SecureAuth Buys Passwordless Authentication Vendor Acceptto
‘There’s a plethora of more modern second-factor authentication techniques that Acceptto has already delivered to customers at scale. The team at Acceptto is world-class,’ SecureAuth CEO Ravi Khatod tells CRN.
SecureAuth has purchased Acceptto to better understand whether a user poses a threat before, during, and following authentication by leveraging behavioral modeling.
The Irvine, Calif.-based identity and access management vendor said Portland, Ore.-based Acceptto today serves as the front-end interface for a number of competing single sign-on (SSO) vendor, but will going forward become exclusive to SecureAuth, said CEO Ravi Khatod. This will provide clients with a more seamless login experience whether they’re using a mobile phone, biometrics, or Windows Hello.
“There’s a plethora of more modern second-factor authentication techniques that Acceptto has already delivered to customers at scale,” Khatod told CRN. “The team at Acceptto is world-class.”
All 25 of Acceptto’s employees will be joining SecureAuth, Khatod said, with CEO Shahrokh Shahidzadeh taking charge of SecureAuth’s innovation lab, where he will spearhead the integration of the Acceptto technology, SecureAuth’s shift to a new, multi-tenant architecture, and key customer relationships. The Acceptto acquisition closed last week, and terms of the deal aren’t being disclosed, according to Khatod.
Khatod said Acceptto’s multi-factor authentication (MFA) technology is similar to Hypr and UnifyID – which was acquired by Prove in June – making it possible for customers to get MFA, SSO and risk and behavioral modeling in a single place. Acceptto’s technology will provide customers with a better understanding around risk and have clients move away from rule sprawl and avoid rule-based policies.
Specifically, Khatod said Acceptto’s technology can spot deviations in user behavior even if the right credentials were used and there’s not a rule against the behavior and trigger a policy in response. In a large, distributed architecture, Khatod said customers can’t throw their apps behind a firewall, meaning that the only real-time control available to organizations is better authentication of users.
Acceptto has up until now primarily gone to market direct and not worked with channel partners in a meaningful way since the company today has only a few dozen customers, Khatod said. The Acceptto technology is being made available to SecureAuth channel partners right away and will be rebranded with the SecureAuth moniker in the next month or so, according to Khatod.
“We think our channel partners are really going to enjoy this technology,” Khatod said. “If channel partners get out there and demo this, their customers will have an ‘aha’ moment.”
Solution providers can wrap technical and policy-related services around the Acceptto technology such as OPA (Open Policy Agent) and policy orchestration to make it easier for mid-market customers who don’t have a large security staff of their own, Khatod said. In this scenario, Khatod said clients can outsource policy creation and potentially even incident response to their channel partner.
SecureAuth will make extensive training playbooks and modules available to solution providers to make it easier for partners to deliver a proof of concept to existing customers and new prospects, Khatod said. Acceptto’s technology is a particularly good fit for organizations that have a large number of users working from home using personal devices or biometric multi-factor authentication on their own phone.
From a metrics standpoint, SecureAuth plans to track the breadth of Acceptto’s authentication footprint to determine how effectively the value of Acceptto has been articulated to the business suite. Khatod also plans to measure the extent to which Acceptto drives customer migration off legacy MFA and SSO systems by replacing either their front-end interface or back-end risk engine with modern technology.