SecureAuth compatibility guide
Updated January 30, 2026
About this guide
This compatibility guide covers SecureAuth IdP release 21.04 and later.
For earlier releases: If you're using SecureAuth IdP release 20.06 or earlier, refer to the compatibility guide for your specific product release:
Using this guide
This guide describes how SecureAuth products interoperate to help you:
New customers: Understand how the product releases you're installing interact and find the latest supported devices.
Existing customers: Ensure the product release you're upgrading to supports all components of your current installation.
Potential customers: Learn about SecureAuth product offerings and supported releases.
Note
SecureAuth constantly adds support for new browsers and devices. Check this document regularly for updates.
Need help? Contact SecureAuth Support at support.secureauth.com for assistance.
Products and Components
Note
This section applies to hybrid deployments only. For cloud (managed SaaS) deployments, SecureAuth manages all infrastructure.
Windows server compatibility for hybrid deployments
Windows Server | New Installs | Upgrades | SecureAuth IdP release support | Status |
|---|---|---|---|---|
Windows 2025 | Coming soon | Coming soon | 26.0.0 | Coming soon |
Windows 2022 | yes | yes | 22.02 and later | Available |
Windows 2019 | yes | yes | 21.04 - 24.04 | End of support in SecureAuth IdP 26.0.0 |
Windows 2016 | no | Limited | 21.04 - 23.07 | No longer supported |
Windows 2012 R2 | no | no | Legacy only | End of life |
Planning guidance:
New deployments: Use Windows Server 2022 or later
Existing Windows 2019: Plan migration to Windows 2022 before SecureAuth IdP 26.0.0 upgrade
Existing Windows 2016 or 2012 R2: Contact Support for upgrade assistance
Need help? Contact SecureAuth Support at support.secureauth.com for assistance.
Minimum SecureAuth Connector version required for each SecureAuth IdP release.
See SecureAuth Connector update for update information.
SecureAuth IdP release | Minimum Connector version |
|---|---|
24.04 to 26.0.0 | 2.1.0 or later |
23.07 | 2.0.2 or later |
21.04 to 22.12 | 1.2.8 or later |
Infrastructure requirements
All SecureAuth Connector installations require these firewall rules:
Protocol: TCP
Port: 5671
Hostname:
rabbitmq.secureauth.com
SecureAuth IdP supports the latest versions of these browsers:
Google Chrome
Mozilla Firefox
Microsoft Edge
Apple Safari
Browser version policy: SecureAuth supports the current and previous major release of each browser.
Certificate delivery limitations:
Google Chrome v39+ on macOS does not support Java certificate delivery
Microsoft Edge does not support certificate delivery
Administrator and end-user access: All supported browsers work for both admin console access and end-user authentication.
Internet Explorer: Not supported. Users will be prompted to use a modern browser.
SecureAuth IdP supports hardware authentication devices through multiple protocols depending on device capabilities and your MFA configuration.
FIDO2 / WebAuthn (Passwordless authentication)
Supported devices: Any FIDO2-certified device, including:
YubiKey 5 series (all models: 5, 5 Nano, 5C, 5 NFC, 5Ci)
Google Titan Security Keys
Windows Hello (PIN, fingerprint, facial recognition)
Touch ID and Face ID (Apple devices)
Android biometrics
Platform support: Windows desktop/laptop, Mac desktop/laptop, Android mobile, iOS mobile
Browser support: Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari
Configuration: Administrators can configure device allowlists or denylists in FIDO2 WebAuthn global MFA settings
FIDO U2F (Legacy standard)
Supported devices:
YubiKey 4 series (all models)
YubiKey Neo series (all models)
Google Titan Security Keys (also support FIDO2)
Platform support: Windows desktop/laptop, Mac desktop/laptop
Browser support: Google Chrome, Mozilla Firefox, Microsoft Edge
Note: FIDO U2F is the predecessor to FIDO2. While these devices work with SecureAuth, we recommend FIDO2-capable devices for enhanced security and user experience.
Hardware OTP Tokens
Supported devices:
All YubiKey models (Standard, Edge, Nano, Neo, 4 series, 5 series)
Other OATH-compliant hardware tokens
Authentication methods:
Yubico OTP
OATH-HOTP (event-based)
OATH-TOTP (time-based)
Note: YubiKeys support multiple authentication protocols. Newer models (5 series) support FIDO2, FIDO U2F, and OTP protocols.
