15.1.2. Outband authentication

Outband authentication is performed independently of the service and the protocol in a separate communication channel. Consequently, any protocol can be authenticated, and the authentication method does not depend on the protocol. That way every protocol can be authenticated with a single authentication method. The only disadvantage of outband authentication is that a special client application (for example, the Authentication Agent) has to be installed and configured on all client machines.

The process of outband authentication using the Authentication Agent is illustrated on the figure below.