Strengthen security without introducing friction
Multi-factor Authentication (MFA) has become the standard for preventing unauthorized access, but the wrong authentication method can create friction for users. PortalGuard offers flexible authentication options, including world-class biometrics, to support all your access policies for remote and on-premises users.
Secure All Access Scenarios
Protect access to any application or device for all your users regardless of the authentication methods available to them.
Low Support Costs
Authentication options, such as biometrics, offer flexible, affordable, low maintenance options to fit within your budget.
Users enjoy adaptive authentication and password-less options that only enforce extra authentication steps when the risk is high.
MFA for All Access
Use PortalGuard to secure your entire organization:
- Web/Cloud Applications
- RADIUS Clients
- Windows Desktops & Servers
- Virtual Desktop Infrastructure
- SDK/API for Custom Applications
PortalGuard can also enforce multi-factor authentication when the user is performing self-service password reset, recovery, or account unlock.
- Access and authentication policies, based on the context of each login, are used to adapt the authentication method to match the level of risk
- PortalGuard uses request parameters in order to determine the veracity of the user’s identity
- Require multi-factor authentication for specific applications using a direct “cause-effect” methodology as additional access is requested
- Avoids overwhelming administrators with too much complexity or too many configuration choices
- Offering the best of both worlds – a secure authentication method that provides a friction-free user experience
- PortalGuard supports a range of passwordless authentication options
- Users can gain access with one-click or one-touch authentication
Supported Authentication Factors
With 10% of employees and 50% of customers not being able to use phone-based authentication factors, biometrics are a requirement of any IAM strategy. WEB-key is an enterprise-grade biometric-based authentication solution from BIO-key, integrated with PortalGuard for Self-Service and Multi-Factor authentication actions.
FIDO 2.0/Webauthn Factors
FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed.
FIDO U2F Security Key
FIDO U2F is a standard protocol jointly developed by Yubico and Google as an alternative form of ‘token’-based Two-Factor Authentication. The use of FIDO U2F requires a supported Security Key (such as the Yubico or Google Titan Security Keys) as well as a supported browser. FIDO U2F Security Keys do not require any additional software, drivers, or client-side installation for use, and act as a strong and secure second factor for authentication.
A push token is an ‘out-of-band’ 2nd factor tied to a mobile device. This 2nd factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real-time. No codes need to be remembered – just tap yes or no on the screen.
PortalGuard supports the use of multiple Mobile Authenticator Applications. These applications generate a Time-Based One-Time Passcode (TOTP), which can subsequently be utilized during various Self-Service and Multi-Factor Authentication (MFA) Actions throughout PortalGuard.
PortalGuard supports multiple hardware tokens including those from providers such as Yubikey and RSA. These are a separate hardware device that generates an OTP and then either displays it or securely transmit it without any additional steps required by the user.
The SMS Delivery Method (often referred to simply as ‘Phone’) involves sending an SMS Text Message to an enrolled Mobile Phone number. This SMS Text Message contains a One-Time Passcode (OTP) to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘Email’ OTP type as well.
The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.
Challenge Question & Answer
Challenge Answers are the standard, go-to approach to user verification. Users provide answers to previously enrolled questions. This enrollment is completed by either an admin or the user during the first time logging into the system.
Users can register themselves for both self-service password reset and MFA in one step.
Policy & Settings
Highly configurable policy management that allows authentication to be applied to specific users and/or groups.
Reporting & Auditing
Detailed audit reports of all login activity available to meet security and compliance requirements.
Enhance the PortalGuard solution with integrations from our partners: