Enhanced identity awareness, connectivity and protection

2FA on Network Layer

Multi-factor authentication (2FA/MFA) is becoming a security feature of every modern business system. However, every system is different, and some systems used by your company might not even support this feature. GoodAccess unifies MFA security on the network level. Thus, it easily protects even your systems that don’t support 2FA/MFA on the application level. GoodAccess offers a unified 2FA/MFA for every system your company uses.

Enabling 2FA for GoodAccess Client App

1. Download authenticator app such as Google authenticator ( Android & iOS), Microsoft authenticator, or Authy to your PC or mobile device.
2. Go to Settings in the GoodAccess Control Panel and switch to Two-Factor authentication.
3. Check the checkbox for Two-Factor authentication and Save Changes.
4. The next time you log in to the application/website, you will be prompted to complete 2FA.
5. Scan/enter your generated QR code manually. Enter numeric code from the app to authorize.
6. Once you authorize 2FA, you will get a pop-up confirmation about the activation.

For a configuration guide on how to enable 2FA on GoodAccess Control Panel login and more, please refer to our Support Portal.

Domain-level protection

Domain Name System (DNS) is a service that translates IP addresses to domain names. Domain name defines a particular network service or application, such as YouTube or WhatsApp. Such identification is useful to filter defined traffic and gives you access control over all sites and applications so that you can automatically restrict unwanted user behavior and block malicious domains.

There are three new supplementary features that enable Domain-level protection:

• Custom DNS records - Setup custom private DNS records to use as identification for your internal IT systems.
• DNS filtering - Automated blocking of undesired and risky domains based on blacklists provided by GoodAccess.
• Custom DNS filtering - Use custom blacklists to block undesired domains.

How to manage Domain-level protection

Custom DNS records:

1. Go to Settings in the GoodAccess Control Panel and switch to DNS management.
2. You can upload a CSV file with a domain name and IP or add it manually.
3. Enter a domain name and IP of custom DNS and Save.
   

Custom DNS filtering:

1. Go to Settings in the GoodAccess Control Panel and switch to DNS management.
2. You can upload a CSV file with a list of undesired webs you want to block or add it manually.

For more detailed guides on Domain-level protection and more, please refer to our Support Portal.

Single Sign-On (SSO) with Google, Microsoft and Okta

GoodAccess virtual access cards assign every user a private account and network identity, so they are allowed to access only specified applications. This feature is now improved by controlling access to the GoodAccess network using third-party identity providers using SAML protocol, such as Google, Okta, or Microsoft Entra ID. Such innovation delivers higher precision making sure only authorized users can connect to your business-critical systems without the necessity of managing restrictions in multiple systems. It also makes the use easier for your users by eliminating the necessity of logging in to the GoodAccess Client App using unique credentials.

Enabling SSO

1. Go to Settings in the GoodAccess Control Panel, choose Login & Security tab and switch to Login with an identity provider
2. Enter Sign in URL, Entity ID and X509 Signin certificate, all to be found in your third-party identity providers management console and click on Save
3. Further configurations may be required on the identity provider’s side to enable SSO
4. From now on, users can use their respective third-party identity to log in to GoodAccess and their accounts will be automatically added upon the first login.

For more detailed guides on SSO, including how to set up your Azure ID to work with GoodAccess, please refer to our Support Portal.‍

‍

The GoodAccess network will now be available to connect only to those users within your organization who present themselves with the respective ID and authentication methods (password, token, PIN, e.g.) enforced in your authentication system.

You can connect GoodAccess with any SAML-based SSO services and we plan to add support for more systems in the future.

Clouds & Branches

Modern networks are very heterogeneous, made of offices, remote workers, private and public clouds, and more. To truly cloak the traffic between these locations and keep it away from the eyes of bad actors lurking on the internet, we now enable multiple private clouds / datacenters and entire office buildings to connect to through the GoodAccess network via a secure tunnel. The technology is based on IPSEC, IKEV2, or OpenVPN (based on your preference). Therefore, you can now interconnect all your geographical locations into a single Software Defined Perimeter and securely access your local resources anywhere in the world.

Adding a cloud or branch connector

Configuration is done through the GoodAccess Control Panel -> Clouds & Branches. To create a new connector, click on the “Add New” button in the upper right corner and populate the form in the pop-up window. Unlike IKEv2 and OpenVPN, IPSec setup might require more detailed information about your cloud environment and so should you require assistance, please contact your GoodAccess reseller or our Support.

Choose your use case

To better satisfy the needs of different teams and company sizes, we have identified three core use cases our products deliver. Those are Cloud VPN with Static IP, Zero Trust Access Control, and Software Defined Perimeter. All of the new features are aligned with these three use cases, and we firmly believe this model will make it easier for new customers to choose the package most relevant to their cause.