Operating Systems

SurePassID integrates with OSes to add seamless MFA to domain and account logons

  • Windows, Linux/Unix, and MacOS
  • Android and iOS
  • Embedded OSes



SurePassID Authentication Server integrates with Windows versions to secure logons with multi-factor authentication (MFA). For on-prem systems, we can leverage your local Active Directory (AD), Active Directory Federation Services (ADFS), or Network Policy Server (NPS). For cloud systems, we can leverage Azure Active Directory (Azure AD) Application Proxy. Alternatively, we can use third-party directories or SurePassID’s built-in identity directory functionality.

SurePassID Universal MFA also enables Windows MFA Logon with Offline 2FA, enabling you to lock down Windows logon for all use cases, including offline ones.


Linux and Unix

At SurePassID, we’re accustomed to working with enterprise customers that are using Linux systems within their IT/OT networks and critical infrastructure. From Red Hat Enterprise Linux (RHEL) or specialized telecom distros, we enable customers to secure system login with MFA. SurePassID Universal MFA has been deployed on Linux servers and workstations spanning x86-64, Power ISA, ARM64, and IBM Z architectures.

SurePassID Authentication Server leverages the Linux Pluggable Authentication Module (PAM) specification. PAM enables organizations to add strong authentication using OATH or FIDO authentication to protect any Linux system via direct login, SSH, and other Linux apps. The SurePassID PAM automatically interfaces with the SurePassID Universal MFA platform, providing strong authentication credentials for all servers and workstations within the enterprise.

The SurePassID PAM is downloadable source code available from a private GitHub repository. There are instructions for building, configuring and installing on Ubuntu, Fedora, CentOS, and iOS platforms. Customers have also adapted the SurePassID PAM to other PAM-based Linux systems.



SurePassID Authentication Server integrates with MacOS versions to secure logons with multi-factor authentication (MFA). SurePassID Universal MFA also enables MacOS MFA Logon with Offline 2FA, enabling you to secure logons for all use cases, including offline ones.

SurePassID works with the following MacOS versions:

  • MacOS 13 Ventura
  • MacOS 12 Monterrey
  • MacOS 11 Big Sur
  • MacOS 10 Cheetah



SurePassID Authentication Server provides an extensible, scalable platform for adding MFA to Android and iOS operating systems, no matter where SurePassID is deployed – on-prem, in the cloud, or in hybrid deployments. SurePassID integrates with your directory services, including proprietary telecom backends, to extend secure user credentials across your entire mobile or BYOD enterprise.

SurePassID can use built-in biometric authentication on Android and Apple mobile devices for passwordless, phishing-proof FIDO2/WebAuthn authentication.

SurePassID includes a Mobile API Connector that is deployed to the DMZ and acts as an intermediary (proxy) between mobile system logins that request authentication services and SurePassID, which is deployed behind the firewall. The Mobile API Connector supports the same API as SurePassID Authentication Server so that mobile systems can be in the “trusted zone” or ”untrusted zone” and remain secure.



Embedded systems encompass a wide range of OSes and device use cases. Operational Technology devices and ICS/SCADA systems are often built on Windows 7 and require special on-prem or air-gapped MFA capabilities. IoT devices are often built on RISC or Secure Element chipsets that are designed to minimize processing cycles and reduce memory usage, as there are no extra processing resources available. Other MFA vendors have limited solutions that fail to meet the challenges of embedded systems with these demanding footprint or deployment requirements.

SurePassID Authentication Server addresses these challenges with solutions for any deployment architecture, including on-prem and air-gapped systems, and integrations with leading SCADA solutions such as Schneider Electric’s GeoSCADA. For IoT devices, SurePassID offers a tiny client app that runs on 8-bit, 16-bit, and higher chip set architectures. Taking up almost no system overhead, the app reaches back to a SurePassID Authentication Server server or mesh authentication network for chip-to-server security.


FAQs about SurePassID and our Authentication Server solution

  • Software-as-a-Service (SaaS)
  • Windows Installer Package (Microsoft Windows Server 2008/2012/2016/2019/2022)
  • Virtual Machine (Microsoft Hyper-V)
  • Container (Docker/Kubernetes, Microsoft ACI, Amazon ECS)
  • Serverless/Function-as-a-Service (FaaS)
  • Embedded (8, 16, or 32-bit microcontrollers)

Cloud deployments can occur same day. On-prem deployments will vary depending on the complexity of your requirements. Regardless, our Customer Success team is with you every step of the way.

SurePassID is the most hardened authentication solution on the market. Customers choose us because we specialize in securing user access to mission-critical IT/OT systems and critical infrastructure. We never stop innovating to protect our customers from evolving cyberthreats.

As a SAML 2.0 IdP, SurePassID easily and seamlessly integrates with any on-prem (e.g. Ping Identity) or cloud-only (e.g. Okta) IAM solution.

  1. Unmatched on-prem and OT capabilities
  2. Outstanding technical support
  3. Unbeatable value

Visit https://www.surepassid.com/pricing for a complete guide to SurePassID Authentication Server pricing and features.

Discover why leading enterprises choose SurePassID Authentication Server

Talk to one of our MFA experts about your unique requirements. Or request a demo and see how easy it is to secure your universe of apps with SurePassID Authentication Server.