Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
$6
per user/per month
SecurID
Score 9.0 out of 10
N/A
SecurID, a company and solution suite from RSA, is an identity and access management suite supporting access management, authentication, and identity governance.
$2
per month per user
Yubico YubiKeys
Score 9.3 out of 10
N/A
Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.
Overall MS AAD is good but we have had a few too many reliability issues with the product that have lead to enterprise authentication outages over the last year. The Senior executives have a preference on Securid to be more reliable than MS AAD. SecurID does a better job in …
We have thought about just trying another competitor for due diligence but have not explored that option yet. We went with Yubico YubiKey due to hearing about it at a conference and decided to start experimenting with the solution. We are pretty decided on what we are going …
If you compare it to authenticator apps, I'd say it's much more easy to set this up for the individual user. Well, it's Swedish. It's also very well documented. There are a lot of guides on how to use them and I have a lot of faith in the security posture of Yubico and how the …
We used SecureAuth for a year or two but just the 2FA bit - it didn't help with compromised passwords to non-2FA'd apps. We now use Azure AD and MEM, which utilises MFA and integrate with most SSO apps.
I liked the Kensington Verimark fingerprint scanner initially because it made signing into Windows simple and secured it within the household, but didn't like the additional complexities of setting it up and needing a driver. That would have required the IT support team to …
RSA token is another option used by many organizations. I think there is a definite benefit to soft tokens, but there's an inherent problem with them as well. If you have to reset your phone, you lose the ability to use that soft token until you set it up again, thus making …
I haven't used any other physical security devices previously. YubiKey and other tech giants like Google, Cisco, and RSA all offer some form of physical/hardware-based security, which is implemented at many workplaces. Yubico was selected for its comprehensive documentation, …
Based on my experience, I think Microsoft Entra ID will suit it in the business environment. I enjoy how it interconnects with a lot of things. Most recently, we're moving away from Zoom and trying to do Teams phones. So I think the integration of Microsoft Entra ID with pretty much every system allows it to connect pretty seamlessly. I think from browsers to apps, all the way around to phones and mobile devices. So I do enjoy that.
Easy to implement and support. Flexible platforms and user-friendly interface. Not a lot of customization is available to customers and response time of support could be better. There are now competing products that utilize new features like facial recognition. Using camera and fingerprint sensors are becoming standard in smartphones so RSA SecureID should offer those as options.
Yubico YubiKeys will likely always be my default recommendation for hardware security keys. It's well suited for environments where key portability is necessary, and for privileged environments where step-up or separate authentication hardware benefits the situation. For example, I can step up my Microsoft rights through PIM, but I'm required to use a Yubico YubiKey (AAGUID filter) even if I'm already using Windows Hello. This means that accessing my workstation doesn't grant rights, accessing my device AND my Yubico YubiKey does. I wouldn't necessarily recommend deploying Yubico YubiKeys to entire user populaces unless the situation calls for it (shared workstations, compliance environments, etc.). This is primarily centered around user training (which is a low bar, but still different), and dealing with loss (you'll want to budget for a % of key loss and be ready to rapidly issue replacements).
Single Sign-on helps ease the user experience, allowing users to avoid typing multiple passwords.
The identity and management are straightforward to use and easy to connect to other applications, as well as third-party applications.
The support of remote work. Nowadays, many people work from home and need to access their accounts. Microsoft Enterprise ID gives secure access to the company data.
So as I said, the second-factor authentication that it does is really well. The response time is really good and all you have to do is just enter the second factor code and that's about it. Right? So that's the good part about using Yubico YubiKeys.
Slow to provide updates to latest operating system versions.
While the GUI is clean and easy to use, it does look very dated.
There is not an option for a temporary code to log in. It would be nice for situations where you are at a remote site but don't have your device (laptop, phone, etc.) with you, as well as other situations.
It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.
MSFT Entra ID has been essential for managing our geographically dispersed team. We're confident that it will scale with us as grow, and we'll be able to take advantage of additional security and ID management features as they become necessary. Being able to centrally manage our user access from anywhere with a small support team is such a relief.
