Access Management
Access management is a set of tools and policy controls that ensure only the right users have access to applications and resources and under the right conditions. Access management tools like multi-factor authentication (MFA), passwordless authentication, and single sign-on (SSO) verify user identities and enforce role-based access. These tools protect critical resources from stolen credentials and unauthorized access that can lead to ransomware attacks and data breaches.
What are access management tools?
Effective access management tools allow administrators to easily verify users’ identities, create granular context-aware policies, and enable productivity with frictionless access to corporate access.
MFA and passwordless authentication
A critical component of access management, multi-factor authentication (MFA) verifies a user’s identity at login using two or more authentication factors. Admins can set up phishing-resistant MFA or passwordless authentication to verify users via FIDO 2 security keys, a smartphone app, biometrics, or other methods.
Adaptive policies
Adaptive access policies change the level of trust based on contextual data about the user or device requesting access. Administrators can control access to applications and networks by setting granular policies based on dynamic factors like role, device trust, risk, location, and more.
Single sign-on (SSO)
Single sign-on is an access management tool that provides users with an easy and consistent login experience for every application. With SSO, users don’t need to remember or enter multiple login credentials.
Device trust
Device trust tools deliver visibility into devices, assess their security posture, and continuously verify device trust to allow or block access based on access policies.
How does access management improve security?
-
Manage user and device access
Access management solutions let administrators tailor user roles, permissions, and access levels. Crucially, it allows the creation of security policies that control user and device access to applications and resources. Robust solutions like Duo offer context-aware policies based on role, device health, location, and other dynamic factors. -
Authenticate and authorize
Access management tools like MFA, passwordless, and SSO authenticate users’ identities using a variety of methods like security tokens, fingerprint scans, or mobile applications. Duo's risk-based authentication further assesses threat signals at each login, adjusting security requirements in real time. Policy-based factors like user role, device health, and permissions determine what resources they are authorized to access. -
Prevent unauthorized access
MFA, SSO, and passwordless tools streamline users’ access to what they need while blocking unauthorized users. Duo’s access management solution delivers visibility across all users and devices in your environment to enforce dynamic authentication policies and thwart attackers.
The level of detail Duo provided into what devices were connecting to our networks, managed or unmanaged, was helpful. We could see things we could never see before -- like the number of attempts on a credential on M365 or the number of lockouts that have happened." Read the customer story
— Craig Vincent, Director of IT Infrastructure and Operations, La-Z-Boy
Components of an effective access management strategy
Strong MFA, passwordless, and SSO
MFA, passwordless authentication, and SSO are key access management tools to reduce your risk of unauthorized data access and streamline a secure login experience for users. The simplicity of SSO complements MFA to deliver multi-layered security and consistent policy enforcement across your environment.
RELATED DUO FEATURES
-
Duo multi-factor authentication (MFA)
Tailor your identity management system to meet your unique security needs with our range of authentication methods—including Duo Push, SMS and passcodes, biometrics, and WebAuthn.
Duo MFA is available in all Duo editions. -
Duo single sign-on (SSO)
A single login grants access to any application a user needs, enabled by granular access policies and fortified with strong authentication.
Duo SSO is available in all Duo editions. -
Duo passwordless authentication
Provide users with a frictionless login experience while reducing administrative burdens and improving your enterprise’s security posture.
Duo Passwordless is available in all Duo editions.
Granular and adaptive access policies
For zero trust security, enforce a least-privilege access model, allowing only trusted users and their devices access to essential applications under secure conditions. A strong solution allows admins to craft granular policies that authorize users and devices based on dynamic factors like behavior, device health, location, and more.
RELATED DUO FEATURES
-
Duo user access policies
Set global or application-specific policies for specific user groups, customize the authentication method experience, and monitor for anomalous access attempts.
User access policies are available in all Duo editions, with advanced options in Duo Advantage and Duo Premier. -
Duo device access policies
Grant access to trusted and healthy, up-to-date devices with enhanced endpoint visibility and granular device access permissions.
Device access policies are available in all Duo editions, with advanced options in Duo Access and Duo Premier. -
Duo adaptive authentication
Restrict access based on risk factors that could change between login attempts, like device status, user location, or network type, using Duo’s adaptive policy engine.
Adaptive authentication features are available in all Duo editions, with advanced options in Duo Advantage and Duo Premier.
