McAfee Enterprise Authentication

McAfee Enterprise Authentication

Strong, two-factor authentication made easy

Nächste Schritte:
  • Chat mit McAfee
    Planen Sie eine Neuanschaffung, oder haben Sie vor dem Kauf noch Fragen? Chatten Sie mit einem Experten von McAfee. Die Experten stehen Montag bis Freitag zur Verfügung. Nur in englischer Sprache.
  • Fachhändler suchen
  • Kontakt
  • Rufen: 00800 122 55624


McAfee Enterprise Authentication is a flexible, secure, and central solution for strong authentication and password management. As the complexity of an organization’s IT infrastructure increases, so does managing the authentication process. McAfee Enterprise Authentication adds intelligence to this complexity and is part of the McAfee Security Connected framework, offering active integration with other McAfee security solutions to quickly and intelligently optimize an organization’s security posture. It is designed to easily integrate on premises or in the cloud, and offer user-friendly, trusted access to business-critical information.

Easy for end users — McAfee Enterprise Authentication enables easy, secure, and intuitive end-user login leveraging a wide range of authentication methods and contextual parameters, such as IP address, device, operating system, geo-location, and more. This contextual information helps determine whether to approve access. To further simplify password management for end users, McAfee Enterprise Authentication has built-in lifecycle management with self-enrollment and self-administration features.

Easy for IT — McAfee Enterprise Authentication can utilize existing IT investments. It minimizes administration by integrating with existing user management solutions, so it can be installed and deployed in just a few minutes.

Features & Benefits

Migration support from legacy hard tokens

A built-in Web Manager enables easy migration from legacy security tokens.

Automated key enrollment

Includes inline security key distribution with administration tools to effectively deploy the two-factor authentication solution to large numbers of users.

Integration with existing IT environments

Quickly deploy McAfee Enterprise Authentication without altering existing IT infrastructure, and leverage flexible and intelligent user repository functions to further simplify administration.

Clustering for true multitenancy

Benefit from clustering functionality for both configuration and sessions. To maximize redundancy, McAfee Enterprise Authentication is built for true multitenancy.

Hardware and software collaboration

McAfee Enterprise Authentication supports other password management solutions, including Intel Identity Protection Technology for One-Time Password and Intel Identity Protection Technology with Public Key Infrastructure.

System Requirements

Platform Support

  • 2 CPUs (minimum)
  • 2 GB RAM (minimum)
  • Microsoft Windows 2008/2012 64-bit, Linux 64-bit, MLOS
  • Environment: On premises, hybrid, or cloud

Authentication Methods

  • One-time password
    • SMS, Voice: McAfee Message Gateway
    • Pre-fetch: Pre-generated one-time password
    • Legacy tokens: Third-party legacy systems (OATH, Radius Forward)
    • McAfee Pledge Software Token: OATH (OCRA, HOTP, TOTP)
    • Intel IPT: Intel Identity Protection Technology (TOTP)
  • Pledge Software Token (included)
    • Desktop: Windows 7/8, Mac, Linux
    • Mobile: iOS, Android, Windows Phone 7/8/8 RT, BlackBerry 10
  • Public key infrastructure (PKI)
    • McAfee Pledge PKI: Authentication and signing
    • Intel IPT PKI: Authentication
  • Certificates
    • x.509, CAC / PIV
  • Contextual attributes*
    • IP address, browser, geo-location, OS, device


IDP-mode, SP-mode, broker-mode (SAML, OAuth 2.0, OAuth 1.0a, OpenID)

McAfee integrations

McAfee Next Generation Firewall, McAfee ePolicy Orchestrator (McAfee ePO), McAfee Web Gateway, McAfee Global Threat Intelligence, McAfee Enterprise Security Manager (SIEM)

Third-party integrations

Palo Alto Networks, Check Point, Cisco, Citrix Access Gateway, Citrix Web Interface, Juniper, NCP, f5, Blue Coat, Microsoft (IIS, ISA Server, TMG, UAG, Outlook Web Access, SharePoint, Outlook Web App), VMware View, and CA SiteMinder

Delegated administration

Password reset, self-service mode, help desk mode, service desk mode

Reporting and audit

McAfee ePO, McAfee Content Security Reporter, McAfee Enterprise Security Manager (SIEM)

*Contextual attributes availability will vary depending on use of protocol.



