Free trial

FLEXIBLE AUTHENTICATION
SOLUTION:
  • MULTI-FACTOR AUTHENTICATION (MFA)
  • SINGLE SIGN-ON (SSO)
  • IDENTITY PROVIDER (IdP)
  • IDENTITY AND ACCESS MANAGEMENT (IAM)

PHISHING-RESISTANT MFA   -   SUPPORTS FIDO2

app-preview
Trial version

SOLUTION FEATURES

  • Flexible solution for organizations and companies of all sizes.
  • Using MFA complements problematic passwords with other factors.
  • Czech and English language support (other languages can be added).
  • Flexible solution for authentication – of employees, partners, customers - into internal/company systems.
  • Option of on-premise installation in the customer's infrastructure.
  • No part of the application or data needs to be in a third-party cloud.

SUPPORT OF MODERN TECHNOLOGIES

  • FIDO2/WebAuthn - Support of standards.
  • Phishing-Resistant MFA - Prevention against phishing attacks.
  • Support of passwordless authentication.

Factors for authentication in general

  • Authentication factors are categorized into three groups:
    • Something you know (such as a password or PIN).
    • Something you have (such as a phone or a HW token).
    • Something you are (such as a fingerprint, facial scan or other biometric data).
  • MFA requires the user to authenticate using two or more authentication factors from different categories (e.g. "something you know" in combination with "something you have").
  • The method of Push notifications for smartphones with biometric authentication combines all three of these categories. Logging in with your name and password (something you know) is complemented by Push notifications on your mobile phone (something you have), which must be confirmed after biometric verification (something you are).

2ELEMENT APPLICATION ARCHITECTURE

RISKS OF USING ONLY A PASSWORD

  • Brute-force attacks
  • Phishing
  • Keylogging
  • Social engineering
  • Malware

2ELEMENT PRODUCT LIST

INTEGRATION OF 2ELEMENT AND Sofie

MORE ABOUT PRODUCT

SECURITY

Detailed logging (audit log) of all processes in the whole solution.
Registration and authorization of mobile applications is secured by asymmetric cryptography.
Private key in modern mobile phones is stored in a dedicated security chip/element with the possibility of biometrics protection.
The administrator defines the required security policies for the user.
Data transmissions are encrypted by default using SSL / TLS.
Export of logs using Syslog for external processing (SIEM support).
Login (SSO) integration with SAML or ADFS providers.
The application is tested by penetration tests according to the OWASP methodology.
Possibility to provide source code for audit.
NETHEMBA

PENETRATION TESTS

Security of the application 2Element is tested and verified by penetration testing by NETHEMBA corporation.

FEATURES

PHISHING-RESISTANT MFA

  • Authentication method that prevents an attacker from obtaining the user's credentials through fraudulent manipulation (e.g. sending an email message and other social engineering techniques)..
  • The FIDO2 standard is a more secure method of authentication compared to traditional solutions such as one-time passwords (OTP) or PUSH notifications.
  • HW keys for FIDO2
    • Yubico
    • GoTrust
    • Feitan
    • TrustKey
    • SoloKeys
    • Swissbit
    • Token2
    • and others...

INTEGRATION WITH AD OR ADFS

  • Link to Active Directory, including setting which trees or user groups to synchronize and how.
  • Concurrent support for both local groups and users, as well as those transferred from AD.
  • Possible operation even without integration with AD. Local users can be created directly in the MFA server. Suitable for installations without AD or users who are not in AD.
  • Support of other LDAP compatible directories is also possible.
  • Integration into ADFS logins – this makes it easy to extend the entire ecosystem with MFA, supporting ADFS logins.

EXAMPLES OF INTEGRATION

SUPPORTED SERVICES AND APPLICATIONS

VPN accesses (Fortinet, Cisco, CheckPoint, Palo Alto,...)
Administrator RDP/RDG accesses to MS servers
Remote desktops (RDP/RDG) for users/
administrators
Local user computer logins
ADFS (Active Directory Federation Services) integration
Cloud services (Microsoft 365, Google Workspace, Bitwarden,…)
Customer's own application (Helpdesk, Intranet, …)using API
Portals and solutions for partners and customers
Other integrations using Radius or LDAP protocols
Support for ADFS, OpenID, SAML

EXAMPLE OF THE VPN CLIENT LOGIN

SCREENSHOTS

Services

Installation of MFA servers at the customer

  • Installation on dedicated servers (RHEL, CentOS, Rocky Linux).
    • Installation in a VM is recommended - VMware, Hyper-V, KVM.
  • Web interface for administrators available.
  • Recommended to split the installation into two different segments/vlans:
    • In DMZ – MFA WEB server - it communicates to the Internet (Push notifications, etc.), provides API.
    • In VLAN - MFA Authentication PROXY server - Auth proxy, it mediates communication with AD and RADIUS.
  • An individual solution for large installations that meets the required SLAs.
  • MFA servers can be installed in a cloud environment.

Consultation and on-line presentation

  • Professional consultation for customers and partners.
  • An explanation of all concepts such as FIDO2, WebAuthn, U2F, TOTP, ...
  • Demonstration of MFA solutions using Teams or other conference platforms.
  • During the conference, we advise how to best deploy the MFA solution for the customer.

Trial version and PoC installation

  • TRIAL licences for internal testing and PoC (Proof of Concept) installation.
  • MFA server installation can be under our hosting.
  • Installation into the customer’s infrastructure.
  • Within PoC, professional consultation for further integrations.

CUSTOMIZED CUSTOMER SOLUTIONS

  • For larger implementations we offer a customized solution that is popular today, for example, in banks under their names.
  • We will supply the customer with a customized mobile application fully compatible for all MFA accesses.
  • Suitable as a consolidation of all applications that should use MFA for authentication.
  • “White label” customization
    • for server (custom name and design)
    • for mobile applications (custom name, design and fixed connection with the customer's server)

MFA and security recommendations

Multi-Factor Authentication is subject to legislative regulations and recommendations from cybersecurity authorities.

Czech regulation

ZoKB - The Act on Cyber Security Section 3 p. 2-3 VoKB - The Cybersecurity Decree Section 12(2) j) p. 1128
Section 19(3), Section 20 p. 1131 NÚKIB - Recommendation for administrators, version 4.0

International authorities

Protecting Information from Ransomware p. 1 par. 3 a.i
p. 2 par. 5 d. Remote Access
VPN Solutions p. 3-5 Federal Zero Trust Strategy Implementing Strong Authentication Memorandum of a Federal zero trust architecture (ZTA) strategy p. 6-8 Implementing Phishing-Resistant MFA

Business Partners

EruCom GC System Pragodata J3AG Dator 3 O2 NTT Actinet Asciinet system boost

PARTNERSHIP WITH MANUFACTURERS

VPN access

Fortinet Checkpoint Cisco Palo Alto
and others...

FIDO2 Hardware tokens

Yubico GoTrust Yubico Yubico
and others...

Contact and request for Price offer / Trial version

Send request
Sonpo, a.s. Sonpo, a.s.

Contact us

SONPO, a.s.

Klapkova 546
182 00 Prague 8
Czech Republic


[email protected]
[email protected]
[email protected]
www.sonpo.eu

Download

Documentation

EXAMPLES OF INTEGRATION

 

Recommended


This website uses cookies to provide services, personalize ads and analyze traffic. By using this website, you agree to this. More about the use of cookies.ok