Fully managed two factor authentication services from Cloud partners.

Today's users have the ability to work independently of the corporate network, it is all about access to applications; 'cloud computing' has empowered users to access data any time, from anywhere. The market demands cost savings, optimum productivity and a renewed focus on environmental action. SecurEnvoy's ethos is to give control back to the business and users without compromising on security or access.

Cloud; simplicity and manageability.

SecurCloud was launched to create a platform for customers and providers to choose how and who they want to deliver fully managed tokenless multi factor Authentication services.

SecurCloud is about empowering the customer and offering choice, therefore providing all the benefits of Strong Authentication from one to hundreds of thousands of users all deployed within minutes by your chosen Cloud partner. For end users, our Cloud solution is offered by YOUR partner and this is YOUR choice.

SecurCloud Overview Video

Mobile phone based Tokenless® two-factor authentication

Fully Managed Authentication Services

The SecurEnvoy products are available as Cloud hosted solutions. Using our network of integration partners these services use the principle of taking the time, effort and management away and for the customer to maximize operational efficiencies.

For our partners it's an opportunity to attract a wide range of end users; from small businesses to larger enterprises, in a controlled and fully managed method.

For our prospective customers, the ability to release any additional hardware burden and reduce administrative and resource intensive services, factors heavily in their decision making process. Outsourcing is an opportunity to streamline business processes and benefit from released capital as a re-investment or a cost saving activity.

  • Security is second to none; complies with regulatory standards, including SOX, PCI and HIPAA
  • No seed records to be compromised, unlike other providers, we don't generate seed records.
  • Resilience; top System integrators and Hosting partners provide global reach.
  • Scalability; most scalable solution available today - any sized company can be accommodated.
  • Speed to market; at a rate of 2100,000 users an hour, a 100 users will be deployed in less than 5 minutes!
  • Managed Service; using global MSSP's the service is totally managed and outsourced.
  • Simplicity of migration; move from any competitors platform with zero disruption of service.

To find one of our partners near to you, please use our how to buy page.

Cloud; simplicity and manageability.

SecurCloud was launched to create a platform for customers and providers to choose how and who they want to deliver fully managed tokenless multi factor Authentication services.

SecurCloud is about empowering the customer and offering choice, therefore providing all the benefits of Strong Authentication from one to hundreds of thousands of users all deployed within minutes by your chosen Cloud partner. For end users, our Cloud solution is offered by YOUR partner and this is YOUR choice.

SecurCloud Benefits:

  • Customer data managed either by the customer or SecurCloud provider
  • Multiple domains, geographies and organisations can be deployed seamlessly


Benefits to Users:

  • End user doesn't need to remember an additional secret piece of information as they can reuse the Microsoft or LDAP password.
  • End users only needs to enter one thing they know rather than two pieces of information as many other 2 factor authentication systems require a separate PIN.
  • All a user needs to do is read an industry standard 6 digit passcode from their phone. The user does not need to perform any mathematical manipulation to derive their passcode.
  • End user does not need to carry additional authentication devices.
  • Dynamically updating the previous SMS message removes the need to delete old text messages
  • Soft Token application available to all smart phones and desktop/laptop environments

Benefits to the business:

  • Any mobile phone that can receive an SMS message is supported without any SMS delivery delay issues affecting performance. This approach expands the range of users to include not only internal staff but also third-parties and even consumers.
  • No token deployment or replacement costs.
  • No token resynchronisation or PIN resets reduces the cost of helpdesk administration
  • Deployment to thousands of users in minutes via SecurEnvoy's deployment wizard cuts down the cost of deploying and supporting two factor authentications.
  • The personal security paid to a users mobile phone far exceeds that paid to a hardware token they are forced to carry. End users are more likely to notice their mobile phone has been stolen and more importantly are far more likely to report it missing. Therefore providing enhanced security to the business over token based solutions.

Supported OS's

  • Windows Server 2008
  • Windows Server 2008R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016


For detailed integration guides see www.securenvoy.com/support/integration-guides


SecurEnvoy uses your existing company's LDAP server as its database, no schema changes required

Supported LDAP Types:
  • Microsoft Active Directory
  • Novell e-Directory
  • Sun Directory Server
  • OpenLDAP
  • SecurEnvoy Managed Users via Microsoft Lightweight Directory Service (LDS or ADAM)
  • Other LDAP Compliant servers


  • Passcode Generation utilises FIPS 140-2 approved algorithm
  • Brute force attack protection
  • All user data is stored with AES 256 bit encryption
  • Phishing Attack Prevention
  • Intrusion Prevention
  • Key Stroke Logging Defence
  • Lost or Stolen Mobile Phone is disabled at the server.
  • Cookie high-jacking defence
  • Cross site scripting defence

PIN Management

SecurEnvoy support the following PIN (Personal Identification Number) methods

  • Utilising the existing LDAP password as the PIN (removes the overhead on users)
  • Supports the traditional 4-8 numeric or alphanumeric PIN with or without the LDAP password combination

Passcode Delivery

  • A full complement of apps are available for all device types. No mobile data is used nor does the user have to be online.
  • SMS messages delivered via a GSM commercial strength modem , supported modems: Multitech, Wavecom, Siemens
  • SMS message via hardware modem rack
  • SMS messages via a third party web gateway
  • Email Passcodes
  • VoIP Phone calls

