Gluu embeds TiQR for secure and free multi-factor authentication
Gluu, a leader in enterprise authorization and authentication, announced today that its open source, open standards identity and access management platform, OX, now ships with free “out-of-the-box” support for TiQR multi-factor authentication. By using OX and TiQR, organizations can use smart phones to strongly authenticate people, enabling them to access websites and mobile applications that are too sensitive to be protected by passwords alone.
“It’s well known that passwords are the weakest link. Passwords are the root cause of most of the recent security breaches. But the road to implementation of stronger forms of authentication can be expensive and complicated,” said Gluu CEO Mike Schwartz. “Now, with a subscription to the Gluu Server, organizations can offer application developers and SaaS partners the option to use standard Web authentication API’s such as OAuth2 and SAML to leverage a free mobile, out-of-band two-factor authentication for increased security.”
Tiqr makes it easy for a person to enroll their phone or mobile device, and then use it as an authentication factor. After logging into a website, the TiQR server displays a QR code which only the person’s registered mobile device can scan and validate. It was developed by SURF net, a non-profit educational network based in the Netherlands.
“TiQR’s open-source authentication solution from SURFnet was the perfect fit for Gluu’s enterprise authorization and authentication platform,” said Schwartz. “While there are many good commercial options for authentication, many of which are well worth the money, it never hurts to have options. One of our customers requested TiQR, and we thought it made sense to make available to everyone.” In addition to TiQR, Gluu currently supports a number of leading SaaS offerings from partners such as Duo Security, Toopher, and OneID.
As valuable content continues to move to the cloud, organizations are frequently faced with the challenge of securely authenticating employees and customers to third party websites and applications. Schwartz added, “as companies invest in strong authentication solutions, both commercial and open source, they want to make sure the maximum number of websites can support these new credentials. This is accomplished by publishing standard API’s for authentication, like OpenID Connect and SAML. So a website would not need to know anything about TiQR as long as they stick to one of the
supported APIs. That’s what makes this such a good idea: let each domain pick the authentication mechanisms that make the most sense for their business and security requirements.”
Demo’s of the complete integrated solution, including standards based single sign-on server and TiQR out-of-band authentication are available from Gluu.
For more information, please visit our website: http://www.gluu.org
Gluu provides IT services to large organizations to help them design, build, and operate authentication and authorization (“AA”) systems to secure web and mobile applications using open source software. Gluu leverages open standards such as OAuth 2.0, SAML, and RADIUS to enable organizational strong authentication, shibboleth sso (SSO), and web access management (WAM). The “OX” open source project, maintained by Gluu, implements two profiles of Oauth2: OpenID Connect for authentication and UMA for authorization. Gluu’s OX management service enables organizations to quickly deploy an AA service for their Internet domain, on the IAAS platform of their choice.
Gluu’s dedicated server delivery model allows security conscious organizations to centrally manage authorization and authentication using their own servers, from inside their own network. This mitigates a number of security concerns associated with multitenant identity solutions. In addition, because all the software is open source, there are no per user licensing fees, which makes the total cost of ownership markedly less than proprietary monolithic IAM offerings by companies like Oracle, IBM and CA.
TiQR was invented at SURFnet and was built with help from Egeniq and Stroomt. TiQR is based on Open Standards from the Open Authentication Initiative (OATH). It uses the OCRA protocol suite to perform challenge/response authentication.
Where traditional methods require you to type in (alpha-) numerical codes displayed on the web page, we leverage the ease-of-use of QR tags. And where you normally would have to copy the response from your phone by typing it on your computer we make use of the fact that almost all modern phones have Internet connectivity. This is the secret behind TiQRâ€™s ease of use.