NetIQ Advanced Authentication lineage
Two decades of regulated-MFA deployment. Established case law in financial services, government, defense, and healthcare.
OpenText • Identity and access management
OpenText Advanced Authentication
OpenText Advanced Authentication carries the NetIQ Advanced Authentication lineage with FIDO2, passwordless, smart-card, biometric, and risk-based MFA across workforce, customer, and privileged users, integrated with the rest of the OpenText IAM line.
A Merito Advanced Authentication engagement scopes authentication methods per user population, designs the enrollment workflow against NetIQ Identity Manager-driven HR provisioning, and configures risk-based step-up policy so MFA fits without burning workforce experience.
- Best for
- Identity security architects designing risk-based MFA, IAM leaders modernizing legacy NetIQ Advanced Authentication, Workforce and customer identity architects rolling out passwordless
- Hosting
- Hybrid
- Time to value
- First MFA enrollment flow live in two to four weeks. Risk-based authentication and OpenText IAM line integration in four to eight weeks. Enterprise rollout typically runs three to nine months.
- Security posture
- GDPR, HIPAA-aligned design, PCI DSS-aligned design
- Last reviewed
- 2026-04-26
What it is
OpenText Advanced Authentication in the enterprise stack
OpenText Advanced Authentication carries the NetIQ Advanced Authentication lineage. It is the MFA and adaptive-authentication product inside the OpenText IAM line, supporting FIDO2 webauthn, passwordless, smart card, biometric, push notification, OTP, hardware token, and a long tail of authentication methods. Programs running heterogeneous user populations (workforce on FIDO2, contractors on OTP, customer-facing biometric, privileged users on smart card) get one MFA platform that handles all of them.
Risk-based authentication is the load-bearing capability for adaptive workflows. Static MFA (every login requires the same factor) is too friction-heavy for low-risk operations and too weak for high-risk ones. Risk-based authentication evaluates context (user, device, location, time, behavioral pattern) and selects the appropriate authentication factor. Low-risk requests pass with single-factor; high-risk requests step up to additional factors. Programs running adaptive authentication get the security posture without burning user experience.
FIDO2 and passwordless support is where the modernization fits in. Passwords are the most-attacked authentication factor; passwordless authentication (WebAuthn, FIDO2 hardware keys, platform authenticators) eliminates the most common attack vector. Advanced Authentication supports the modern passwordless landscape and the legacy long-tail (smart cards, OTP, hardware tokens) so programs can modernize gradually rather than rip-and-replace.
What kills Advanced Authentication adoption is poor enrollment hygiene. MFA is only as good as the enrollment process: users who never enrolled fall back to legacy authentication, users with stale enrollment data lose access, and contractor populations without enrollment workflows generate help-desk burden. Merito's engagement scopes enrollment workflow alongside the MFA deployment, integrates with NetIQ Identity Manager for HR-driven enrollment, and designs the operating model that keeps enrollment data current.
Ideal use cases
- Risk-based adaptive MFA for workforce, customer, and privileged users
- FIDO2 and passwordless authentication rollout
- Smart card and hardware token authentication for regulated workforce
- Step-up authentication paired with Access Manager SSO
- NetIQ Advanced Authentication modernization
What it is best at
Where OpenText Advanced Authentication earns its seat
Authentication method breadth
FIDO2, passwordless, smart card, biometric, push, OTP, hardware token, and long-tail methods. Programs running heterogeneous populations get one platform.
Risk-based adaptive authentication
Context-aware authentication that evaluates user, device, location, time, and behavioral pattern. Adaptive friction.
Native pairing with Access Manager
Step-up authentication integrated with Access Manager SSO flows.
Identity Manager-driven enrollment
HR-driven MFA enrollment integrated with NetIQ Identity Manager provisioning.
Core capabilities
OpenText Advanced Authentication capabilities, grouped by outcome
Authentication methods
What Advanced Authentication actually delivers across workforce and customer.
FIDO2 and passwordless
FIDO2 webauthn, passwordless authentication, platform authenticators, security keys.
Smart card and hardware token
PIV, CAC, smart card, and hardware token for regulated and federal workforce.