Learn how McAfee One Time Password enables scientists at Lawrence Berkeley National Laboratory to work around the clock, without experiencing any issues authenticating.

John Wiley & Sons has been running McAfee One Time Password for more than three years with zero downtime. Discover how it was able to deploy One Time Password in just 30 days.



McAfee Enterprise Authentication (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

Pledge Software Token

McAfee Pledge Software Token is available as a mobile and desktop application to securely generate one-time passwords. Instead of using a hardware security token when logging in, simply use the Pledge mobile or desktop application. Additionally, you can customize the look and feel of the Pledge client to match your brand through an easy-to-use administration tool.

Key Benefits

  • Support for HOTP, TOTP, and OCRA algorithms.
  • Pledge Desktop may be distributed via McAfee ePolicy Orchestrator (McAfee ePO) software.
  • No transaction costs for one-time passwords.
  • No distribution of hardware tokens.
  • Multiple profile support with customized themes for corporate branding.
  • Easy-to-deploy clients and automatic Pledge enrollment.
  • Available for smartphones, tablets, and desktops.
  • Included in McAfee Enterprise Authentication and McAfee One Time Password.

To try Pledge for strong authentication, begin by downloading the evaluation version of McAfee One Time Password.

SMS & Voice Passwords

McAfee Message Gateway (SMS & Voice) is an add-on service for sending a one-time password to mobile phones. This redundant and reliable service is designed for one-click activation, one-stop shopping, and web-based monitoring.

  • One-click activation — Start a free 30-day trial of McAfee Message Gateway with a single click from the McAfee One Time Password configurator. To upgrade to a production account, the SMS account will need a signed McAfee Message Gateway purchase order. Contact your McAfee sales representative for more information.
  • One-stop shopping — McAfee Message Gateway tracks all traffic through to the end-user’s operator, eliminating the hassle of contacting multiple parties in case of delivery challenges.
  • Web-based monitoring — This cloud-based service is equipped with a monitoring and statistics interface that gives end users visibility into the authentication experience.

McAfee Message Gateway is set up as a fully redundant solution with servers on geographically separated locations to ensure that a power outage, hardware failure, or scheduled maintenance do not affect the operation. The service continually updates a dynamic list of available servers. McAfee Message Gateway is connected to several SMS broker groups. Each broker group contains multiple brokers connected to multiple Telcos and SMS operators that provide delivery through the best possible and available route. This, combined with full status control (which ensures delivery to the SMS operator), enables excellent uptime and delivery capacity.

Technical overview of McAfee Message Gateway solution architecture

Intel Identity Protection Technology

Intel® Identity Protection Technology
Intel® Identity Protection Technology with One-Time Password

Traditionally, two-factor authentication uses a one-time password (OTP) which combines something the user knows (a username and password) and something the user has — typically, a token or key fob that produces a six-digit number, valid only for a short period of time and available on demand.

Intel® Identity Protection Technology (Intel IPT) with OTP generates a unique, one-time use, six-digit number every 30 seconds from an embedded processor that is tamperproof and operates in isolation from the operating system. Because the credential is protected inside the chipset, it cannot be compromised by malware or removed from the PC. Intel IPT with OTP is a built-in hardware token that negates the need for a separate physical token, simplifying the two-factor VPN login process for a seamless experience with virtually no delays.

Intel IPT with OTP is available on all Intel inspired Ultrabook™ devices and all computers based on fourth-generation Intel Core™ processors, the latest Intel Core vPro™ processors, as well as select previous generations of Intel Core processors.

Intel® Identity Protection Technology with Public Key Infrastructure

Intel Identity Protection Technology (Intel IPT) with Public Key Infrastructure (PKI) provides two-factor authentication for business and web services that validates when a legitimate user — not malware — is logging in from a trusted PC. PKI is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. Intel IPT uses PKI certificates stored in firmware to authenticate the user and the server to each other, and to encrypt and digitally sign documents.

This technology is available on third-generation and higher Intel Core vPro processors.

McAfee Enterprise Authentication Integration

Easily deploy and distribute OTP algorithms and PKI certificates using the McAfee Enterprise Authentication Web Manager feature. McAfee Enterprise Authentication integrates with existing user stores and can perform inline enrollment by automatically guiding the user through the necessary steps to set up strong authentication on a device.

Learn more about Intel Identity Protection Technology.