While watching an InCommon mailing list discussion around Duo and other forms of strong authentication, it became apparent that we’ve completely failed at educating universities on what the Gluu Server is and how it works.
Implementations of Duo are providing the first real world experiences on large scale mobile authentication technology. In Gluu’s opinion, Duo is a fantastic mobile 2FA service. We demo it every day to customers. We rely on it internally to secure our unix servers via SSH. However, not surprisingly, Duo did not provide the all-in-one credential management nirvana for which many on the list hoped. And it brought attention to many of the challenges institutions will face outsourcing credential management to a SaaS provider.
Here is just a sample of some of the list’s feedback:
- Post-enrollment: management of devices.
- Credential reset for each authn mechanism.
- Delegated Admin.
- SAML SSO Admin console.
- Better AD integration.
Furthermore, some things that were not mentioned but should certainly be considered include trust elevation, adaptive authentication, and special procedures for logout (don’t forget to kill the CAS session…).
The thing is… what was being described is the Gluu Server!
Despite our best efforts to get the word out about what the Gluu Server does, obviously we failed.
The reality we are facing is a tsunami of new authentication mechanisms: mobile, biometric, cognitive, and contextual mechanisms. The situation, and the device you have in your hand determines which authentication technology has the best trade-off of price / security / usability. And, as I’ve blogged recently, account reset is the achilles heel of 2FA. You are only as strong as your weakest reset mechanism.
If you are interested in this topic we highly recommend that you join this webinar on Friday, January 31st, or schedule a call with Mike. During the call, you will learn how the Gluu Server supports and provides management interfaces for Duo and other great 2FA technologies via “oxTrust”, our admin console that enables centralized management of authentication and authorization logic for your organization.
Subscribe to Get News and Product Updates
our RSS Feed