Biometric
Fingerprint, face, voice biometric for workforce and customer authentication.
Push, OTP, SMS
Push notification, time-based OTP, SMS for legacy and contractor populations.
Risk-based authentication
Adaptive friction that fits the request.
Context evaluation
User, device, location, time, behavioral pattern context evaluated per request.
Step-up authentication
Risk-based step-up to additional factors on sensitive operations.
Behavioral risk scoring
Anomalous behavior triggers additional authentication challenges.
Integration with Core Behavioral Signals
UEBA risk scoring informs authentication decisions.
Operations and integration
Advanced Authentication inside the OpenText IAM line.
Access Manager integration
Step-up authentication integrated with Access Manager SSO.
Identity Manager-driven enrollment
HR-driven MFA enrollment integrated with provisioning.
Privileged Access Manager pairing
MFA for privileged session checkout.
Compliance reporting
Audit-ready evidence for SOX, HIPAA, PCI DSS, and FedRAMP MFA mandates.
Where it fits in the stack
How OpenText Advanced Authentication connects to the rest of your landscape
OpenText IAM line (native)
Native- OpenText Access ManagerStep-up authentication integrated with SSO flows.
- OpenText Identity ManagerHR-driven MFA enrollment integrated with provisioning.
- OpenText Privileged Access ManagerMFA for privileged session checkout.
- OpenText Core Behavioral SignalsUEBA risk scoring informs authentication decisions.
- OpenText Core Identity FoundationMFA inside the SaaS IAM bundle.
Authentication ecosystems (certified)
Certified- FIDO2 / WebAuthnFIDO2 webauthn protocol support across browsers and platforms.
- PIV, CAC, smart cardSmart-card authentication for regulated and federal workforce.
- Hardware tokens (YubiKey, RSA SecurID)Hardware-token authentication.
- Push notification platformsPush authentication for workforce and customer.
Custom integrations
Custom- Internal applications and proprietary auth flowsCustom integration for non-standard authentication workflows.
- Customer-facing identityCustomer-facing MFA enrollment and step-up workflows.
- Federal MFA reportingFederal-aligned MFA compliance evidence.
Deployment and implementation
How it rolls out
- Hosting
- Hybrid (North America, EMEA, APJ)
- Implementation complexity
- High
- Typical time to value
- First MFA enrollment flow live in two to four weeks. Risk-based authentication and OpenText IAM line integration in four to eight weeks. Enterprise rollout typically runs three to nine months.
- Prerequisites
- User-population inventory and authentication-method scope
- Existing identity store landscape
- Named identity security and IAM owner
- Risk-based authentication policy framework
- Enrollment-workflow operating model
- What Merito usually handles
- OpenText Advanced Authentication runs on-prem, hybrid, or BYOC. Merito handles authentication-method scoping, enrollment-workflow design, risk-based policy, and OpenText IAM line integration.
Licensing and packaging
How it is bought
- Model
- Subscription
- What to expect
- OpenText Advanced Authentication is licensed by user count, authentication-method scope, and deployment shape (on-prem, hybrid, BYOC). Pricing depends on coverage breadth and user population. License acquisition flows through Merito; the MFA program is scoped under a separate engagement.
- Editions and modules
Advanced Authentication
Standard edition with FIDO2, smart card, biometric, OTP, and risk-based authentication.
Best for: Workforce MFA across regulated programs.
Advanced Authentication for customer identity
Customer-facing MFA with passwordless and biometric depth.
Best for: Customer-facing identity programs requiring adaptive authentication.
- Common expansion areas
- Add Access Manager for SSO integration with step-up authentication
- Add Identity Manager for HR-driven MFA enrollment
- Add Privileged Access Manager for elevated-session MFA
- Add Core Behavioral Signals for UEBA-driven risk scoring
Merito services
How Merito helps you win with OpenText Advanced Authentication
Merito sells licenses and the delivery work around them. Pick the service that matches where you are in the lifecycle.
01
Advanced Authentication Implementation
Authentication-method scoping, enrollment-workflow design, risk-based policy, OpenText IAM line integration.
