IS Decisions logo

IS Decisions Blog

UserLock vs Thales (SafeNet Trusted Access)

This article compares UserLock vs Thales (SafeNet) to help you choose the best multi-factor authentication (MFA) solution for your Active Directory environment.

Published April 17, 2023
UserLock vs. Thales

Securing system access through user authentication tools is essential to prevent data loss and security breaches. These tools confirm the identities of users who access cloud applications and user accounts, allowing access to only authorized individuals.

Among the many potential identity and access management (IAM) security solutions, it’s important to find one that complements your current systems. The right solution will improve your security posture without overhauling your existing user management platform.

UserLock and Thales SafeNet Trusted Access (Thales STA) are two widely used access management solutions. Both provide security features, such as multi-factor authentication (MFA), single sign-on (SSO), and user account policies, to help protect access to corporate networks.

In this blog, you’ll find a thorough guide to UserLock vs Thales STA. You’ll see the features that each offers, along with their benefits and downsides, helping you decide which solution will help you protect your user identities best.

UserLock overview

UserLock is an access security and management solution from IS Decisions. It offers enhanced protection, control, and visibility over user access in Active Directory (AD) and cloud environments.

UserLock helps protect organizations from many of the most common cybersecurity threats, such as unauthorized access and data breaches. The software features simple installation and integration with on-premise and hybrid AD environments by design — extending existing systems rather than replacing them.

Among UserLock’s security solutions are robust MFA, SSO, and session management capabilities. UserLock provides a smooth end-user experience, promoting enhanced security while freeing IT teams from repetitive tasks. You can enhance the UserLock login experience with contextual access management, granular controls, and insightful monitoring.

Thales (SafeNet) overview

Thales STA is a popular cloud-based user authentication solution. It offers SSO and MFA capabilities, promoting secure access to various platforms and applications.

Thales STA gives you more control and visibility into user activity, with monitoring and reporting tools. The solution also integrates with many of the most popular SaaS applications used today.

As a cloud-based service, Thales STA can be deployed quickly to protect user access to cloud applications. But while Thales STA offers many important protections, its one-size-fits-all approach may mean that it’s not the right choice for every environment.

Benefits of UserLock

Installing UserLock brings several significant advantages:

  • Improve AD security with SSO and MFA: Integrating with existing AD environments, UserLock facilitates the effortless scaling of security and MFA across your organization. Rather than replacing existing AD investments, UserLock integrates to offer extended protections.

  • Integration with on-premise and hybrid setups: UserLock builds on top of your existing on-premise and hybrid setups, without requiring the additional software and manual admin tasks of other solutions.

  • Flexible access controls: UserLock lets you customize access policies based on specific authentication and user login criteria. This helps you roll out security policies that work with your end users, not against them.

  • A range of security solutions: UserLock brings MFA, SSO, contextual access, and granular control capabilities. Using these, you can allow users straightforward and secure access to corporate networks and cloud applications.

  • Real-time monitoring and risk detection: UserLock gives you improved visibility over your entire AD environment. Monitor and detect unusual activity to protect key systems before an incident occurs.

  • Improved insights: UserLock’s insights, logging, and reporting functionalities let you get the information you need to improve security and achieve compliance.

UserLock vs Thales – comparison




Cloud, On-premise, or Hybrid?

On-premise and Hybrid: UserLock works with on-premise or hybrid AD environments. Its additional controls help improve security for a variety of connections, including Windows login, RDP, RD Gateway, VPN, IIS, and cloud applications. Above all, UserLock does not replace current solutions but rather enhances access controls and system visibility for existing AD environments.

Cloud-based: As a cloud-based authentication platform, Thales STA enables organizations to safeguard online identities and ensure that users can access cloud accounts and services securely. For on-premise and hybrid environments, Thales STA requires additional software and synchronization.

Minimum Users?

UserLock – No minimum or maximum number of users.

Thales – No minimum users.

Integration with Active Directory?

Yes: UserLock provides secure AD access management from anywhere, leveraging existing on-premise and hybrid AD environments. UserLock extends your current security capabilities, automatically synchronizing with AD every five minutes and adding users to groups in real time.

Yes, with additional software: STA can integrate with AD through the installation of additional software. The integration requires manual admin configuration and syncs every 20 minutes. Crucially, with Thales STA, the AD cannot be the primary authentication method for MFA.

Two-Factor Authentication?

Yes: UserLock provides MFA on Windows AD logon, RDP, and VPN connections through various MFA methods, such as push notifications, authenticator app passcodes, and hardware tokens like Yubikey. It also enables easy deployment with existing AD, auto-detects new endpoints, and can provide offline MFA.

Yes: Thales STA offers MFA for numerous use cases with a wide range of authentication methods and tokens. Thales describes its offering as providing AaaS (Authentication-as-a-Service), enabling quick cloud deployment to protect corporate networks, users, and devices.

Single Sign-On?

Yes: UserLock SSO allows users to log in once using their current on-premise or hybrid AD credentials. Then, they can access various resources, including Microsoft 365 and other cloud applications, without the need for identity verification. UserLock’s SAML protocol support also enables you to establish connections to custom SaaS apps.

Yes: SafeNet Trusted Access SSO is a different product that provides smart SSO capabilities for users. With SafeNet Trusted Access SSO, a user’s login requests are processed, and SSO is intelligently applied based on prior authentications within the same SSO session. This enables users to authenticate once to access other cloud applications.

Contextual Access Management?

Yes: With UserLock, you can implement contextual policies that determine whether or not a user can log in based on various criteria. For example, you might request verification based on login device, location, time, origin, or session type. UserLock’s contextual access management feature enables you to establish controls that align with your organization’s policies, enhancing security and reducing user frustration.

