Identity Services
Identity Services Overview
Identity services enable users to securely identify themselves when signing in. Identity services fall into multiple categories, including: username and password, social (LinkedIn, Tumblr), and higher trust (Google Authenticator, Microsoft Authenticator, Duo Security).
To use various identity services to authenticate users, the identity service must be configured (enabled) in Authentication Web, and the user affected by the policy must enroll with the identity service. Once a user has enrolled, they can use the identity service to authenticate. Specops Authentication uses data from user objects in Active Directory to read and write information used in the system.
Note
Not all identity services can be used with Secure Access. Currently, only the following identity services can be used with Secure Access:
- Specops:ID
- Yubikey
- Mobile Code (fallback when users don't have Specops:ID or Yubikey available)
Standard
- Specops:ID: this is an app that allows users to use their mobile device's biometrics (fingerprint, facial recognition etc.) to authenticate.
- Mobile Code (SMS): Users will receive a one-time six-digit password via an SMS message, which must be entered in order to successfully authenticate.
3rd Party
Note
In most cases, enrollment with third party identity services needs to be handled by users individually.
- Duo Security: With Duo Security, users can authenticate using the Duo Security mobile app.
- Yubikey: The Yubikey is a hardware authentication device. Users can authenticate by generating One Time Passwords (OTP) with their Yubikey (only if the Yubikey supports Yubico OTP as a security function). For more information on Yubikey, refer to the Yubikey page.