This content is part of the Buyer's Guide: Multifactor authentication: A buyer's guide to MFA products

Buyer's Guide

Browse Sections

CA Strong Authentication offers businesses low-cost MFA and 2FA

CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.

CA Technologies' Strong Authentication product is a multifactor authentication product that adds additional security measures -- using biometrics and smartphones -- to standard username/password logins for a variety of servers and services, such as Active Directory, Salesforce and the Outlook web app.

With CA Strong Authentication deployed, IT can require that end users provide an additional factor of verification through a variety of software-based token types (see table below) when accessing company resources and applications. This prevents unauthorized logins, even when passwords have been compromised or shared among many different services.

Strong Authentication is an appropriate product for bringing multifactor authentication technology to midsize organizations and large enterprises -- especially those that make use of a variety of external software as a service (SaaS)-based services, such as Google Docs or Dropbox.

CA Strong Authentication

Multifactor authentication (MFA) products have been available from CA for many years, both directly and through various channel partners. The Strong Authentication product line comes in both a Windows version (formerly known as AuthMinder) and as a SaaS called CA Secure Cloud, which incorporates CA Advanced Authentication SaaS, CA Single Sign-On SaaS and CA Identity Manager SaaS modules. It's supported on major browsers; PC; and for Android, iOS and Windows mobile devices.

In addition to these, there's a pair of Windows servers -- CA Risk Authentication and Identity Manager -- that companies can choose to deploy on-premises. Both of these are sold separately to handle identity federation and risk-based authentication tasks, respectively.

Strong Authentication integrates with CA's Risk Authentication and Single Sign-On, and all are components of the Advanced Authentication suite.

CA Strong Authentication token and authentication methods

Strong Authentication supports a variety of token methods – such as software and hardware tokens -- and authentication methods like two-factor authentication and knowledge-based authentication. CA offers out-of-band authentication as well, in terms of text message, email or voice delivery of one-time passwords.

CA Strong Authentication's server component provides a flexible administration console, and it does a good job of documenting authentication flows to simplify deployment and management. There are numerous examples and templates that make it easier to get this product set up.

Advanced features of CA's MFA product

For enterprises needing advanced federation features, there is a full integration to the CA Identity Manager product. The public key infrastructure and one-time password software-based credentials deliver a higher level of security than some of the other multifactor authentication products out there, thanks to CA's patented key protection technology, which provides for an additional layer of security.

The product includes full administration capabilities to configure policies, monitor activity and investigate suspected attacks. This makes it easier to keep track of authentication tokens and to understand which applications are running the tighter security methods.

CA Strong Authentication also includes reports for tracking administration, user authentication and transactional (including login) risk assessment. It works with most major applications, including VPNs, the Outlook web app, Salesforce, SharePoint and others.

The company also provides small JavaScript snippets for the customer to include in their website authentication page. This is useful for homegrown applications that can't be explicitly supported by Security Assertion Markup Language (SAML) authentications. One of Strong Authentication's more unique features is the option to not store or transmit passwords -- in effect making passwords unbreachable. JavaScript code from other multifactor authentication vendors is less capable than what CA offers.

Some drawbacks and benefits of CA Strong Authentication

The biggest drawback with CA Strong Authentication is having multiple pieces to manage and coordinate; although that can be a plus if you don't need them, and don't have to pay extra for them. That means CA's MFA product can end up being one of the lower cost offerings in the market. Also, some of the other vendors charge per mobile app, while CA's are free. All credential and token authentication options are included in the per-user pricing, whether delivered as SaaS or on-premises.

Next Steps

What you need to know before purchasing MFA software

Here's how to sync up MFA devices for public cloud

See how MFA security tokens have evolved over the years

This was last published in April 2017

Dig Deeper on Identity and access management