Passcode Types

  • Pre-loaded passcode, sent after each authentication attempt with the new SMS messages automatically updating previously stored message. This mode eliminates SMS delivery delays and intermittent loss of signal
  • Real Time Passcodes with support for SMS Flash Messages and session locking
  • Day Codes
  • Multiple Day Codes
  • Temporary time limited Codes that automatically switch back to a one time codes after expiry


  • Seamlessly supports enterprises moving from a password system to SecurEnvoy Tokenless Solution
  • Seamlessly supports enterprises moving from an existing third party token solution to SecurEnvoy Tokenless Solution


  • Automatic mass deployment of up to 100k users per hour, dependent on LDAP or group membership
  • Simple and elegant deployment tools to deploy tens of users to tens of thousands.
  • Self enrolment is available and intuitive for the user
  • Movement from one device to another is supported as often as the user wishes or the administration allows.
  • Moving between devices won’t leave the user's identity behind and alleviates identity theft.

(click headings to expand section)

 Enterprise Class Solution

Full multi-domain support with redundancy and fault tolerance built-in.

"particulary well suited to businesses with a large remote workforce"



SecurEnvoy harness the power and scalability of Active Directory or other LDAP based servers as its core database. All replication is performed by the operating system siftware (domain controllers).

SecurEnvoy's radius server can scale to over 50 authentications per second. It utilises Microsoft's next generation .net framework and LDAP services.

As the next required user's passcode is not needed until the next authentication, any buffered delay at peak loads in sending the next SMS passcode message will not affect authentication performance.

The only limitation imposed on scaling the system is the number of users that Active Directory (or other LDAP servers) can manage in any single domain.

 Fault Tolerant

Each site is designed with two authentication servers such that if one of these servers failed or its delivery SMS gateway was unable to send SMS messages then this server will drop the incoming authenticate request. This action will cause the VPN radius client or IIS Agent to fail over to the next configured SecurEnvoy server. Note that as this solution is priced per user, additional servers can be added if required at no additional cost.

All user authentication data is stored and replicated in real time by Active Directory with each SecurEnvoy server being configured for up to two Microsoft domain controllers such that if an existing domain controller fails then SecurEnvoy ‘s server will fail over to the next configured domain controller.

SecurEnvoy is supported on clustered servers if required.

Failover between sites is supported out the box with no additional development required as follows:

If a user from one site authenticates at a second site and is in the same domain then Active Directory (or other LDAP server) synchronisation will ensure that the required authentication information is available at both sites and thus will be available to SecurEnvoy's authentication server.

Multiple SMS Gateways can be configured with fail-over.

Each SMS Gateway is continually checked for correct operation. If one fails for example the power is removed from a connected SMS modem, then this gateway is poled every 60 seconds with reset and initialisation commands.

 Multi Domain Support

Each SecurEnvoy security server can be configured with two domain controllers for each domain your company uses with no limit on the number of domains. The domain component of the userID is then used to dynamically switch the security server to the relevant domain. If no domain component is given in the userID then a default domain is used. Default domains are set at each radius client configuration such that each connecting VPN server can be configured with a separate default domain.


The only on going administration tasks required are the following:

  • Re-enable lockout account that have failed too many authentications since the last good one
  • Update users mobile numbers (can be self managed via help desk if required)
  • Enable temporary emergency access if a mobile phone is lost (can also be self managed via help desk)

SecurEnvoy supports role based administration with these roles:

  • Full Admin: Access to all admin GUI functions including server configuration,log, radius and user setting.
  • Help Desk: Can only access user setting and log information
  • Help Desk Groups: Can only administer users that are a member of an Active Directory (or other LDAP) group or sub nested group.
  • Config: System configuration settings only, no access to user authentication

Administration overhead functions are kept to in minimum as end user information is already available in Active Directory, no token management or resynchronisation is required and no PIN management is required.

In addition, temporary emergency access codes automatically switch back to one time codes after the administrator defined number of days. As user information is stored in AD then any users deleted from Active Directory will be deleted from SecurEnvoy.

Centralised management is support in the following way. Each security server can manage any user in any domain with remote administration being accessed via a browser (IE6, IE7, IE8 or Firefox).

Two-Factor Authentication for Regulatory Compliance

Businesses and Organisations are no longer able to ignore Two-factor authentication. It is now a major part of all users day-to-day work and home lives. Compliance and regulatory standards have to be met and adhered to.

SecurEnvoy is the most flexible and cost effective solution in the Two-factor market. SecurEnvoy provides Tokenless Two Factor solutions that meet and exceed regulatory compliance such as PCI Data Security Standards, GCSx CoCo, HIPAA, SOX, ISO 27001, and other industry regulations.

  • PCI Data Security Standards,
  • GCSx
  • CoCo,
  • HIPAA,
  • SOX,
  • ISO 27001,

SecurEnvoy has a suite of Tokenless Two Factor authentication solutions that can leverage devices an end user has access to, in their day day work. This can be a mobile phone, a physical landline or direct dial extension or a device such as a tablet or P.C. SecurEnvoy are just not limited to a mobile phone, but provides solutions for how users like to work and with what devices.

PCI Compliance Case Study

A world without tokens


Upcoming Events

To view more details on our events, Click Here

Contact Us

info@SecurEnvoy.com | +44 (0) 845 2600010