MFA for RADIUS, TACACS+, and FreeRADIUS
Secure all modern and legacy network devices
Centralize MFA for device access management
Eliminate external proxies on your network infrastructure
Securing network devices is critical for security and compliance. SurePassID's advanced, deploy-anywhere multi-factor authentication (MFA) makes it easy.
MFA for RADIUS-enabled routers, firewalls, and VPNs
SurePassID can secure strengthen Network Access Control (NAC) and add multi-factor authentication (MFA) to any RADIUS-compliant or TACACS+ device such as Microsoft Universal Access Gateway, VPN routers/devices, Citrix applications, Wi-Fi access points, FreeRADIUS on Linux distros, Cisco applications, and more. SurePassID supports key features such as:
- Challenge Response – The server “challenges” the user for any of their registered assigned credentials. Most challenges will be to provide a One Time Password (OTP) after successfully entering a valid username and password. (Some RADIUS and TACACS+ devices only support single-factor authentication, in which case two-factor authentication (2FA) is added by appending the OTP to the user’s password.)
- Proxy Server Chaining – In RADIUS authentication, there are often multiple RADIUS servers as part of the authentication process.
- nFactor Authentication Framework – Enables organizations to define dynamic authentication methods at the time of authentication on a user by user basis.
But SurePassID’s strengths don’t end there. As a highly extensible solution, our platform encompasses on-premise, cloud, and hybrid deployment architectures. No matter what your RADIUS or TACACS+ clients and remote access gateways look like, SurePassID can secure it with RADIUS and TACACS+ multi-factor authentication.
RADIUS vs. TACACS+
SurePassID can secure any RADIUS-compliant or TACACS+ system such as Microsoft Universal Access Gateway, VPN routers/devices, Citrix applications, Wi-Fi access points, FreeRADIUS on Linux distros, Cisco applications, and more. SurePassID supports key features such as:
- Challenge Response – The server “challenges” the user for any of their registered assigned credentials. Most challenges will be to provide a One Time Password (OTP) after successfully entering a valid username and password. (Some RADIUS and TACACS+ devices only support single-factor authentication, in which case two-factor authentication (2FA) is added by appending the OTP to the user’s password.)
- Proxy Server Chaining – In RADIUS authentication, there are often multiple RADIUS servers as part of the authentication process.
- nFactor Authentication Framework – Enables organizations to define dynamic authentication methods at the time of authentication on a user by user basis.
But SurePassID’s strengths don’t end there. As a highly extensible solution, our platform encompasses on-premise, cloud, and hybrid deployment architectures. No matter what your RADIUS or TACACS+ clients and remote access gateways look like, SurePassID can secure it with RADIUS and TACACS+ multi-factor authentication.
RADIUS Advantages
- Open standard - works with almost all routers, switches, firewalls, VPNs, and other network devices
- Supports 802.1x. port-based network access control
- Stronger and more extensive accounting
TACACS+ Advantages
- Cisco proprietary standard - excels when networks contain all-Cisco devices
- Encrypts all packets instead of only passwords
- Enables granular control of authorization via commands
- Improves flexibility by permitting different protocols for authentication and authorization
- Supports command accounting and multiple privilege levels
The best MFA for your Network Access Control (NAC)
SurePassID does what other MFA vendors can't when it comes to securing network devices. See for yourself.