Strong authentication as part of enterprise IT architecture

Strong authentication as part of enterprise IT architecture

2024 – DORA and NIS2 time.

The coming year, 2024, will be a period of intensive implementation of the requirements of 2 EU regulations: DORA (Digital Operational Resiliency Act), a regulation for financial institutions, as well as technology providers for them, and NIS2 (Network and Information Systems), a directive covering more than a dozen industries relevant to the economy and society, but also any other companies qualified as at least medium-sized within the meaning of the European Commission’s recommendations.

Both of these documents mention strong authentication, i.e. the use of an additional factor – besides the password – when logging into IT systems to prove our identity. In an effort to comply with the requirements of DORA and NIS2 (which you can learn more about in this special report), organizations have probably already established teams to deal with this issue. And it goes without saying that IT Architects should be members of such teams.

Ebook LinkedIn post 6 EN

Tasks for IT Architects

The traditional approach to implementing strong authentication is to modify applications, today mainly web-based (browser-based) applications, to extend each of them to require its users to use a second authentication component. This means involving in-house developers and application vendors, making the appropriate modifications, migrations and tests, which takes time and money. And then this functionality has to be maintained and probably expanded – because cybercriminals are constantly devising and using newer and newer techniques to attack user accounts.

To avoid all this work and cost at Secfense, we have developed a solution that allows you to quickly and easily secure all web applications across your organization by adding any second authentication component to them – without having to modify the protected systems in any way. Later in this article, we will describe how it allows Enterprise Architects to incorporate strong authentication as elements of an enterprise-wide IT architecture, Solutions Architects will be armed with knowledge of the functionality of the User Access Security Broker solution, and System Architects will be shown how it works.

Analysis of DORA in the Context of Enterprise Cyber Security in the EU

Simple implementation of strong authentication

Adding strong authentication to any web application consists of 3 steps, which are performed by IT administrators, and a 4th, which already belongs to the users of secured systems. They are:

1. Installing a broker in the organization’s network. In the form of a virtual appliance, possibly hardware or using a “cloud” service. The broker can, and should, be fully isolated, as it neither sends any diagnostic or statistical information from the company’s internal network nor does it need to receive anything from the outside. To increase the level of availability, spread the load or because of the complex network topology, the broker can work in a cluster.

2. Redirect network traffic from users’ endpoints (their computers, tablets, or smartphones) to servers with applications so that it goes through the broker (or brokers, if we are dealing with a cluster). In the data center, we usually make a simple modification on the load balancers, in the “cloud” architecture we can make an obvious change to the DNS service.

3. Assist the broker during the learning phase of the application. The broker itself recognizes how the secured application has logged its users so far. And a sequence based only on a username and its password expands on the possibility of adding a second authentication component. In detail, it looks as follows:

a. After logging into the broker, the administrator chooses which types of second authentication components to make available to users. It may also force some of them to use a particular type of second factor. At our disposal we have:

  • cryptographic key
  • fingerprint
  • facial contour
  • PIN, as a “security output” for the above two biometric methods
  • very convenient to use the mobile application Secfense Authenticator
  • TOTP codes generated by any Authenticator mobile application
  • one-time codes sent via SMS
  • one-time codes sent by e-mail

We can also integrate with the company’s existing dedicated authentication systems, as long as they use open RADIUS or OIDC protocols, and thus extend their functionality to all applications in the enterprise.

zCULUVujmL9E9u3RMbewtINA7Bszmp3F1FWSZduVBUap 73Ym8GerACxetHUMLcL OFV1HChbwV SGO4okHot W8KjMezeMZ5r8M rirrLzFsb2paagYGU q9XmvhHq9HjS027zPv2PUc3osH z7bRo

b) The administrator also decides whether he will still allow users to use the application without having to add a second authentication component for themselves(Soft User enrolment Policy), or whether they will have to do so in order to be able to log into such a secured system(Hard User enrolment Policy).

c) It then launches the learning phase. He goes to the secured application, the banner visible at the bottom that reads “Secfense learning mode” reassures him that the broker is monitoring the login process, and logs in with a user-probe (default: inituser) and any password.


4. Once this is done, the application is secured and ready to accept users. who will select a second authentication component for themselves at the next login, register it, and use it at subsequent system accesses.

B T1WHwbaVRzkFmFP8P3C02cU4388a9guSOCkY8KdpK5nlnsza5ttFSJySvRIJi3ylUZ7gHVQDGM8F 33Hl1i 4sFCsmsVfCG 4sIcf3Sq3ACT6

The described solution meets all requirements for user-friendliness on the one hand and user safety on the other. It allows flexible policies on the use of the second authentication component, handles the process of helping those who, for example, use a cryptographic key but have forgotten it and need to work, records events in a local log, and sends them to the company’s SIEM system.


We are happy to demonstrate the operation of our User Access Security Broker on the applications of interested customers. We will also provide them with a test version to familiarize themselves with its functionality in their own environment.

IT architects are invited to join us at the IT Architects Forum taking place in Warsaw on December 6, 2023, where you will be able to talk to us and ask any questions. You can also do so now by going to our website at:

Antoni takes care of all the marketing content that comes from Secfense. Read More


We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk



We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director


Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera


Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT