SurePassID uses PKI to establish secure connections between the SurePassID Universal MFA platform and external entities, such as an Active Directory Domain Controller or a managed endpoint. SurePassID checks to see if the user accessing the application has the necessary certificate present. If yes, SurePassID then enforces the specified MFA policy. If no, access to the application is automatically denied.
SurePassID also uses PKI to protect our own cryptographic secrets, such as AES 256 symmetric encryption keys.