Strengthen security without introducing friction
Multi-factor Authentication (MFA), also referred to as Two-factor Authentication (2FA) has become the standard for preventing unauthorized access, but the wrong authentication method can create friction for users. PortalGuard offers flexible authentication options, including world-class biometrics, to support all your access policies for remote and on-premises users.
Multi-factor Authentication Demos
Enjoy this brief demo of PortalGuard’s Multi-factor Authentication using biometrics then visit our Sandbox to try it out for yourself.
New! MobileAuth with PalmPositive
Secure All Access Scenarios
Protect access to any application or device for all your users regardless of the authentication methods available to them.
Low Support Costs
Authentication options, such as biometrics, offer flexible, affordable, low maintenance options to fit within your budget.
Users enjoy adaptive authentication and password-less options that only enforce extra authentication steps when the risk is high.
BIO-key MobileAuth: A Different Way to Authenticate
BIO-key MobileAuthTM with PalmPositiveTM provides fast, touchless, secure access to your accounts from any device. MobileAuth can be used for multi-factor authentication or passwordless workflows that make it easy to sign in even without your password.
MFA for All Access
Use PortalGuard to secure your entire organization:
- Web/Cloud Applications
- RADIUS Clients
- Windows Desktops & Servers
- Virtual Desktop Infrastructure
- SDK/API for Custom Applications
PortalGuard can also enforce multi-factor authentication when the user is performing self-service password reset, recovery, or account unlock.
There are several multi-factor authentication approaches with various MFA methods for organizations to implement as organizations should not enable a “one-size fits all” approach.
- Access and authentication policies, based on the context of each login, are used to adapt the authentication method to match the level of risk
- PortalGuard uses request parameters in order to determine the veracity of the user’s identity
- Require multi-factor authentication for specific applications using a direct “cause-effect” methodology as additional access is requested
- Avoids overwhelming administrators with too much complexity or too many configuration choices
- Offering the best of both worlds – a secure authentication method that provides a friction-free user experience
- PortalGuard supports a range of passwordless authentication options
- Users can gain access with one-click or one-touch authentication
Supported Authentication Factors
BIO-key MobileAuth with PalmPositive
With an automatic push notification when you are signing into a BIO-key PortalGaurd-protected app from your phone, MobileAuth then uses PalmPositive to scan and match your unique palm details to ensure that only you can access your online identity, not another enrolled user on your phone, not a hacker, nor someone who SIM-swapped your phone number. Only you. PalmPositive uses a simple palm scan as a form of Identity-Bound Biometrics, which is not only touchless and easy to use but confirms you are who you say you are with the highest levels of integrity, availability, security, and accuracy.
With 10% of employees and 50% of customers not being able to use phone-based authentication factors, biometrics is a requirement of any IAM strategy. WEB-key is an enterprise-grade biometric-based authentication solution from BIO-key, integrated with PortalGuard for Self-Service and Multi-Factor authentication actions.
FIDO 2.0/Webauthn Factors
FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed.
FIDO U2F Security Key
FIDO U2F is a standard protocol jointly developed by Yubico and Google as an alternative form of ‘token’-based Two-Factor Authentication. The use of FIDO U2F requires a supported Security Key (such as the Yubico or Google Titan Security Keys) as well as a supported browser. FIDO U2F Security Keys do not require any additional software, drivers, or client-side installation for use, and act as a strong and secure second factor for authentication.
A push token is an ‘out-of-band’ 2nd factor tied to a mobile device. This 2nd factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real-time. No codes need to be remembered – just tap yes or no on the screen.
PortalGuard supports the use of multiple Mobile Authenticator Applications. These applications generate a Time-Based One-Time Passcode (TOTP), which can subsequently be utilized during various Self-Service and Multi-Factor Authentication (MFA) Actions throughout PortalGuard.
Hardware Security Keys
PortalGuard supports multiple hardware tokens including those from providers such as Yubikey and RSA. These are a separate hardware device that generates an OTP and then either displays it or securely transmit it without any additional steps required by the user.
The SMS Delivery Method (often referred to simply as ‘Phone’) involves sending an SMS Text Message to an enrolled Mobile Phone number. This SMS Text Message contains a One-Time Passcode (OTP) to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘Email’ OTP type as well.
The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.
Challenge Question & Answer
Challenge Answers are the standard, go-to approach to user verification. Users provide answers to previously enrolled questions. This enrollment is completed by either an admin or the user during the first time logging into the system.
Users can register themselves for both self-service password reset and MFA in one step.
Policy & Settings
Highly configurable policy management that allows authentication to be applied to specific users and/or groups.
Reporting & Auditing
Detailed audit reports of all login activity available to meet security and compliance requirements.
Enhance the PortalGuard solution with integrations from our partners:
Find out what PortalGuard can do for your business.