SecureAuth IdP requires specific .NET and .NET Framework versions.
Current requirements
SecureAuth IdP 26.0.0: .NET 8 and .NET Framework 4.8 or later
SecureAuth IdP 24.04: .NET 8 and .NET Framework 4.8 or later
SecureAuth IdP 23.07: .NET 6 and .NET Framework 4.7.2 or later
SecureAuth IdP 22.12: .NET Core 3.1 and .NET Framework 4.7.2 or later
SecureAuth IdP 22.02: .NET Core 3.1 and .NET Framework 4.7.2 or later
SecureAuth IdP 21.04: .NET Core 2.1 and .NET Framework 4.7.2 or later
Upgrade process
.NET updates are included in the SecureAuth IdP upgrade process. SecureAuth Support guides you through any required .NET upgrades.
Version compatibility: Each SecureAuth IdP release requires a specific .NET runtime. You cannot mix versions (for example, SecureAuth IdP 24.04 requires .NET 8).
Air-gapped environments: For SecureAuth IdP 20.06 installations not using the New Experience, .NET Core can be safely uninstalled.
Java Runtime Environment (JRE) is required only for SecureAuth RADIUS Server.
Required version: JRE 11 or later
Distribution: AdoptOpenJDK 11
Required for: SecureAuth RADIUS Server (version 20.03 or later)
List of data stores supported by SecureAuth IdP for hybrid and cloud deployments.
Hybrid deployments
All SecureAuth IdP releases (21.04+) support:
Active Directory (AD)
AD-LDS
ASPNETDB
LDAP (generic)
Lotus Domino
NetIQ eDirectory
ODBC
Oracle Database
SecureAuth IdP Web Service (multi-data store)
SQL Server
Sun ONE (ODSEE)
Microsoft Entra ID (formerly Azure AD):
Supported from SecureAuth IdP 21.04 and later
Note: Azure AD configuration in Advanced Settings is no longer supported
SQL Server 2022: Certified from SecureAuth IdP 23.07 and later
Cloud deployments
Supported data stores (require SecureAuth Connector for on-premises directories):
Active Directory (AD) - all SecureAuth IdP releases
Microsoft Entra ID - SecureAuth IdP 21.04 and later
LDAP - SecureAuth IdP 21.04 and later
NetIQ eDirectory - SecureAuth IdP 21.04 and later
Oracle Database - SecureAuth IdP 21.04 and later
SQL Server - all SecureAuth IdP releases (SQL Server 2022 from SecureAuth IdP 23.07+)
AD-LDS - SecureAuth IdP 23.07 and later
ASPNETDB - SecureAuth IdP 23.07 and later
Not supported in cloud deployments:
Lotus Domino
ODBC
SecureAuth IdP Web Service (multi-data store)
Sun ONE (ODSEE)
SecureAuth Connector required: Cloud deployments connecting to on-premises data stores require SecureAuth Connector. See SecureAuth Connector installation
Configuration support
New Experience: Not all data stores are fully supported in the New Experience UI. Use Advanced Settings for complete data store configuration options.
SecureAuth IdP supports the following identity types for authentication.
Supported across all product releases (21.04+)
SecureAuth Web SSO Token
SAML (limited support for SAML 1.1)
OpenID
Integrated Windows Authentication - NTLM/Kerberos
X.509 Certificate
Common Access Card (CAC)
Personal Identity Verification (PIV) Card
Smart card
Cisco ISE / pxGrid
Release-specific support
Supported from SecureAuth IdP 22.02 and later
Active Directory: Supported from SecureAuth IdP 22.02 and later
Microsoft Entra ID: Supported from IdP 22.12 and later (cloud deployments only, requires Microsoft Entra Domain Services)
SecureAuth IdP supports the following post-authentication actions and SSO protocols.
Supported protocols
SAML (SAML 2.0 fully supported; limited support for SAML 1.1)
OpenID
OpenID Connect (limited profile support)
OpenID Connect (full profile support)
WS-Federation
WS-Trust
OAuth
Web Token (FBA)
X.509 Certificate (Java and Native delivery via SecureAuth CA)
Forms-based authentication
Mobile SSO
Notes
SAML versions: SAML 2.0 is fully supported. SAML 1.1 has limited support.
Mobile SSO: The mobile app uses a browser for authentication, so multiple mobile apps can read the authentication cookie to enable SSO across apps.
