APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Passwordless Multi-factor Authentication Security and Identity
Sal Karatas, CEO at SAASPASS
2. Why SAASPASS?
Built on a Passwordless Architecture & Zero Trust Security Model
SAASPASS is the only FULL-STACK Identity & Access Management Platform
3. What is SAASPASS?
SAASPASS - the only full-stack identity & access management platform:
Multi-Factor Authentication
Single Sign-on
Shared Access Manager
Enterprise Password Manager
Directory Services
Access Control Policies
Endpoint Protection (computer protection)
Privileged Access Management (PAM)
Reports & Audit Trail (SIEM)
Admin Types (delegated)
Securing the Personal Perimeter
..... and more
4. Multi-Factor Authentication Integrations
SAASPASS offers over 100 thousand pre-built integrations.
MFA integrations include:
• VPNs
• RDP
• RADIUS
• Single Sign-On
• Team and Enterprise Password Manager
• WiFi Captive Portal
• Apple Mac computers (offline support)
• Windows OS computers (offline support)
• Linux SSH
• Firewalls
• Web and Mobile Apps
• CASBs
• SIEMs
• API Gateways
• Custom Applications
• RESTful API available with code snippets
• All Microsoft Exchange Server Protocols:
▪ Outlook Web App (OWA)
▪ Outlook for Desktop
▪ Autodiscover
▪ MAPI for Outlook Anywhere Desktop Applications
▪ ActiveSync for Mobile Outlook and Mobile Native Email Applications
5. Multi-Factor Authentication Methods
Passwordless MFA
SAASPASS Mobile/Tablet App (iOS &
Android):
• Manual OTP (offline support)
• Push Login (with context)
• Scan Encrypted Barcode
• Remote Login 2FA
• Mobile On Device Login
• Mobile Web URL callback
• Proximity (offline support)
• App to App (with SDK)
• Remote Lock
Wearables Support:
• Manual OTP
• Push Login
SAASPASS system offerings:
• SMS OTP
SAASPASS Java ME & BlackBerry (pre Android model 7
and older) Mobile App:
• Manual OTP (offline support)
3rd Party Physical Tokens:
• HOTP tokens
• TOTP tokens
• FIDO U2F (offline support)
• Yubico OTP
Biometric Methods:
• FaceID - iPhone
• TouchID - iPhone
• Fingerprint on Android
• Facial on Android
* Offline support necessary for NIST DFARS 800-171 & CMMC compliance * Users can be assigned multiple token types
7. Multi-Factor Authentication & Approval API
MFA Authentication and
Transaction Verification
+
Biometric Step-up
MFA Authentication and
Transaction Verification
Ask Biometric Authentication If this setting is checked on any login mobile will ask additional biometric authentication. Instant Login URL must be provided to work.
BIOMETRIC APPROVAL
8. Single Sign-on
• Role-Based Access Control (RBAC)
• Attribute-Based Access Control (ABAC)
• Secured by Passwordless MFA
• Web Portal Single Sign-On
• Mobile App Single Sign-On
• SAML support (over 1700+ pre-built SAML integrations)
• Configurable MFA policies per app
• Custom SAML & Radius support
• Grant app access to specific groups
• Grant app access to Organisational Units (OU)
• Shared Logins
• Provisioning/Deprovisioning
• Over 100 thousand web apps pre-built
• Browser extension with Single Sign-on client
• Mobile Web/App support
• User initiated Autologin & AutoFill
• SSL Detection in Browser Extension
• Browser Extension Autofills only with HTTPS sites
• Enterprise Chat launched SSO (Slack support etc...)
• Apple Mac Single Sign-on client with Computer Protection
• Windows OS Single Sign-on client with Computer Protection
• Works on all platforms (Windows, Apple Mac & Linux etc.) without the need for a desktop app to be installed
9. Shared Access Manager
• Password Manager for Teams
• Shared 2FA Authenticator Codes for Teams - (TOTP)*
• Secure Notes for Teams
• Shared Email Accounts and Applications
• Shared Account Manager
• Dedicated Shared Access Manager Admin
• Shared Password Logins - (with optional notes)
• Shared Logins with Authenticator code - (with optional notes)
• Sharing access with password & Authenticator code shown/hidden
• Over 100 thousand web apps pre-built
• Option to import personal passwords & authenticator codes
• Seamless provisioning and deployment
• User initiated Autologin & Autofill
• SSL Detection in Browser Extension
• Browser Extension Autofills only with HTTPS sites
• Desktop browser & Mobile Web/App support
• Securely share passwords with the members of your team on need basis
• Securely share Authenticator codes with the members of your team on need basis
• Sharing Password-based access with concealed password (requires browser extension etc..)
• Sharing Authenticator code-based access with concealed password (requires browser extension etc..)
• Works on all platforms (Windows, Apple Mac & Linux etc.) without the need for a desktop app to be installed
*CISA mandates securing social media for all organisations with TOTP MFA of the service provider and access after MFA
10. Enterprise Password Manager
• Web Portal Single Sign-On
• Smart Browser Extension
• Password Policies
• Password Complexity Policies
• Password Rotation Rules
• Password Shown/Hidden
• Password Vaulting
• User initiated Autologin & Autofill
• SSL Detection in Browser Extension
• Browser Extension Autofills only with HTTPS sites
• Strong Password Generator
• Over 100 thousand web apps pre-built
• Seamless provisioning and deployment
• Desktop browser support
• Mobile Web/App support
• Password duration configurable
• Automatically reset the passwords of servers, databases, network devices and other resources.
