Shift Technologies is a Minnesota-based MSP providing commercial IT technical support to small and large enterprises.
The Challenge
Securing Insurance-Approved User Access With In-Network Management of MFA
One of Shift Technologies’ clients, a trucking and excavating company, wanted a 2FA multi-factor authentication solution to work directly with on-premise AD and worked without an internet connection. They also wanted to handle all access attempts across the network, both when employees are on-site and working remotely. And while they needed 2FA to be enabled on every PC, they needed to manage and customize MFA for individual user access needs. Finally, the solution would need to be approved by their insurance company.
The client had tested a few available options, but found the programs hard to manage. They also found that with cloud based systems, the default was to let users in if the internet connection was lost.
Ryan Olson, technology specialist at Shift Technologies, notes that while the Shift Technologies team had worked with other 2FA providers in the past, they didn’t have a tested solution that satisfied all of the client’s requirements.
The Solution
Installation and Enrollment in Hours, Not Days
When Olson started looking into options for 2FA authentication linking with AD, he quickly found UserLock. He wanted an option that supported both YubiKey and phone authentication, and UserLock supports both. The internal team installed UserLock on their internal server to test the solution in-house.
Olson liked the easy-to-use interface and management capabilities, and moved to deploy it for the client. The client’s team found the process straightforward and easy to understand. Altogether, the entire process from installation to enrollment took about four hours.
The Benefits
An Insurance-Approved MFA Solution That Balances Security and Productivity
The client’s insurance company approved UserLock as a solution that met their requirements. With multiple successful deployments now complete, Olson says UserLock is the option of choice for clients who need an on-premise multi-factor authentication solution.
The network install feature is the best that I’ve seen,” notes Olson. “You usually run into firewall issues on each PC but this seems to get around it. I’ve never had a problem installing remotely on people’s systems.
Ryan Olson
Technology Specialist
He likes that “UserLock is very lightweight — once it’s installed, you don’t know it’s there.” The product strikes a balance between security and employee productivity — offering an easy-to-use solution for both the IT administrator and the end user.
He also appreciates the granular access control, along with access to data like how many bad password attempts each user has.
As for the authentication method, Olson finds it helpful that clients can choose between different methods for the additional 2FA verification step.
While some clients prefer to authenticate using their phone, Olson notes that many opt for YubiKey. Since the end-user doesn’t have to take out a phone for each login, using a key further minimizes the hassle for employee access. And YubiKey makes it even easier to enroll users, since it doesn’t require the end user to download an app.