X.509 Certificate: Supports both Java and Native delivery methods via SecureAuth Certificate Authority.
Authentication apps and clients
SecureAuth authentication apps and clients extend SecureAuth IdP multi-factor authentication to:
Login for Endpoints: Windows, Mac, and Linux device login
SecureAuth Authenticate app: iOS and Android mobile devices
RADIUS Server: VPN and remote resource access
The SecureAuth Authenticate app provides multi-factor authentication via push notifications, one-time passcodes, and biometric verification on mobile devices.
Minimum requirements
Android devices:
Android 10.x or later
Android Wear OS 3.x or later (for paired watches)
Apple devices:
iOS 16.x or later
watchOS 7+ (for paired Apple Watch)
Supported devices
Mobile phones and tablets:
Android smartphones and tablets (meets minimum OS requirement)
Apple iPhone and iPad (meets minimum OS requirement)
Google Chromebook (Chrome OS latest version)
Paired smartwatches:
Android Wear OS watches (Wear OS 3.x+)
Apple Watch Series 4 and later (watchOS 7+)
Download
Android: Google Play Store
iOS: Apple App Store
Keep your app updated: We recommend enabling automatic app updates for the latest security features and compatibility. If you're experiencing issues, ensure you're running the latest version of SecureAuth Authenticate.
Need help?
See the SecureAuth Authenticate app user guide for enrollment and usage instructions
Login for Endpoints provides multi-factor authentication for Windows, Mac, and Linux device login with integration to SecureAuth IdP.
Login for Windows
Current version: 24.11.x
Minimum SecureAuth IdP release: 19.07 or later
Supported Windows operating systems:
Windows Server 2022
Windows Server 2019 (64-bit)
Windows Server 2016 (64-bit)
Windows Server 2012 R2 (64-bit)
Windows 11 (64-bit)
Windows 10 (64-bit)
Special features:
Biometric fingerprint: Requires SecureAuth IdP 19.07.01 or later with 2019 theme
Transactional logging: Requires SecureAuth IdP 20.06 or later using
/authenticatedendpointFIDO2 MFA on RDP: Supported on Windows Server 2022, Windows 11, and Windows 10 version 1903 or later
End of support: Windows 8.1 is no longer supported (Microsoft ended support January 2023). L4W 22.12 was the last version supporting Windows 8.1.
Login for Mac
Current version: 24.11.x
Minimum SecureAuth IdP release: 19.07 or later
Supported macOS versions:
macOS 15: Sequoia (supported and certified)
macOS 14: Sonoma
macOS 13: Ventura
macOS 12: Monterey
macOS 11: Big Sur
Special features:
Biometric fingerprint: Requires SecureAuth IdP 19.07.01 or later with 2019 theme
Transactional logging: Requires SecureAuth IdP 20.06 or later using
/authenticatedendpoint
macOS version policy: SecureAuth supports the current macOS version and the previous two major releases.
Login for Linux
Current version: 23.09.x
Minimum SecureAuth IdP release: 21.04 or later
Supported Linux distributions:
Distribution | Minimum L4L Version | Notes |
|---|---|---|
Amazon Linux 2023 | 23.09.02+ | |
Amazon Linux 2 | 23.09.02+ | |
Red Hat Enterprise Linux 9.x | 22.12+ | |
Red Hat Enterprise Linux 8.1 or later | 21.04+ | |
Red Hat Enterprise Linux 7.9 | 23.09+ | |
CentOS 7 | 23.09+ | |
Debian 11.x | 22.12+ | |
Debian 10 or later | 21.04+ | |
Ubuntu 22.04.x | 22.12+ | |
Ubuntu 20.04 or later | 21.04+ | Also supports newer LTS versions |
SecureAuth RADIUS Server extends multi-factor authentication to VPN, network access, and remote resources that support RADIUS authentication.
Supported servers
Windows Server 2022
Windows Server 2019
Windows Server 2016
Supported protocols
PAP (Password Authentication Protocol)
PEAP (NetMotion only)
MS-CHAPv2 (Cisco and Citrix NetScaler)
Adaptive authentication
RADIUS Server supports IP address checking for adaptive authentication using these attributes:
Cisco Systems: Calling-Station-Id
Citrix NetScaler: Calling-Station-Id
Juniper Networks: Tunnel-Client-Endpoint
Palo Alto Networks: Palo-Alto-Client-Source