Device visibility and trust
Gain visibility into all devices accessing your resources. With insight into every connected device (both on-premise and remote), you’re able to enforce policies that grant access to only healthy, up-to-date, and compliant devices.
RELATED DUO FEATURES
-
Duo device visibility
Spot at-risk devices before they become a problem with behavior and attribute data on every endpoint that logs into your applications.
Device Visibility is available in all Duo editions. -
Duo device health
Verify the security posture of laptop and desktop devices before allowing a user access to a Duo-protected application.
Device Health is available in Duo Advantage and Duo Premier. -
Duo trusted endpoints
Manage trusted device policies for laptops, desktops, and mobile devices—both corporate-owned and personal—to grant secure access to your organization’s assets.
Duo’s Trusted Endpoints is available in Duo Premier edition.
Easy user experience
Managing user and device access doesn’t have to be complicated. An effective solution is seamless and simple for admin and users alike, from implementation to daily use. A user-friendly system encourages adoption, driving down your risk profile.
RELATED DUO FEATURES
-
Duo risk-based authentication
Duo delivers dynamic security at each login attempt, evaluating potential threat signals and adjusting security requirements in real time.
Duo Risk-Based Authentication is available in Duo Advantage and Duo Premier editions. -
Duo mobile app
Our MFA and two-factor authentication (2FA) app makes securing access to your company data convenient for users with Verified Duo Push. Everybody wins—except attackers.
Duo Mobile is available in all Duo editions.
Comprehensive coverage
Secure today’s distributed workforce with an access management solution that supports public and private applications in the cloud and on-premises, various endpoints (corporate, BYOD, Windows, MacOS, iOS, and Android), and all types of users (employees, third parties, or contractors)—no matter where they are.
RELATED DUO FEATURES
-
Duo secure remote access
Secure remote access empowers your hybrid workforce with safe connections to applications and resources, for any user, anywhere.
Remote access is available in Duo Premier edition. -
Duo device trust
Duo’s complete device visibility identifies risky devices and reports on device health, allowing or blocking access based on contextual policies.
Duo Device Trust is available in all Duo editions, with advanced options in Duo Advantage and Duo Premier. -
Duo multi-factor authentication (MFA)
Tailor your identity management system to meet your unique security needs with our range of authentication methods—including Duo Push, SMS and passcodes, biometrics, and WebAuthn.
Duo MFA is available in all Duo editions.
Early threat detection
Access management solutions must go beyond just controlling access. Duo helps detect suspicious activity and stop breaches before they happen. Use behavioral analytics to monitor your users’ unique access patterns and flag potential unauthorized access attempts for remediation.
RELATED DUO FEATURES
-
Duo trust monitor
Monitor baseline access behavior and get alerts for anomalous activity, like logins from unusual locations or access to a sensitive application.
Duo Trust Monitor is available in Duo Advantage and Duo Premier editions.
Related topics
Passwordless authentication
Hackers can’t steal a password if there’s no password to steal. Passwordless authentication is becoming a viable and attractive way to reduce credential theft.
Secure remote access
Secure users’ access to corporate resources and applications, no matter where they connect from.
Adaptive access policies
Assigning access permissions by application ensures that your most critical resources are also your most protected.
Frequently asked questions
What is the role of access management?
The purpose of access management is to control and monitor user access to resources so that only trusted individuals and their devices can access specific data and systems. It safeguards against breaches, maintains the availability and integrity of data, and helps meet regulatory compliance standards.
How does Duo enforce the principle of least privilege access?
Duo enforces least privilege access to applications, data, and resources using granular access controls. Admins set role-based access policies to control users' access to specific apps, when they can connect, where they can connect from, and more. Your business is better protected from security breaches by limiting access to only what users need to perform their role.
What is passwordless authentication?
Passwordless authentication uses identity verification methods like biometrics and security keys, eliminating the need for passwords. It simplifies the user experience, alleviates admin workload, and defends the enterprise by voiding password-related security risks.
How does risk-based authentication work?
Risk-based authentication with Duo starts by evaluating risk signals at each login attempt, such as user location and device health. Duo then dynamically responds, categorizing the situation as high-trust or low-trust based on threat patterns and contextual risks. Depending on the risk level, Duo adjusts login requirements, either simplifying access or prompting for stronger authentication methods. This adaptive approach helps keep attackers out and secure trusted users.