Entrust IdentityGuard

IdentityGuard provided strong authentication (hardware/software tokens, mobile “smart credentials,” OTP/transaction verification) and SSO/federation for enterprise and B2E/B2B use cases. Entrust now presents this capability as Identity Enterprise, within the broader Entrust Identity portfolio and alongside its Identity as a Service (IDaaS) offering.

Key Capabilities

• Standards-based SSO & federation: Entrust documents SAML, OpenID Connect, and OAuth 2.0 for SSO to cloud and on-prem apps (plus directory/RADIUS options).

• Multi-factor authentication: Mobile smart credentials (PIV-D style), software/hardware OTP, push/transaction verification, and desktop login integration are covered in product/user/admin guides.

• RADIUS & VPN: Published integration guides for RADIUS and common VPN/gateway products.

• Passwordless / FIDO posture: Entrust positions WebAuthn/FIDO2 as part of its passwordless capability set within the Entrust Identity portfolio.

Limitations

• Naming/lifecycle: Entrust consistently states Identity Enterprise is the new name for the platform formerly known as IdentityGuard; plan evaluations and contracts against Identity Enterprise.

• Product boundary vs. IDaaS: Public docs often describe protocols/features at the portfolio level (Enterprise + IDaaS). Not enough public information to confirm that all capabilities (e.g., every OIDC/OAuth profile) are available identically on the legacy IdentityGuard server without the newer Enterprise/IDaaS components.

• SCIM provisioning: Entrust marketing references SCIM among supported protocols, but vendor-hosted, IdentityGuard-specific SCIM 2.0 endpoint documentation is not surfaced publicly.

• Self-hosted operations: IdentityGuard/Identity Enterprise is commonly deployed on-prem (including historical virtual-appliance packaging), which adds patching/HA/backup responsibilities vs. fully managed IDaaS.