Multi-Factor Authentication

Strengthen security without introducing friction

Multi-factor Authentication (MFA) has become the standard for preventing unauthorized access, but the wrong authentication method can create friction for users. PortalGuard offers flexible authentication options, including word-class biometrics, to support all your access policies for remote and on-premises users.

“One method does not fit all … mobile MFA methods (those using a mobile device) are impractical for up to 15% of employees and 50% of customers.”

Gartner, 2020 Authentication Market Guide

Benefits

Secure All Access Scenarios

Protect access to any application or device for all your users regardless of the authentication methods available to them.

Low Support Costs

Authentication options, such as biometrics, offer flexible, affordable, low maintenance options to fit within your budget.

Friction-Free Experience

Users enjoy adaptive authentication and password-less options that only enforce extra authentication steps when the risk is high.

MFA for All Access

Use PortalGuard to secure your entire organization:

PortalGuard can also enforce multi-factor authentication when the user is performing self-service password reset, recovery, or account unlock.

Authentication Approaches

Adaptive Authentication

  • Access and authentication policies, based on the context of each login, are used to adapt the authentication method to match the level of risk
  • PortalGuard uses request parameters in order to determine the veracity of the user’s identity

Step-up Authentication

  • Require multi-factor authentication for specific applications using a direct “cause-effect” methodology as additional access is requested
  • Avoids overwhelming administrators with too much complexity or too many configuration choices

Passwordless Authentication

  • Offering the best of both worlds – a secure authentication method that provides a friction-free user experience
  • PortalGuard supports a range of passwordless authentication options
  • Users can gain access with one-click or one-touch authentication

Supported Authentication Factors

Biometric Authentication

With 10% of employees and 50% of customers not being able to use phone-based authentication factors, biometrics are a requirement of any IAM strategy. WEB-key is an enterprise-grade biometric-based authentication solution from BIO-key, integrated with PortalGuard for Self-Service and Multi-Factor authentication actions.

Learn more

FIDO 2.0/Webauthn Factors

FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed.

FIDO U2F Security Key

FIDO U2F is a standard protocol jointly developed by Yubico and Google as an alternative form of ‘token’-based Two-Factor Authentication. The use of FIDO U2F requires a supported Security Key (such as the Yubico or Google Titan Security Keys) as well as a supported browser. FIDO U2F Security Keys do not require any additional software, drivers, or client-side installation for use, and act as a strong and secure second factor for authentication.

Push Token

A push token is an ‘out-of-band’ 2nd factor tied to a mobile device. This 2nd factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real-time. No codes need to be remembered – just tap yes or no on the screen.

Mobile Authenticator

PortalGuard supports the use of multiple Mobile Authenticator Applications. These applications generate a Time-Based One-Time Passcode (TOTP), which can subsequently be utilized during various Self-Service and Multi-Factor Authentication (MFA) Actions throughout PortalGuard.

Hardware Tokens

PortalGuard supports multiple hardware tokens including those from providers such as Yubikey and RSA. These are a separate hardware device that generates an OTP and then either displays it or securely transmit it without any additional steps required by the user.

SMS OTP

The SMS Delivery Method (often referred to simply as ‘Phone’) involves sending an SMS Text Message to an enrolled Mobile Phone number. This SMS Text Message contains a One-Time Passcode (OTP) to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘Email’ OTP type as well.

Email

The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.

Challenge Question & Answer

Challenge Answers are the standard, go-to approach to user verification. Users provide answers to previously enrolled questions. This enrollment is completed by either an admin or the user during the first time logging into the system.


By 2024, the use of multifactor authentication (MFA) for application access through Access Management solutions will be leveraged for over 70% of all application access, up from 10% today. 

Gartner, 2019 Magic Quadrant for Access Management

Easy Administration

Self-Service Enrollment

Users can register themselves for both self-service password reset and MFA in one step.

Policy & Settings

Highly configurable policy management that allows authentication to be applied to specific users and/or groups.

Reporting & Auditing

Detailed audit reports of all login activity available to meet security and compliance requirements.


Integrations

Enhance the PortalGuard solution with integrations from our partners:

Find out what PortalGuard can do for your business.