Skip to main content

Why tie your authentication into your directory infrastructure?

It would be better for us if we recommended that our customers just have their VPNs etc talk radius directly to the WiKID server.  It's a super-simple setup and the fastest way for us to "close the sale".

On the other hand if we recommend that you include your directory infrastructure in the process, it can be a lot of extra configuration and trouble-shooting.   (Well, for the majority of people on AD, who have to configure NPS, yes.  Freeradius/OpenLDAP is much simpler. But in fairness the NPS is also a NAC solution.) That delays our sales process and usually increases our cost of sales as we help people setup other company's products (ahem, Microsoft, Cisco).

There's really only one benefit to incorporating AD and that's user disablement.  If you tie in AD to all your remote authentication processes, any AD admin can disable a user and keep them out of all the remote access services.  And that admin does not need to be an admin of your two-factor authentication server either.

Of the 36% that were aware of their continued access, 9% actually chose to use it.

A recent survey showed that as many as a third of all ex-employees still had access to the corporate network after termination.  Obviously, many of these ex-employees are friendly and some may be contractors, but clearly this number is too big, even if it's inflated.

So, we always recommend you include your directory in your two-factor authentication configuration.

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom