In general there is a misunderstanding on what certificate-based authentication does exactly and how it distinguishes from the normal Username and Password Single Sign-On approach.
We will quickly break it down and show you the basic differences between normal Username and Password Single Sign-On and SSO using Certificate Based Authentication. For that we will be using an analogy with the following setting:
Imagine that you go to the movie theatre and purchase a ticket. Normally this ticket is to grant you access to a specific film, for a specific length of time. Once this time has passed you no longer have access.
Option One: Ticket please
Imagine, after you purchase a movie ticket, it lasts all day (8 hours) and allows you to go into as many films as you like. Since it is a ticket, you can lend it to someone and you need to keep it safe since it could get lost or be stolen.
This is Username and Password Single Sign-On. You have to type in your credentials just once a day and you are allowed to access all the services you need.
Option Two: Get recognized
Now, imagine the same as before but this time you were treated like a VIP because they recognize you. You are met at the door by a member of staff, they walk you straight into any film you want, no need to stop and buy a ticket.
On top of all of that, they tell you that you have the right to leave and re-enter the movie theatre as many times as you want and see as many films as you want over the next 30, 60 or 90 days(the time depends on the theatres restrictions). As you were never given a ticket when you first entered, you do not need to worry about anyone stealing it.
This approach benefits both you and the movie theatre company. It benefits you by giving you the best user experience. No need to stand in line for a ticket every day that you want to enter.
It benefits the movie theatre company as it is the most secure way for you to access their services. As you were not given anything when you first entered, no one can steal anything from you and pretend to be you. Both; Seamless and secure!
This is SSO using Certificate Based Authentication. For the truly seamless and secure Authentication process, this is the only way to go!
What about mobile?
You might use certificate-based authentication on your work computer on a daily basis. But how does your company handle it on your mobile device? In this modern age, more people use their smartphone or tablet to complete their work. Shouldn’t the same secure authentication technology find it’s way on the mobile device?
Authenticating or logging in every time you want to use a work related app can be a blocker because it causes many errors, wastes a lot of time and is not very secure. This is especially true on a mobile device where typing takes much longer. So what can be done here?
Hypergate Authenticator solves these issues by delivering seamless SSO using Certificate Based Authentication on your Android and iOS devices. This means it completely removed the need to enter any Username and Password details, thus removing the issues above.
It simply turns your mobile device into a fully-fledged Kerberos client that uses the same infrastructure as a computer. This gives your company more flexibility in designing a modern workplace without having to change the existing backends and infrastructure elements.
Will it work on your Mobile setup?
Hypergate Authenticator runs on every smartphone regardless of Android or Apple and integrates with all major Enterprise Mobility Management platforms. Such as MobileIron, VMware Workspace ONE, Microsoft Intune, BlackBerry UEM, SOTI and many more. Find out if Hypergate supports your EMM as well.
Authenticating has never been that easy:
Hypergate Authenticator works with all your work apps like Service Now, Google Chrome, Salesforce, Slack, Microsoft O365 and many more. All are supported out of the box – no integration needed.
Hypergate Authenticator
Delivers a seamless and secure Single Sign-On solution integrating directly with Active Directory. The solution leverages industry standards like Kerberos to provide the best possible user experience without compromising on security. Save IT support costs by allowing your users to change or reset their expired passwords on their own devices, no computer needed.