Multi-Factor Authentication

Consolidate your MFA strategy under one set of security policies.

G2 Awards - Best ROI
G2 Awards - Best Support
G2 Awards - Easiest To Do Business With (Enterprise)

Most organizations today understand that multi-factor authentication (MFA) is the standard for preventing unauthorized access and have implemented a variety of authentication methods to meet necessary requirements in security, usability, and flexibility. However, by deploying disparate solutions that do not exist under a single security policy, it becomes unnecessarily expensive and difficult for IT teams to manage.

MFA with PortalGuard allows you to consolidate and aggregate existing methods under a single, unified IAM platform, and add in more powerful authentication methods like Identity-Bound Biometrics, to further strengthen your cybersecurity.

Multi-factor Authentication Demos

Enjoy this brief demo of PortalGuard’s Multi-factor Authentication using Identity-Bound Biometrics then Request a Free Trial to try it out for yourself.

MFA Overview

New! MobileAuth with PalmPositive

“PortalGuard is fully featured, has robust options, and integrates well with our AD environment. MFA for selected user groups is wonderful as is the time savings for the help desk due to self-service password reset. We like the MFA options and the ability for users to customize their options and experience. Additionally, their support team has been exceptional to work with!”

David S., Senior Operations Engineer


Identity-Bound Biometrics

Used for authentication and identification, IBB centrally stores biometric data in a non-reversible way, to create a unique biometric identity that’s used to verify the actual person taking action – not just their password, token or approved device.

Hybrid Environment & Desktop Support

PortalGuard can be used to secure logins from both the browser and desktop with flexible options for multi-factor authentication, Identity-Bound Biometrics, and self-service password reset.

Consolidation & Aggregation

Users enjoy adaptive MFA with PortalGuard allows businesses to consolidate existing authentication methods under a single, unified IAM platform to avoid unnecessarily high costs and unmanageable situations for IT teams.

Choosing the Right Authentication Method

Not sure which type of MFA is right for your business? Our latest eBook explores all the methods supported by PortalGuard, analyzes the pros and cons of each, and offers critical insight to help you make the right choice.


PortalGuard MFA Use Cases

Multi-factor authentication with PortalGuard supports the following business use cases and authentication approaches:

Passwordless Authentication

With multiple web applications being accessed, IT staff often struggle to manage multiple user repositories while the help desk continues to receive more password-related tickets. BIO-key PortalGuard eliminates password prompts and gives users a single secure point of access to all their applications. In addition to lightening the load for IT staff, users do not need to struggle to remember long, complex passwords or adhere to unmanageable password policies.

Adaptive Authentication

Adaptive authentication is a form of multi factor authentication that considers the context of the end user’s access request. The authentication process identifies contextual parameters like location, device, network, application, and time of day. PortalGuard’s Adaptive Authentication provides organizations with insight into user access scenarios allowing them to make security and usability adjustments transparently to the user and dynamically adjust the authentication method to what is appropriate based on the user’s situation.

Remote Workforce + Remote Access

While the shift to a more remote workforce offers great work-life balance and flexibility, it also offers cybercriminals an opportunity to successfully carry out an attack. Now more than ever, there are more potential points of attack – many of which have fewer cybersecurity protections than traditional office buildings. With Identity-Bound Biometrics (IBB), the person’s identity is verified, and IT teams can confidently and consistently ensure that only approved and legitimate users are accessing protected information.

Customer IAM Capabilities

Whether your business has 200 or 2 million customers, the priority is the same: provide all customers with a secure, seamless and easy-to-use security solution. With BIO-key PortalGuard, strong, reliable multi-factor authentication (MFA) supports single sign-on, self-service password reset, self-registration and account management that’s ideal for securing your customers’ access.

Cyber Insurance

In 2022, the average cost of a ransomware breach is $4.26 million, and depending on the industry, this number may be higher (healthcare and finance in particular). PortalGuard is a great choice for MFA that fulfills cyber insurance requirements. It offers flexible authentication options and aggregates your current solutions under a single set of policies for your remote and on-premises users.

Supported Authentication Methods

Check out the Multi-factor Authentication methods that PortalGuard MFA supports


Security Questions

Challenge Questions & Answers are one of the original and older methods of authentication. Users provide answers to previously enrolled questions. The enrollment is completed by either an admin or the user during the first-time logging into the system.



The SMS Delivery Method (often referred to simply as ‘Phone’) involves The SMS delivery method (often referred to simply as ‘phone’) involves sending an SMS text message to an enrolled mobile phone number. This SMS text message contains a One-Time Passcode (OTP) that can only be used once to validate the user for a specific action.


Email OTP

The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.


Mobile Authenticator App

These applications generate a Time-Based One-Time Passcode (TOTP) and are installed on the user’s device. When authenticating the user will be prompted to locate and open the app on their device and then enter in the TOTP that is shown.


Push Notifications

A push token is an ‘out-of-band’ second factor tied to a mobile device. This second factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real-time. No codes need to be remembered – just tap yes or no on the screen to confirm the authentication request.


FIDO2/WEBAuthn (Hardware Tokens)

FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. Functionally, FIDO2 tokens support the same usage as FIDO U2F, though utilizing a different industry standard and browser-based API. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed without any additional actions from the user.


WEB-key (Identity-Bound Biometrics)

WEB-key is an enterprise-grade Identity-Bound Biometrics platform from BIO-key. IBB creates a centralized unique biometric identity that can be used to verify you anywhere. The primary method for capturing the biometric is by using a fingerprint scanner.

Learn more about WEB-key


BIO-key MobileAuth (Identity-Bound Biometrics)

As the only multi-factor authentication app to offer Identity-Bound Biometric authentication options, BIO-key MobileAuth™  safeguards access to critical data with authentication that verifies the user, offers multiple, easy to use authentication methods for users to choose from all while reducing operational costs for IT departments.

Learn more about MobileAuth


Integrated Device-based Biometrics

Integrated device-based biometrics refers to biometric methods where all processing, matching, and authenticating of the biometric is completed on the device. This includes methods such as Touch ID and Face ID on iOS devices, biometric authentication on Android devices, and Windows Hello on Windows devices.

Proximity Cards

Proximity Cards (Prox Cards) are physical cards that allow authentication based off a stored encoded number. These cards can be used by holding them up to an electronic reader, which can detect and pull that encoded number, decode it, and pass that value to the connected device for authentication. Prox cards are contactless, meaning no contact needs to be made between the person holding the card and the reader. The cards support distances from 1 to 20 inches, depending on the version of the card.

Easy Administration

Self-Service Enrollment

Users can register themselves for both self-service password reset and MFA in one step.

Policy & Settings

Highly configurable policy management that allows authentication to be applied to specific users and/or groups.

Reporting & Auditing

Detailed audit reports of all login activity available to meet security and compliance requirements.


Enhance the PortalGuard solution with integrations from our partners:

yubico yubikey
rsa secure ID
duo mobile
google authenticator
microsoft authenticator app

Find out what PortalGuard can do for your business.