IS Decisions logo

UserLock MFA meets NATO security requirements for Ministry of Defense

  • Ministry of Defense
  • Government & Defense
  • Europe
Easy-to-Deploy MFA Meets National & NATO Security Requirements for a European Ministry of Defense

This Ministry of Defense is responsible for the nation’s armed forces and veteran affairs. They are also one of the country’s biggest employers.

""UserLock is one of the few MFA solutions in the world that keeps everything on-premises."

Security Architect

The Challenge

Identifying a fully on-premises MFA solution to meet national and NATO security requirements

The IT leaders at the Ministry of Defense were looking for an MFA solution that could meet several strict requirements. It had to:

  • Satisfy national and NATO access security requirements

  • Work with existing AD infrastructure

  • Remain completely on-premises with no cloud connection

  • Deploy quickly and easily

They wanted to first apply MFA protection to admin accounts for classified networks. Then, they wanted to be able to easily scale MFA across all users to comply with upcoming national and international security requirements.

"We had been using Windows for many years, and we have fully-automated mission planning and configuration set up with our existing AD infrastructure. We don’t have the time to redo the entire system or our AD. When we get a new mission, configuration is planned automatically – meaning we do tens of dozens of installations each month. We needed a solution that would work seamlessly in our existing setup."

Security Architect

Because of their dynamic mission environment, they also wanted to be able to enroll users remotely in MFA.

The Solution

Deploying a fully on-premises solution with remote MFA enrollment

During a year-long MFA product selection process, they found that most of the solutions were cloud-based. Their strict security requirements led them to UserLock.

“UserLock was one of the few solutions in the world that kept authentication fully on-premises and ticked all of the boxes for our requirements,” said one IT leader.

After testing the free trial and going through an extensive review and approval process, they scheduled a rollout for a first group of users. They opted to use security tokens as the second method of authentication.

"Onboarding for single USB tokens went very well. Enrollment was easy, and we were pleased to see that UserLock didn’t have an impact on our AD environment."

Security Architect

The Result

Securing access to classified networks and seamless integration with automated mission deployment processes

IT leaders appreciated that UserLock’s MFA works seamlessly with their current infrastructure and systems.

Because of the secure and specialized nature of their networks, they worked with UserLock’s support and development teams to integrate UserLock into their existing processes.

“With help from the support team, we were able to set up UserLock as part of our automated processes for mission planning,” said a security architect. “All of our problems were solved within hours or days.”

Token enrollment was “a breeze,” and they also liked that admins can deactivate MFA if needed.

"We’d recommend UserLock to other government institutions or organizations that cannot be connected to the cloud."

Security Architect