Yes: Thales STA supports context-based authentication that enhances user convenience. You can define several criteria, including IP address, device type, and user location, that specifies whether additional verification is needed.

Restrict by Machine & Device?

Yes: UserLock offers the ability to control, limit, and restrict user login attempts based on workstations or devices. You can also choose to restrict via IP ranges, departments, and countries if needed. In addition to native Windows controls, UserLock also provides centralized restrictions that can apply to entire groups, when necessary.

Yes: Thales STA provides customers with a policy engine that enables flexible access management. This engine allows for real-time control over policy enforcement at the individual user, group, or application level. However, Thales’ on-premise solution may lack the granularity many need for creating MFA policies based on specific factors like users, groups, organizational units (OU), and session type (workstation, server, remote, or local.)

Restrict by Hours?

Yes: With UserLock, you can exercise greater control over when users are permitted to log onto corporate networks. This is achieved through restricting AD user logon during specific working hours and/or setting a maximum session time. These features complement Windows controls by restricting user logon hours by group and enforcing logoffs when time restrictions expire.

Yes: Thales STA provides a simple-to-use policy engine that enables flexible access management, giving you real-time control over policy enforcement. This includes the ability to set time, day, or date restrictions on user authentication.

Restrict by Session Type?

Yes: With UserLock, you can limit AD logins based on the session type, originating from a PC, laptop, tablet, or smartphone. This feature provides protection for remote workers by restricting session types for both on-premise and remote login attempts.

Yes: Thales STA enforces access policies for each attempt, applicable only to configured applications on the Access Management console. This can restrict users based on various session types, depending on your security needs.

Limit Concurrent Logins & Initial Access Points?

Yes: UserLock helps safeguard against credential misuse by limiting concurrent logins. This is a vital requirement for many compliance standards. By preventing a user’s credentials from being used for logging in more than once, UserLock protects against concurrent login threats. UserLock also allows you to limit initial access points to a single entry point. You can base this per user, group, or OU. Any access attempts beyond this point are automatically blocked.

No: Thales STA does not currently allow admins to limit concurrent user logins. As a workaround, you can set maximum time limits for a user to be logged in before they are required to re-authenticate.

Monitoring, Alerts & Response?

Yes: UserLock’s monitoring, alerts, and response capabilities enable specific login behaviors to trigger real-time alerts. You can conveniently manage these alerts remotely via the UserLock console. UserLock’s direct notification feature also alerts end-users in case of any suspicious credential activity, enabling prompt action to mitigate any unauthorized login attempts.

Yes: Thales STA offers the capability to generate alerts when specific conditions or thresholds are detected or exceeded. When creating a role, a default alert policy with all alerts disabled is automatically attached. You can also set customized alert types for any actions you require. This lets you tailor the alert system to best fit your organization’s unique needs and requirements.

Audit & Report on Logon Events?

Yes: UserLock keeps detailed records and generates comprehensive reports for every user connection event and login attempt within an AD environment. This allows easy auditing and reporting of all access events, which you can use to improve security, monitor login behavior, and fulfill compliance requirements.

Yes: The Thales STA Access Management console features access logs that provide valuable information about access attempts and authentications. Each attempt is recorded as a single entry in the access logs. You can view up to 100 of the most recent authentication records, which refresh automatically upon opening the management console. However, it should be noted that Thales STA’s reporting on Windows logins and RDP user connections may not offer enough control for every organization.

Privileged User Auditing?

Yes: As privileged user accounts pose considerable security risks to an organization, UserLock provides essential monitoring and auditing for modifications made by privileged users. You can configure alerts triggered by changes to settings or policies, while UserLock’s privileged user auditing helps safeguard organizations against insider threats. You can also review every user’s level of access to ensure they have the appropriate permissions.

Yes: A critical aspect of network security is ensuring that users have access to the right resources at the appropriate level of trust. With Thales STA, application access can be managed using policies based on a user’s status within an organization. Every change made by operators to Thales STA settings is recorded in audit logs on the STA Access Management console for your review.

Web App?

Yes: UserLock’s Web App offers intuitive tools to help monitor session activity and respond promptly to potential security threats. From the Web App, you can monitor user activity and perform session management tasks, even when working remotely. The Web App also features filtering and export functions, which automate reporting to save you valuable time and effort.

Yes: As a cloud-based access management solution, Thales STA offers visibility and controls from its centralized web platform.

UserLock is the MFA and Access Management Solution for you if…

UserLock provides MFA, SSO, and access management capabilities that bring benefits in the following scenarios:

You want to boost security and meet compliance using your existing on-premise or hybrid AD environment

Some access management solutions duplicate directories, leading to cumbersome manual synchronization or sporadic synchronization with cloud-based software. Instead, UserLock works with your existing environment to extend on-premise and hybrid AD access security, bringing additional security controls, higher visibility, and wider session management.

You require more control to provide user-friendly security

UserLock offers strong contextual access management, allowing you to improve protection levels without impeding the end-user experience. In the crucial battle between security and ease of use, setting contextual access policies helps improve protection without frustrating your end users.

You currently use on-premise or hybrid AD with external SaaS applications

UserLock SSO and MFA offer a solution to password sprawl and duplication by providing secure access with a single set of credentials. Allow users to use their AD credentials to access external applications through SSO capabilities. There’s no need to replace your current user, access, and password management policies, as UserLock supplements the existing AD functionality to offer a streamlined and secure login process.

You use Microsoft 365 via AD/Microsoft Azure Active Directory (Azure AD is now Microsoft Entra ID) Domain Services

UserLock SSO provides a simple way for users to access the Microsoft 365 suite by utilizing their existing AD credentials. UserLock’s centralized controls enable you to configure, view, and manage user access to your Microsoft 365 services through a single centralized panel.

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial