Our client, a European Ministry of Defense, is responsible for the nation’s armed forces and veteran affairs. They are also one of the country’s biggest employers.
MFA to Secure On-Premise AD Identities in Compliance With National and NATO Security Requirements
The IT leaders at the Ministry of Defense were looking for an MFA solution that met several strict requirements. It had to:
- Satisfy national and NATO access security requirements
- Work with existing AD infrastructure
- Remain completely on-premises with no cloud connection
- Deploy quickly and easily
They wanted to first apply MFA protection to admin accounts for classified networks. Then, they wanted to be able to easily scale MFA across all users to comply with upcoming national and international security requirements.
We had been using Windows for many years, and we have fully-automated mission planning and configuration set up with our existing AD infrastructure. We don’t have the time to redo the entire system or our AD. When we get a new mission, configuration is planned automatically – meaning we do tens of dozens of installations each month. We needed a solution that would work seamlessly in our existing setup.
Because of their dynamic mission environment, they also wanted to be able to enroll users remotely in MFA.
An Fully On-Premise, Easy-to-Deploy Solution With Remote MFA Enrollment
During a year-long MFA product selection process, they found that most of the solutions were cloud-based. Their strict security requirements led them to UserLock.
“UserLock was one of the few solutions in the world that kept authentication fully on-premise and ticked all of the boxes for our requirements,” said one IT leader.
After testing the free trial and going through an extensive review and approval process, they scheduled a rollout for a first group of users. They opted to use security tokens as the second method of authentication.
Onboarding for single USB tokens went very well. Enrollment was easy, and we were pleased to see that UserLock didn’t have an impact on our AD environment.
Secure Access to Classified Networks and Seamless Integration With Automated Mission Deployment Processes
IT leaders appreciated that UserLock’s MFA works seamlessly with their current infrastructure and systems.
Because of the secure and specialized nature of their networks, they worked with UserLock’s support and development teams to integrate UserLock into their existing processes.
“With help from the support team, we were able to set up UserLock as part of our automated processes for mission planning,” said a security architect. “All of our problems were solved within hours or days.”
Token enrollment was “a breeze,” and they also liked that admins can deactivate MFA if needed.
We’d recommend UserLock to other government institutions or organizations that cannot be connected to the cloud.