Authentication Services



nevisAuth implements strong user and system authentication for identity and access management solutions. It offers secure execution of multi-step authentication and is able to dynamically adjust authentication strengths. nevisAuth is highly flexible, easily integrated and supports plug-ins to various authentication methods.



Functions and tasks

  • Single- and multi-step authentication managed by integrated authentication engine
  • Self-service support (e.g. password reset)
  • Various authentication strength levels with dynamic step-up and individual time-outs for each authentication strength level
  • Various authentication mechanisms: 
    • User name / password including change of password with all common LDAP directories
    • mTAN (transaction code via SMS)
    • eTAN (transaction code via e-mail)
    • Swisscom Mobile ID
    • X.509 client certificates (smartcard login)
    • Kerberos (Windows login)
    • Grid cards (cooperation with nevisIDM)
    • Security questions (cooperation with nevisIDM)
    • SAML 2.0
    • WS-Federation
    • OAuth/OpenID Connect
    • Etc.
  • Issuing of signed tokens for propagation (end-to-end security)
  • Auditability ensured by comprehensive audit log
  • Flexible interfaces for the integration of external systems: 
    • RADIUS
    • WS-Trust
    • REST