If you are, let me know what you think of the product in here! I'm very interested in what your opinions are.
I am. It is so close to a great product, but not quite as polished as I had hoped.
I've had a lot of issues getting AD to sync reliably. We have multiple domains using our VSA and with 9.4 you can only sync to a single AAoD Organization, which means all AD domains sync to a single tenant in AAoD. This is fixed in 9.5, but I've got a feeling (or just really hoping) this is causing some of our AD issues.
A feature that was promised that just doesn't work is the newer Windows Agent that works with advanced policies. The older agent works fine, where it requires the OTP every time you log in, but I can't use Push Notification and the advanced policies. I was told this was a known issue and there was a fix that should be released in Jan., but I've had the ticket open for about 4 to 6 weeks.
Another annoyance I have is CW's AuthAnvil implementation hasn't been updated to AAoD. It still works with OTP, but not Push Notifications. I don't think this has anything to do with Kaseya, but it is worth mentioning.
I was really excited about Just-In-Time 2FA when we were evaluating the product, but haven't really found a use for it yet; anywhere we use shared accounts don't support AuthAnvil. I still think it is a cool feature and it does work. I can see a time when all of our client domains are in AuthAnvil and we are using it to allow our engineers into client networks, but we are a ways away from that big of a deployment.
Generally, I'm pretty happy with the product. It does the basic stuff a 2FA provider needs to do. SSO is a great feature that works with VSA and OWA (that is all I've used so far). My overall impression is that the really flashy features need a bit more polish on them to smooth out some edges.
We are still using the legacy on-prem version of AuthAnvil, so I can't comment on any of the new feature of AAoD. At the time we started using it (and still to this day), it was the *only* product that was supported for 2FA for both Kaseya VSA and Connectwise (now Connectwise Manage), which were the two systems we were primarily interested in protecting. We've honestly not had time to setup the SSO, we mainly just use it for 2FA for VSA Kaseya and key windows servers. Overall it's worked well for us and we've had a minimum of issues with it.
I will say though that I'm rather disappointed in their lack of options for those of us using the classic "onprem" to migrate to the OnDemand platform. That's why we're still sticking with the onprem version. To move to OnDemand I basically have to abandon my entire investment in the previous product and start over the same as any brand new OnDemand customer.
We have been using the older AuthAnvil on premise for about 2 years now. It's a shame that at the time we started using this Kaseya had already abondoned any development for the on premise version and that wasn't really clear to us. At that time we needed the features from on premise, so we didn't really have a choice.
It's a solid product and we use the SSO in a limited form for about a dozen webportals, although it can be a big challenge to add webportals you want. And a there's big difference in getting it to work in IE and Chrome. The Password Manager keeps our customers passwords safe and is almost a great product with some rough edges. In practice it's a good tool for us.
We'll be moving to AAoD for our 2FA and stick with Password Manager on premise. A first online meeting will take place next week to see what we need to do. This will save us a lot of typing numbers and replace that with a modern push mechanism our techs will certainly enjoy.
If I'd rate the product, it would be 3.5 stars out of 5 - good, solid value and useful, but not exceptional.
Our Authanvil experience is a carbon-copy of Jonathan Haase.....So, I can simply say.....
If you are considering a move from on-prem 2FA you should be aware that AAoD "integration" with the Scorpion Software on-prem password server is limited to SAML SSO to handle the login process.
If you are using SSO that relies on password injection workflows from your on-prem password server, you will lose this functionality moving your 2FA and SSO to the on-demand platform.
I doubt anyone will tell you this unless you ask.
Also, OudjesEric , it is worth noting that the bug I was referring to prevents push notification from working on the Windows agent, VSA doesn't directly support push notifications (unless you use SSO), and CW doesn't support push notifications.
The Windows agent *should* be fixed in Jan. according to support, but who really knows.
I believe 9.5 supports multi-tenant AAoD and push notifications.
I would wait for those two things before I moved if you are content with the on-prem.
SBiasotto - Ditto - We are an on-prem company and were looking into the transition last year post Kaseya Connect. After multiple discussions with Kaseya, ScorpionSoft, and even Dana Epp, we found that we would NOT be able to transition due to our Grouped User configs. They said that they were working on fixing that in Q4 of last year....we are still waiting.