• Directory Integration (including AD and multiple AD)
• Self-Service AD Password Manager
• Works on all platforms (Windows, Apple Mac & Linux etc.) without the need for a desktop app to be installed
11. Directory Services
Manage Users, Groups and Devices
• Universal Directory
• User Identity & Attribute Management
• Active Directory/LDAP Integration
• Multiple Active Directory Integration
• Metadata Directory
• HR Directory Integration
• Office365 integration
• G Suite integration
• SAASPASS Cloud Directory Services
• Custom Fields and Mapping
• Cloud RADIUS
• Provisioning/Deprovisioning
• Device support
• Directory Insights
• System Insights
• Lifecycle Management
• Self-Service AD Password Manager
Supports Apple Mac, Windows & Linux computers
12. Access Control Policies
• Location-based
• OS (Operating System)-based
• Device-based
• Time-based
• Network-based
• IP address whitelisting/blacklisting
• Country whitelisting/blacklisting
• Browser whitelisting/blacklisting
• OS (Operating System) whitelisting/blacklisting
• Device whitelisting/blacklisting
• Algorithmic restrictions based on Threat Intelligence (blacklisted IPs, locations, proxies, Darknet etc..)
• Custom Policies
• Policy Rules per application
• Policy Rules per groupings of applications
• Jailbreak & Root detection and prevention
13. Endpoint Protection (computer protection)
SAASPASS Endpoint Protection for Windows Computers (works with & without Active Directory)
SAASPASS Configurable Multi-Factor Authentication methods supported:
SAASPASS Mobile/Tablet App (iOS & Android):
• Manual OTP (Offline supported)
• Push Login
• Scan Encrypted Barcode
• Remote Login 2FA
• Proximity (Offline supported - Apple Mac Only)
• Remote Lock (by user or admin)
SAASPASS System offering:
• SMS OTP
3rd Party Tokens:
• HOTP tokens
• TOTP tokens
• FIDO U2F (Offline supported)
• Yubico OTP
Computer Protection for:
• Windows OS as Local Access and RDP for both; Domain and Non-Domain Accounts
Single Sign-on Client:
• Windows OS Single Sign-on client
(configurable from Admin dashboard)
Multiple Users
* Offline support necessary for NIST DFARS 800-171 & CMMC compliance
14. Endpoint Protection (computer protection)
SAASPASS Endpoint Protection for Linux Computers
(works with & without Active Directory)
SAASPASS Configurable Multi-Factor Authentication methods supported:
SAASPASS Mobile/Tablet App (iOS & Android):
• Manual OTP (Offline supported)
• Push Login
SAASPASS System offering:
• SMS OTP
3rd Party Tokens:
• HOTP tokens
• TOTP tokens
• Yubico OTP
* Offline support necessary for NIST DFARS 800-171 & CMMC compliance
15. Privileged Access Management (PAM)
• Team Password Manager
• Enterprise Password Manager
• Shared Access Manager
• Shared Account Manager
• Shared Email Accounts and Applications
• Self-service AD Password Manager for end-users
• Password Vaulting
• 2FA Authenticator Code (TOTP) Vaulting
• Secure Notes Vaulting
• Admin Types (delegated)
• Audit all privileged access, get complete record of all actions
• Store & organize all your privileged identities in a centralized vault
• Securely share passwords with the members of your team on need basis
• Securely share account access with the members of your team on need basis
• Admin resetting AD passwords
• Automatically reset the local account passwords of domain joined and unjoined Windows computers
(LAPS - Local Administrator Password Solution)
16. Reports & Audit Trail (SIEM)
• Centralized Audit Trail
• User Audits
• Administrator Audits
• Application Usage Reports
• Export of data in multiple formats (csv,xls,pdf,xml .....)
• Export to 3rd Party SIEMs
• Export Full System Log
Reports include:
• User accounts
• Role Type
• Email
• Application Name
• Login Type
• Login Source
• Source IP
• Status
• Time
- Also Reports by Application and Application Type
- Detect Orphan accounts for any app
17. Admin Types (delegated)
Add/Remove and Manage Admins
Multiple Admin Types/Roles:
• Super Admin
• Developer Admin
• Application Admin
• Organizational Unit (OU) Admin
• Shared Access Manager Admin
• Read-only Admin
Multi-tenant support available. Different admin rights can be granted to 3rd Parties and MSSPs.
18. Securing the Personal Perimeter
• Password Manager
• Authenticator 2FA for personal websites and mobile apps
• HOTP/TOTP support (adjustable)
• Identifies Duplicate and Weak passwords
• Identifies websites and apps that have Authenticator 2FA support
• User initiated AutoFill & Autologin
• SSL Detection in Browser Extension
• Browser Extension Autofills only with HTTPS sites
• Browser Extension Access with SSO & Copy to clipboard
• Web Portal Access with SSO & Copy to clipboard
• Web Portal is 2FA secured
• Browser Extension 2FA secured
• Secure Notes
• Strong Password Generator
• Multiple Device support
• Device Management
• Tablet support (including landscape view and split screen)
• Offline support
• Secure Backup & Restore options
• SIM Swap prevention
• Jailbreak & Root detection
• Search available in mobile app and browser extension
• Works on all platforms (Windows, Apple Mac & Linux etc.) without the need for a desktop
app to be installed
19. Move Beyond Passwords with The Only Full-Stack Identity & Access Management Solution