Access Control

SurePassID seamlessly adds MFA to access control protocols for IT/OT networks and critical infrastructure

  • Windows Logon Manager with MFA and Offline 2FA for domain and account logons
  • RADIUS and TACACS+ for IT/OT devices and ICS/SCADA equipment
  • SSH and RDP for remote access


Windows Logon Manager with MFA and Offline 2FA

SurePassID Authentication Server keeps Windows domain and account logons secure – in all use cases. SurePassID seamlessly integrates with Microsoft Windows client and server operating systems to add two-factor authentication (2FA) to local and Remote Desktop logins. Enforcing Zero Trust and maintaining secure access to company resources has never been easier.

But what if the user is offline when trying to login? Then SurePassID automatically falls back to an OATH HOTP (event-based) passcode generated by their Push Authenticator app or other registered authenticator. The result is seamless end-to-end authentication with no inconvenience to the user or calls to your helpdesk.



SurePassID Authentication Serve can secure any RADIUS-compliant or TACACS+ system such as Microsoft Universal Access Gateway, VPN routers/devices, Citrix applications, Wi-Fi access points, FreeRADIUS on Linux distros, Cisco applications, and more. SurePassID supports key features such as:

  • Challenge Response – The server “challenges” the user for any of their registered assigned credentials. Most challenges will be to provide a One Time Password (OTP) after successfully entering a valid username and password. (Some RADIUS and TACACS+ devices only support single-factor authentication, in which case two-factor authentication (2FA) is added by appending the OTP to the user’s password.)
  • Proxy Server Chaining – In RADIUS authentication, there are often multiple RADIUS servers as part of the authentication process.
  • nFactor Authentication Framework – Enables organizations to define dynamic authentication methods at the time of authentication on a user by user basis.

But SurePassID’s strengths don’t end there. As a highly extensible solution, our platform encompasses on-prem, cloud, and hybrid deployment architectures. No matter what your RADIUS or TACACS+ clients and remote access gateways look like, SurePassID can secure it with RADIUS and TACACS+ multi-factor authentication.



Connecting remotely to workstations and server infrastructure is an everyday occurrence for IT/OT organizations – and a focus of ransomware gangs and hostile state actors exploiting security breaches. No matter whether you’re using Windows Remote Desktop Protocol (RDP) or Secure Shell (SSH) protocol, securing remote access on local consoles or via incoming connections is essential to Zero Trust and regulatory compliance.

SurePassID Authentication Server seamlessly integrates with your identity provider and RDP or SSH servers to secure remote access with MFA. For RDP, Credentialed User Access Control (UAC) elevation requests can invoke MFA depending on your Windows UAC configuration. For SSH, MFA can be applied to both Shells and Tunnels. The result is RDP/SSH multi-factor authentication that you can rely upon.


FAQs about SurePassID and our Authentication Server solution

  • Software-as-a-Service (SaaS)
  • Windows Installer Package (Microsoft Windows Server 2008/2012/2016/2019/2022)
  • Virtual Machine (Microsoft Hyper-V)
  • Container (Docker/Kubernetes, Microsoft ACI, Amazon ECS)
  • Serverless/Function-as-a-Service (FaaS)
  • Embedded (8, 16, or 32-bit microcontrollers)

Cloud deployments can occur same day. On-prem deployments will vary depending on the complexity of your requirements. Regardless, our Customer Success team is with you every step of the way.

SurePassID is the most hardened authentication solution on the market. Customers choose us because we specialize in securing user access to mission-critical IT/OT systems and critical infrastructure. We never stop innovating to protect our customers from evolving cyberthreats.

As a SAML 2.0 IdP, SurePassID easily and seamlessly integrates with any on-prem (e.g. Ping Identity) or cloud-only (e.g. Okta) IAM solution.

  1. Unmatched on-prem and OT capabilities
  2. Outstanding technical support
  3. Unbeatable value

Visit for a complete guide to SurePassID Authentication Server pricing and features.

Discover why leading enterprises choose SurePassID Authentication Server

Talk to one of our MFA experts about your unique requirements. Or request a demo and see how easy it is to secure your universe of apps with SurePassID Authentication Server.