The Future of Enterprise MFA is Now
MFA-as-Code

   Air-gapped
   In the cloud
   Maintenance free

All the security of air-gapped. All the convenience of Cloud First. All the automation of Infrastructure-as-Code (IaC).

TALK TO AN EXPERT
Air-Gapped-MFA-as-Code-Hero-3

MFA-as-Code, another first from SurePassID

Introducing SurePassID MFA-as-Code, our revolutionary new best-of-breed security solution for user-to-user, user-to-device, and device-to-device multi-factor authentication (MFA). Based on a private cloud reference architecture that is industry recommended, with unmatched hardening, and AI and machine learning compatible, MFA-as-Code makes possible what used to be impossible.

Air-Gapped Systems

All the security of Air-Gapped

Achieve unprecedented levels of MFA hardening, deploying without any connection to the internet - or while running on dedicated hardware.

Pricing-Cloud-1

All the convenience of Cloud First

Benefit from a Cloud First strategy that capitalizes on SurePassID's advanced MFA platform and all of its industry-leading capabilities.

SurePassID-MFA-as-Code-icon-150x150

All the automation of Infrastructure-as-Code (IaC)

Go maintenance-free with automated building, deployment, scaling, and patching.

The Problem with Enterprise MFA

Organizations face cascading pain points with MFA solutions that rely on costly, inefficient, and legacy platforms – or worse, the public cloud.

Too Insecure

  • Shared SaaS instance
  • Authentication data is in public cloud
  • 100% dependent on Cloud MFA vendor

Too Expensive

  • Must pay enterprise-grade prices
  • Must pay for every feature
  • Must pay for decent technical support
  • Must pay for admin training

Too Inflexible

  • Can't address new use cases
  • Can't address new STIGs
  • Can't meet Phishing-Resistant MFA mandates
  • Can't deliver SHA-2
  • Can't sell hardware tokens

Too Complex

  • Too much MFA infrastructure to manage and scale
  • Too many MFA configurations to manage
  • Too many manual MFA processes

Too Burdensome

  • Too many IT resources required to administer
  • Too many MFA-related support tickets
  • Lack of admin-level and user-level automation

Too Unavailable

  • Offline due to solution complexity
  • Offline due to IT human error
  • Offline due to Cloud MFA vendor issues
  • Offline due to DDoS attacks

The Solution: SurePassID MFA-as-Code

Infrastructure-as-code solution for “only pay for what you use” MFA with revolutionary automation, scalability, and availability – for Microsoft Azure and Amazon GovCloud.

Highly Secure

  • Best-of-breed security solution
  • No internet connection required
  • Azure GCC or GCC High
  • AWS GovCloud US
  • SHA-1 and SHA-2

Cost Effective

  • One very low price
  • All-inclusive subscription
  • Unrivaled technical support
  • Little administrative overhead

Very Extensible

  • Address new use cases
  • Address new STIGs
  • Meet Phishing-Resistant MFA mandates
  • Achieve SHA-2
  • Buy a wide variety of hardware tokens to meet every use case

Simplified

  • No MFA infrastructure to manage and scale
  • Few MFA configurations to manage
  • User self-service portal

Automated

  • Automatically build and deploy
  • Automatically scale up and down
  • Automatically patch
  • ML/AI compatible

Highly Available

  • 99.999% ("Five Nines") availability
SurePassID-MFA-as-Code-Explanation-1

What exactly is MFA-as-Code?

Definition

A complete global user authentication system that uses Infrastructure-as-Code (IaC) to fully automate the provisioning, management, maintenance, patching, and scaling of a complete SurePassID MFA solution within the Microsoft Azure or Amazon AWS infrastructure, using code instead of manual processes.

Code

The code is comprised of cloud shell scripts that make use of Bicep templates and Azure command line requests or their Amazon AWS equivalents. All scripts are available for review, audit, and customization if required.

TALK TO AN EXPERT

An industry-recommended reference architecture

SurePassID MFA-as-Code is built on an industry-recommended reference architecture that leverages the full power of the Microsoft Azure and Amazon AWS stacks.

This example shows a two-region (East/West) SurePassID MFA-as-Code system created in less than 30 minutes. An unlimited number of regions can be built across Microsoft Datacenters and Amazon Data Centers worldwide.

