SecurEnvoy SecurAccess

SecurAccess is SecurEnvoy’s MFA-centric access platform with RADIUS enforcement for VPNs/gateways, Windows logon MFA and IIS/agent protection for web apps. It also offers an SSO portal (IdP role, vendor-described) and passwordless (FIDO2/WebAuthn) options, plus REST APIs and a Universal Directory.

Key Capabilities

• RADIUS enforcement (VPN/Wi-Fi/perimeter): Implementation guides document RADIUS client/server topology, UDP/1812 communication, and firewall configuration to enforce MFA for VPNs, remote gateways, and perimeter access devices.

• Windows & IIS protection:

  • Windows Logon Agent adds MFA to workstation, server, and RDP logon.
  • Microsoft Server/IIS Agent enforces MFA before access to web apps (e.g., OWA, SharePoint) and integrates with AD FS for claims-based SSO.

• SSO / Access Management (IdP portal + policies): Provides a centralized SSO portal with policy-driven access control, conditional authentication, and prebuilt app onboarding templates for internal and external systems.

• Passwordless / Passkeys: Supports WebAuthn/FIDO2 (CTAP2) for passwordless authentication via hardware security keys, biometrics, or device-bound credentials.

Limitations

• Federation posture: Documentation emphasizes MFA augmentation for AD FS and SAML claims-aware apps, but there is not enough public information confirming standalone SAML or OIDC provider capabilities (e.g., discovery endpoints, token issuance).

• SCIM provisioning: Public materials focus on MFA, RADIUS, and API integrations, with no clear evidence of general-purpose SCIM 2.0 provider or consumer functionality.

• SaaS ecosystem connectors: The SSO portal lists preconfigured integrations, but lacks technical details on claims mapping, metadata, and logout behavior—a proof-of-concept is recommended for complex app integrations.

• Operational footprint: Core services are Windows Server–based and self-managed (IIS/RADIUS), requiring customers to handle patching, certificates, HA, and upgrades.