Multi-Factor Authentication Diagram

Multi-Factor Authentication

Cloud or on-premise solution for each LDAP Directory and Active Directory

View Product

Redefining MFA for the Enterprise

Standard MFA solutions often come with hidden costs and limitations. We provide a solution built for enterprise realities.

The Common MFA Challenge

  • Forced Cloud Dependency: Tying your core security to an external cloud service creates a single point of failure and potential data sovereignty issues.
  • Limited Factor Choice: You're often restricted to the MFA methods offered by the cloud vendor, which may not meet your specific security requirements.
  • Inflexible Integration: Difficult to integrate with heterogeneous environments, legacy applications, or multiple, non-federated directories.

The Comtarsia Advantage

  • On-Premise Control: Our SignOn Proxy acts as your private, on-premise MFA decision engine, giving you full control and resilience.
  • Unmatched Factor Flexibility: Choose from FIDO2, Smart Cards/PKI, TOTP/HOTP, or our convenient COTP Push Notifications. Mix and match to fit user roles and risk profiles.
  • Universal Compatibility: Seamlessly add MFA to your existing authentication flows for any LDAP or Active Directory backend, without requiring schema extensions.

Your Central Authentication Hub

The Comtarsia SignOn Proxy is the core of our MFA solution. It securely integrates with your directories and acts as the central policy engine. When a user logs in via the Logon Client, the proxy orchestrates the required second-factor challenge, ensuring policies are enforced consistently everywhere.

Key Architectural Benefits:

  • On-Premise Core: Keeps authentication logic and sensitive MFA data within your network perimeter.
  • Flexible Data Storage: Store MFA enrollment data either in your existing directory attributes or in the proxy's secure, embedded database—no schema changes required.
  • High Availability: Deploy multiple SignOn Proxy instances in a load-balanced configuration for enterprise-grade uptime and resilience.
Comtarsia Authentication Architecture

A Factor for Every Need

Deploy the right level of security for every user and every scenario.

FIDO2 Security Keys

The gold standard for phishing-resistant authentication using hardware security keys (e.g., YubiKey).

Smart Cards & PKI

High-assurance, certificate-based authentication ideal for government, defense, and highly regulated industries.

TOTP / HOTP

Time-based and counter-based one-time passcodes using standard authenticator apps (e.g., Google/Microsoft Authenticator).

COTP Push Notifications

A secure and user-friendly experience using the Comtarsia Authenticator app to approve logons with a single tap.

Comtarsia User Management Console for MFA Policies

Easily configure MFA policies for any user group.

Granular Policy Enforcement

The Comtarsia User Management Console gives administrators fine-grained control over MFA policies, all managed via group memberships.

  • Force Enrollment: Require users in a specific group to enroll an MFA device immediately or by a specified deadline.
  • Optional Enrollment: Allow users to self-enroll an MFA device for added security at their discretion.
  • Device Management: Easily remove a user's lost or stolen MFA device to grant them access and allow re-enrollment.

The Core of the Solution

This solution is powered by our flexible and robust SignOn Proxy.

SignOn Proxy

The on-premise heart of your authentication. It acts as a secure proxy and policy engine, connecting to your directories and orchestrating MFA challenges for all your users and applications.

Learn More

Upgrade to a Smarter, More Resilient MFA Solution

Take back control of your authentication infrastructure. Contact us to discuss how Comtarsia's MFA solution can be tailored to your enterprise security needs.

Get in Touch