Explore service02Upgrade and Migration
NetIQ Advanced Authentication version upgrades and FIDO2 modernization.
Explore service03MAPS Assessment
MFA program scoping for OpenText Advanced Authentication alongside Okta MFA, Duo, and Microsoft Entra MFA.
Explore service04DevOps Consulting
MFA integration into application authentication flows.
Explore service05Premium Support
Named engineer, priority SLAs, and release-time coverage for Advanced Authentication.
Explore service06Managed Services
Long-term run support including enrollment-workflow operation, risk-policy maintenance, and authentication-method evolution.
Explore service07Training and Enablement
Role-based training for identity architects, IAM operators, and help-desk teams.
Explore service08Staff Augmentation
Merito-placed identity engineers and OpenText specialists embedded on long-running programs.
Explore serviceOpenText Advanced Authentication licensing
License the MFA. Design enrollment hygiene first. Same engagement.
Advanced Authentication pricing arrives with method scoping, enrollment-workflow design, risk-based policy, and OpenText IAM line integration that turn MFA into adaptive security rather than friction with an unmanaged legacy-auth tail.
Merito point of view
MFA is only as good as the enrollment hygiene. Design the workflow before the rollout.
Merito has audited MFA programs that rolled out FIDO2 enthusiastically and ended up with a workforce population split between enrolled users on modern authentication and an unmanaged tail of legacy authentication for contractors, service accounts, and users who never enrolled. The fix is enrollment workflow integrated with HR-driven provisioning. Programs that adopt MFA without enrollment hygiene end up with the gaps MFA is supposed to close.
Merito recommends OpenText Advanced Authentication specifically for programs already running NetIQ, modernizing legacy NetIQ Advanced Authentication, or running heterogeneous user populations that require authentication-method breadth. For greenfield cloud-native programs, Okta MFA and Microsoft Entra MFA are competitive. For programs running mature Duo deployments, the migration tradeoff goes the other way. Merito surfaces those alternatives honestly during scoping.
Risk-based authentication is the load-bearing modernization. Static MFA is too friction-heavy for low-risk operations and too weak for high-risk ones. Adaptive authentication that evaluates context and selects the appropriate factor gives the security posture without burning user experience. Programs running static MFA without adaptive policy generate either low security or high friction.
What buyers usually underestimate
- Rolling out MFA without designing enrollment workflow, leaving an unmanaged tail of legacy authentication.
- Adopting Advanced Authentication without integration with Identity Manager for HR-driven enrollment.
- Running static MFA without adaptive policy, generating either low security or high friction.
- Skipping FIDO2 and passwordless modernization, leaving the most-attacked authentication factor (password) intact.
- Picking specialist MFA without OpenText IAM line integration when the rest of the line is in scope.
Related from Merito
Continue exploring OpenText Advanced Authentication on Merito
Related solutions
Related services
Related products
- OpenText Access ManagerStep-up authentication paired with SSO flows.
- OpenText Identity ManagerHR-driven MFA enrollment.
- OpenText Privileged Access ManagerMFA for privileged session checkout.
- OpenText Core Behavioral SignalsUEBA risk scoring informs authentication decisions.
- OpenText Core Identity FoundationMFA inside the SaaS IAM bundle.
- OpenText Cybersecurity (vendor portfolio)Full OpenText Cybersecurity catalog across AppSec, IAM, SecOps, Data Security, and DFIR.
Frequently Asked Questions
OpenText Advanced Authentication FAQs
Consultation request
Talk to Merito about OpenText Advanced Authentication
Share your user populations, authentication-method posture, and OpenText IAM footprint. A Merito OpenText specialist follows up within one business day.
Method breadth
FIDO2 to smart card to OTP
Heterogeneous authentication methods across workforce, customer, and privileged users.
Risk-based
Adaptive friction
Context-aware authentication. Low-risk passes single-factor; high-risk steps up.
Next step
Design enrollment before rolling out FIDO2.
A Merito Advanced Authentication engagement starts with enrollment-workflow design and risk-based policy. Programs that roll out MFA without enrollment hygiene leave an unmanaged tail of legacy authentication.