Specops Authentication for O365
Group Policy driven Office 365 multi-factor authentication, federated Single Sign-On (SSO), real-time user provisioning, and automated licensing – all from a single solution.
Office 365 multi-factor authentication and user provisioning
Specops Authentication for O365 is the ideal solution for organizations that need a simple approach to O365 user management and authentication. Use existing Group Policy configurations for on-demand O365 user provisioning, and license assignment. Enhance the login experience with SSO, or secure it with Office 365 multi-factor authentication. The solution is natively integrated with Active Directory to streamline O365 hybrid deployments. It can be set up in minutes, and easily administered.
The solution’s powerful multi-factor authentication engine supports a wide range of authentication factors that can help improve your organization’s overall security. With 15+ identity providers available during authentication, users will always have a secure way to login to O365 to important resources. You can also use the same multi-factor authentication enrollments to verify users during a password reset.
No matter where you are in your O365 migration, Specops Authentication can decrease administration time, and increase security, without disrupting the user experience. Specops Authentication can be used alone, or with existing solutions such as Azure AD Connect, and Active Directory Federation Services (ADFS).
- Related Products
Dynamic Office 365 multi-factor authentication
Office 365 is a prime target for attackers. Specops Authentication enhances login security with dynamic Office 365 multi-factor authentication (MFA). With 15+ identity providers available to secure the Office 365 login, including Duo Security, Symantec VIP, Social SaaS, and various authenticator mobile apps, users will always have a secure way to access important resources.
Users can choose from a list of available authentication services to complete their authentication. Our dynamic approach guarantees that end-users will complete the authentication task, even if an enrolled service is unavailable. For example, if a user is enrolled with mobile code, but does not have their device, they can still verify using their social accounts. This reduces authentication failure, and potential calls to the helpdesk.
You can further increase security by assigning a trust value to an authentication service. This allows you to decide that one identity provider (for example, Google Authenticator) is worth twice as much as another (for example, Facebook) during authentication. The higher the trust of the identity, the easier it is for the user to authenticate to O365.
Streamline O365 hybrid implementations
Many organizations will create a hybrid environment by integrating O365 with their Active Directory. Keeping user data on-premises requires the configuration of multiple Microsoft components, including:
- Azure AD Connect Synchronization Service for user data synchronization
- ADFS for federated SSO
- Azure Multi-Factor Authentication Server for integration with 3rd party authenticators
With Specops Authentication for O365, provisioning, federated SSO, and Office 365 multi-factor authentication capabilities are included in a single product, which is completely interoperable with Microsoft components.
Keep data on-premises
Specops Authentication is installed inside your Active Directory. It is configured using Group Policy, without introducing added complexity to your environment. Group Policy drives permissions, and removes the need to recreate security groups, and store sensitive data outside of Active Directory. Authentication-related data, including enrollment data, is stored on a sub object of the user object.
Unlike alternative solutions, Specops Authentication does not store a copy of your directory or require complex mapping of policies to affected users. Users are provisioned directly from your on-premises Active Directory to Azure Active Directory.
Provision users and assign licenses in real-time
By managing how users log in to O365, Specops Authentication simultaneously creates the user in Azure AD. When a user in your organization is redirected to Specops Authentication, they are provisioned to Azure AD by creating their user object, along with group memberships, and assigning the appropriate licenses in Azure AD. When the user is redirected back to O365, they will be seamlessly logged in.
- Redundancy with multiple Gatekeepers to ensure you’re always up and running
- Authentication choice so users always have a way to successfully authenticate
- Federated SSO with Windows Integrated Authentication
- Real-time user provisioning and license assignment
- Event monitoring for O365 authentication and provisioning
- Scripted installation support for core versions of Windows Server 2012 R2, and Windows Server 2016
- End-user interface customization
- With the password reset feature enabled, Specops Authentication end-users can use their existing enrollments to manage password resets against the on-premises Active Directory.