some code, most are just a matter configuration so that you’ll be up and running in no time. Below are the connectors that we currently support:

  • Radius: for all VPNs and reverse proxies
  • SAML2.0: for business and cloud applications (and now for VPNs as well)
  • OpenID Connect: this is the next-generation protocol that will (very) progressively replace SAML. It is already supported by Microsoft AAD and therefore Microsoft applications such as Office 365
  • Webservices API: for any web application and mobile portal (unless it’s based on a CMS in which case we might have a ready-to-use plugin)
  • LDAP: for onprem (legacy) applications authenticating against an LDAP directory
  • Plugins: for vendor access, federation, virtualization, or PAM products (MS ADFS, Shibboleth, Ping Identity, Forgerock, Citrix, VMware, Wallix, CyberArk…). Note that most of these products also support radius and/or SAML so you’ll have options. Ask us if you’re unsure about the pros and cons of these options