Long story short, does the job. Can use company credentials to setup and access the account for SecurID. Easy to setup and implement. Doesn't have a high learning curve.
As for implementing YubiKey its simple so I don't see us using anything else as we have experienced no issues so fare. Adding these to our environment is still new for us currently but in the transition phase I only see us buying YubiKey. It is highly rated and well known and cost is reasonable so no need to find another solution.
Simply because of what I mentioned earlier, the feature set sort of keeps changing and they do a lot of, they integrated with a lot of the other tools and so for users who are not as well seasoned, it may be a little bit more complicated for them to begin working within the tool.
Using it very frequently, it's important that its straight forward and I do not have to go through unnecessary hoops to achieve something seemingly simple. Can setup using the company credentials and do not have to setup up a separate account. Setup was fast and easy. GUI is very straight forward and quick.
I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.
We have not experienced any issues with availability which is very important when you are dealing with a company that holds the keys to the gate. We have had more issues with availability from our SaaS providers before with authentication but that was on their end. YubiKey has worked every time for us over the course of the last 6 or so months we began testing phase.
We have not seen any lag in loading pages and getting into systems or sites. In comparison to other 2FA and MFA options it is actually faster most of the time to authenticate due to not having to type in. We require users to have long passwords and when there is an option given for password less they jump on it with excitement. As we explore going password less on their PC's the YubiKey is going to make their lives a lot easier to access the resources they need.
I have not needed to engage support for anything at this time. I have been able to find the answers either online or in a knowledgebase. I tried to skip the question but it would not let me, so I rated a 9 based on other interactions with Microsoft support I have had
Their support for onboarding and set-up is quite good. The only issues we tend to have are obtaining new user devices. These need to be planned ahead of time.
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
I figured it all out on my own with the excellent product documentation provided by Yubico. I even managed to produce a backup YubiKey in case I lost my frequently used one. This was crucial when I temporarily lost the original.
Microsoft Entra ID is not as stand-alone product as competitors like Okta. It may lack some of the features that competing products have but on the other hand it integrates both technically and license wise with other Microsoft cloud services and is easy to deploy. It is also the easiest way to extend identity management to the cloud if you already have Microsoft Active Directory in use.
Overall MS AAD is good but we have had a few too many reliability issues with the product that have lead to enterprise authentication outages over the last year. The Senior executives have a preference on Securid to be more reliable than MS AAD. SecurID does a better job in Integration for legacy on-premise applications for instance.
Yubico YubiKeys has been a leader in the security key market, and I think they have a new product we just read about two days back and they can store up to a hundred private keys now. So I think this is what it distinguishes them from the market, apart from this, whatever features we need personally and for our customers. So they provide all those features, but versus the other brands.
For us I feel like the ease of deployment has made this product very appealing, overall this will make the scalability very easy for us to push out once we roll out to our users and the management tools that we have looked at will make the admins like me happy as it is clear and easy to use. The rollout process looks to be very straight forward from the demos that we have looked at regarding the enterprise tools.
Microsoft Professional Services' technical knowledge is appreciable as consultants design the solution as per customer requirements. Mapping of features per user specifications and assisting Customer IT engineers to implement so they can manage and administer the services.
I think it's had positive. It's enabled us to make authentication easier and more streamlined across the organization from frontline workers to back office workers.
It's allowed us to really adopt authentication policies and methods that suit that user and their work environment.
Implementing RSA SecurID has allowed us to help our clients understand we are committed to compliance.
Implementing RSA SedcurID has, however, negatively impacted employee productivity. Employees need to be aware of the additional steps they need to take to authenticate to a protected system.
RSA SecurID has helped us with our compliance audits.
I think it's the flexibility in being able to let users pick the type of authentications that they want to use. Some are comfortable with the touch device on the physical Yubico YubiKeys. Others prefer the mobile app. So it provides flexibility for our users to choose how they want to authenticate without running a file of our security requirements.