SurePassID-MFA-as-Code-Reference-Architecture-1

MFA that leverages the entire Azure and AWS stacks

Microsoft_Azure_Logo.svg

  • Microsoft Datacenters are used for fault tolerance to support Geo Load Balancing (East, West, Common).
  • Azure Traffic Manager, Front Door, or F5 Big IP facilitates the traffic routing.
  • Azure Key Vaults secure all secrets and SSL certs.
  • Azure SQL Database is used both primary and replicated secondary storage.
  • Azure Application Gateways and Azure Web Application Firewalls are used for inbound traffic both externally and internally and to limit certain traffic (like mobile provisioning/push verification currently done with F5 Big IP).
  • Azure Virtual Networks, subnets, private links and network security groups are used to secure and partition components.
  • Azure App Services (SurePassID Authentication Server) are defined in various regions and the apps themselves are load balanced and use dynamic thread scaling (up/down) to handle dynamic request loads.
  • Application Service Environment (optional) can be used for additional security in Azure, providing dedicated hardware in Microsoft Datacenters worldwide.

Amazon-Web-Services-Logo-1

  • AWS Datacenters are used for fault tolerance to support Geo Load Balancing e.g. (East, West, Common) regions and availability zones.
  • AWS Load Balancer facilitates the traffic routing for performance and HA.
  • AWS Key Management (KMS) secure all secrets and SSL certs.
  • RDS/SQL Server SQL Database is used both primary and replicated secondary storage.
  • AWS API AWS and Azure Web Application Firewalls are used for inbound traffic both externally and internally and to limit certain traffic
  • AWS Virtual Networks, subnets, private links and network security groups are used to secure and partition components.
  • AWS EC2 MFA Services (SurePassID apps) are “defined” in various regions and the apps themselves can be load balanced and use dynamic thread scaling (up/down) to handle dynamic request loads.

MFA-as-Code + ServicePass

SurePassID ServicePass is a web-based user self-service portal that empowers users to manage their own tokens - thus eliminating the majority of MFA-related service desk calls. When combined with MFA-as-Code, this provides a complete enterprise solution.

  • Allows users to manage their own tokens
    • FIDO2 passkeys, FIDO2 Push passkeys, PIV tokens, OATH tokens, and Push tokens.
  • Capabilities
    • Token Activation/Registration
    • Token Synchronization
    • Lost Token Disablement and Re-Issuance
    • Automated Notifications
    • Password Change & Reset
    • SurePassID API advanced features
    • Integration into 3rd Party applications
  • MFA is required for user login.
  • If the user’s token has not been issued (or is not functioning properly) ServicePass can send a passcode to the user via email, SMS, or SMS challenge-response to securely authenticate the user.
  • Uses the SurePassID RESTful API, allowing for complete integration into existing intranet, extranet and internet enterprise service desk applications.
  • Source code available for greater integration and customization.
  • Simple to rebrand with CSS and corporate logo.
SurePassID-Service-Pass-1
CUSTOMER CASE STUDY

MFA-as-Code Consolidation and Replacement - including FIDO2/WebAuthn

SurePassID-MFA-as-Code-Customer-Case-Study-1

Is SurePassID MFA-as-Code right for you?

If your organization have any of these characteristics, requirements, and needs, our MFA-as-Code solution can be a game-changer for you.

Your Characteristics

Your Requirements

  • Phishing-resistant MFA (FIDO2 or PIV) and/or non-phishing-resistant MFA (OATH).
  • Environmental constraints – Azure GCC/GCC High or Amazon AWS GovCloud
  • Very high availability – 99.999% or “Five Nines”.
  • Single pane of glass for user authentication – visibility, control, and audit.

Your Needs

  • Best-of-breed security design.
  • Most cost-effective solution.
  • Fully automated solution.
  • Integration with other production Azure systems (and non-Azure systems).
    • Sentinel
    • Defender
    • Log Analytics
    • Azure AI and Machine learning
  • Run in existing Azure or AWS subscription.
  • Integrate with SurePassID MFA Air-Gapped Command Center (optional).
MSP-chiclet

Want to learn more about MFA-as-Code?

Talk to one of our MFA experts about your organization environment and needs and whether MFA-as-Code is the right solution for you. Or jump right into a free trial of MFA-as-Code and experience the revolutionary power of this solution.

TALK TO AN EXPERT FREE TRIAL