UPSSO protects your devices, VPN, and applications by providing a single identity and multi-factor authentication such as E-Mail, SMS, Google Authenticator, and Hardware Devices. This product adds an extra layer of security to your sensitive enterprise resources, also making sure the right people have access to them.

With UPSSO, we can implement MFA for devices such as CISCO ASA VPN, Open VPN, Check Point, Palo Alto, Linux OS, and many more. We can also implement MFA for applications such as CyberArk, Salesforce, G Suite, and many more. The solution achieves this by supporting RADIUS and SAML protocols.


  1. The user logged into the RADIUS supported device using Active Directory credentials.
  2. The device sends the Authentication Request to UPSSO Radius Server.
  3. Radius Server sends the credentials to the UPSSO IDP server.
  4. IDP server authenticates the user against the Active Directory server.
  5. IDP server sends the One Time Password to the user.
  6. Radius server sends an Authentication Challenge request to the device, which will prompt the user to enter the OTP he/she received. Radius server will verify the OTP by sending it to the IDP server.
  7. Upon successful OTP verification, the user will be allowed to log into the device.


  1. User accessing a Service Provider (Such as Salesforce) using his browser.
  2. Service Provider sends a SAML Request to UPSSO IDP Server.
  3. The IDP will ask the user to login if not already.
  4. IDP will validate the user against Active Directory.
  5. IDP will send the One Time Password to the user.
  6. Upon successful OTP verification, IDP will send the SAML Response Service Provider.
  7. Upon receiving the proper Response from IDP, SP will allow the user to login.

Note: The above diagram explains the SP Initiated Flow. However, UPSSO supports both IDP & SP Initiated SAML flows.

Note: Please visit the RESOURCES page to view all the UPSSO documents.