Swivel Secure AuthControl Sentry

AuthControl Sentry is a self-hosted (or cloud-hosted) authentication platform that centralizes strong user verification and federated SSO for enterprise and education environments. It integrates with AD/LDAP, issues SAML assertions as an IdP (including documented SAML/RADIUS hybrid flows), acts as a RADIUS server for network access, and enforces MFA at desktops (Windows Credential Provider) and web tiers (IIS). Swivel’s patented PINsafe methods (TURing, PINpad, PICpad) sit alongside push/TOTP, SMS, and hardware tokens.

Key Capabilities

• SAML-based federation: Integration guides cover SAML IdP setups (e.g., ServiceNow) and SAML↔RADIUS hybrid patterns that redirect users to the Sentry IdP while completing back-end RADIUS authentication.

• RADIUS enforcement: Full RADIUS server configuration (NAS clients, VIP/HA) with documented integrations for common VPNs (e.g., WatchGuard, Citrix NetScaler Gateway).

• Endpoint & web agents: Windows Credential Provider for MFA at workstation/server and RDP logon; IIS/Microsoft Server agent to protect web applications.

• MFA methods: PINsafe® (TURing/PINpad/PICpad), mobile app/push, OATH TOTP/HOTP hardware tokens, and SMS/email OTP, with policy controls and SIEM logging.

Limitations

• OIDC/OAuth specifics: Public Sentry materials focus on SAML and RADIUS; there isn’t enough information to confirm native OpenID Connect/OAuth 2.0 provider capabilities (discovery/endpoints).

• SCIM provisioning: Documentation emphasizes MFA/SSO and agents; general-purpose SCIM 2.0 provider/consumer support is not clearly documented.

• WebAuthn/FIDO2: Materials highlight proprietary and classic OTP factors; first-party WebAuthn/FIDO2 support is not confirmed.

• Self-managed footprint: Typical rollouts use on-prem appliances/VMs, RADIUS, and Windows/IIS agents—customers manage HA, patching, certificates, and directory sync.