Specops Authentication for O365
Group Policy driven multi-factor authentication to Office 365 (O365), federated Single Sign-On (SSO), real-time user provisioning, and automated licensing – all from a single solution.
O365 multi-factor authentication and user provisioning
Specops Authentication for O365 is the ideal solution for organizations that need a simple approach to O365 user management and authentication. Use existing Group Policy configurations for on-demand O365 user provisioning, and license assignment. Enhance the login experience with SSO, or secure it with multi-factor authentication. The solution is natively integrated with Active Directory to streamline O365 hybrid deployments. It can be set up in minutes, and easily administered.
The solution uses a powerful multi-factor authentication engine that can replace the password during login. Alternatively, passwords can be combined with stronger authentication factors to move beyond a single point of vulnerability. As part of the Specops Authentication and Password Management portfolio, Specops Authentication integrates with Specops Password Policy. This allows you to enforce stronger passwords, and block passwords that may be susceptible to dictionary attacks.
No matter where you are in your O365 migration, Specops Authentication can decrease administration time, and increase security, without disrupting the user experience. Specops Authentication can be used alone, or with existing solutions such as Azure AD Connect, and Active Directory Federation Services (ADFS).
- Related Products
Secure O365 login with dynamic MFA
O365 is a prime target for attackers. Specops Authentication enhances login security by extending multi-factor authentication to O365. With 15+ identity providers available during authentication, including Duo Security, Symantec VIP, Social SaaS, and various authenticator mobile apps, users will always have a secure way to access important resources.
Users can choose from a list of available authentication services to complete their authentication. Our dynamic approach guarantees that end-users will complete the authentication task, even if an enrolled service is unavailable. For example, if a user is enrolled with mobile code, but does not have their device, they can still verify using their social accounts. This reduces authentication failure, and potential calls to the helpdesk.
You can further increase security by assigning a trust value to an authentication service. This allows you to decide that one identity provider (for example, Google Authenticator) is worth twice as much as another (for example, Facebook) during authentication. The higher the trust of the identity, the easier it is for the user to authenticate to O365.
Streamline O365 hybrid implementations
Many organizations will create a hybrid environment by integrating O365 with their Active Directory. Keeping user data on-premises requires the configuration of multiple Microsoft components, including:
- Azure AD Connect Synchronization Service for user data synchronization
- ADFS for federated SSO
- Azure Multi-Factor Authentication Server for integration with 3rd party authenticators
With Specops Authentication for O365, provisioning, federated SSO, and multi-factor authentication capabilities are included in a single product, which is completely interoperable with Microsoft components.
Keep data on-premises
Specops Authentication is installed inside your Active Directory. It is configured using Group Policy, without introducing added complexity to your environment. Group Policy drives permissions, and removes the need to recreate security groups, and store sensitive data outside of Active Directory. Authentication-related data, including enrollment data, is stored on a sub object of the user object.
Unlike alternative solutions, Specops Authentication does not store a copy of your directory or require complex mapping of policies to affected users. Users are provisioned directly from your on-premises Active Directory to Azure Active Directory.
Provision users and assign licenses in real-time
By managing how users log in to O365, Specops Authentication simultaneously creates the user in Azure AD. When a user in your organization is redirected to Specops Authentication, they are provisioned to Azure AD by creating their user object, along with group memberships, and assigning the appropriate licenses in Azure AD. When the user is redirected back to O365, they will be seamlessly logged in.
- Redundancy with multiple Gatekeepers to ensure you’re always up and running
- Authentication choice so users always have a way to successfully authenticate
- Federated SSO with Windows Integrated Authentication
- Real-time user provisioning and license assignment
- Event monitoring for O365 authentication and provisioning
- Scripted installation support for core versions of Windows Server 2012 R2, and Windows Server 2016
- End-user interface customization