Create your customized security approach!Contact Us
Specops Authentication for O365 is the ideal solution for organizations that want to secure authentication to O365. Its powerful multi-factor authentication (MFA) engine supports various identity providers that satisfy something you know, something you have, and something you are, and enable you to move beyond a single point of vulnerability.
Specops Authentication for O365 is natively integrated with Active Directory. Group Policy enables MFA policies based on role, or group membership. Users can enroll with any of the 15+ identity providers enabled in the policy, all of which they can use to authenticate to O365. When the Password Reset feature and/or Key Recovery feature is enabled, users can use the same identity providers to verify themselves during a password reset, or encryption key recovery.
No matter where you are in your O365 deployment, Specops Authentication can decrease O365 administration time, and increase security, without disrupting the user experience.
|Multi-factor authentication||Specops Authentication for O365||Azure MFA|
|Third-party identity providers||Yes||Yes, requires ADFS & MFA Server|
|Back-up identity providers||Yes||Yes|
|Password during authentication||Configurable||Yes, required|
|Password reset (on-prem Active Directory)||Yes, with a Specops uReset subscription||Yes, with an Azure AD premium subscription|
|Configurable MFA policies for varying security requirements||Yes, with Group Policy||Yes, only when conditional access is used|
How does it work?
Specops Authentication for O365 consists of the following components and does not require any additional resources in your environment. The Specops Authentication Gatekeeper is installed on-premises and is used to access your Active Directory. Authentication related data, including enrollment data, is stored on a sub object of the user object in the on-premises Active Directory.
Specops Authentication does not store a copy of your directory.
What does it look like?
Specops Authentication enhances login security by extending multi-factor authentication to O365.
There are 15+ identity providers available during authentication, including Duo Security, Symantec VIP, Social SaaS, and various authenticator mobile apps. Since not all identity providers are equally secure, we allow administrators to assign each identity provider a trust value, based on their perceived level of security.
The trust assignment is managed via stars, as shown below.
Frequently Asked Questions
Q: Can Specops Authentication policies be configured to only apply to specific groups?
A: Yes. You can create policies for desired Group Policy Objects, or the selected scope.
Q: Does Specops Authentication support multiple domain names?
A: Yes, as long as the domains of all email addresses are registered with Azure AD/O365.
Q: Does Specops Authentication support redundancy?
A: Yes, you can set up and configure additional Gatekeepers for redundancy.
Q: Can Specops Authentication be used with Azure AD Connect?
A: Yes. You can use Azure AD Connect for provisioning; and Specops Authentication for license management, SSO, and multi-factor authentication.
Q: How are users authenticated with Specops Authentication?
A: Specops Authentication uses Security Tokens to authenticate users. When a user enrolls with Specops Authentication, their enrollment data is stored on a sub object of their user account in the on-premises Active Directory. When a user attempts to sign-in to O365, Specops Authentication will either grant SSO access via the Windows Integrated Authentication token, or prompt the user to authenticate with additional identity services from their enrollment. This will depend on the authentication policy configured by the administrator.