PortalGuard Desktop

Secure logins from both the desktop and servers with flexible MFA options.

PortalGuard Desktop can be used to secure logins from both the desktop and servers with flexible options for multi-factor authentication, Identity-Bound Biometrics, and self-service password reset. 

PortalGuard Desktop

Watch: PortalGuard Desktop Demo Video

Enjoy this brief demo of PortalGuard Desktop then Request a Free Trial to try it out for yourself. 

Core Capabilities

Desktop Self-service and Enrollment capabilities to reduce downtime and helpdesk calls.

Desktop Multi-factor Authentication at the operating system level to bolster security for sensitive data.

Windows and Mac functionality to service your entire user population – not just certain segments.

Want to learn more about PortalGuard Desktop capabilities?
Interested in seeing how it can help your business?

Business Use Cases

Shared or Local Workstations 
Across many industries – including banking and finance, retail, manufacturing, hospitality, healthcare, and contact centers – employing roving users on shared workstations or desktops is a business mandate. PortalGuard Desktop provides true MFA when unlocking the device, offering the security and flexibility to keep your organization protected and productive. 

IT Access to Servers & Infrastructure 
Protecting access to the back-end servers that power your organization’s operations has long been a requirement for IT teams. PortalGuard Desktop can be easily installed on your Windows servers to enforce this MFA requirement for both console-based access through hypervisors and remote access through RDP or third-party Privileged Access Management solutions. 

Remote Users 
Now more than ever, there are more potential points of attack for cyber attackers to take advantage of – many of which have fewer cybersecurity protections than traditional office buildings. That means it’s imperative for businesses to have the proper protocols in place when employees require remote access. PortalGuard Desktop allows organizations to enforce flexible, secure MFA for both users and admins with remote access. 

Cyber Insurance 
Today, companies are facing a more rigorous cyber insurance underwriting process, with a high level of scrutiny on security controls and internal processes and procedures around cyber risk. With more segments using Macs as their primary workstations, it’s critical to ensure that your MFA requirements are fulfilled across the entire organization – not just for some users. With PortalGuard Desktop, you can bring powerful, flexible Multi-factor Authentication to all your employees, regardless of their device.

Key Benefits

Reduces helpdesk calls through self-service password reset (SSPR) capabilities.

Reduces user training through end-user familiarity, as PortalGuard Desktop SSPR has the same interface as with the browser.

Allows businesses to enforce MFA for users and admins with access to RDP (remote desktop protocol).

Supports offline use through fingerprint authentication and Time-based OTP (TOTP) authenticator apps.

Multiple MFA options provide flexible, secure login, unlock, and SSPR.

Supports all user populations with the capability to implement for both Mac and Windows users.

Interested in seeing PortalGuard Desktop in action?

Supported Authentication Methods

Check out the Multi-factor Authentication methods that PortalGuard MFA supports

Security Questions

Challenge Questions & Answers are one of the original and older methods of authentication. Users provide answers to previously enrolled questions. The enrollment is completed by either an admin or the user during the first time logging into the system.


The SMS Delivery Method (often referred to simply as ‘Phone’) involves The SMS delivery method (often referred to simply as ‘phone’) involves sending an SMS text message to an enrolled mobile phone number. This SMS text message contains a One-Time Passcode (OTP) that can only be used once to validate the user for a specific action.

Email OTP

The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.

Mobile Authenticator App

These applications generate a Time-Based One-Time Passcode (TOTP) and are installed on the user’s device. When authenticating the user will be prompted to locate and open the app on their device and then enter in the TOTP that is shown.

Push Notifications

A push token is an ‘out-of-band’ second factor tied to a mobile device. This second factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real time. No codes need to be remembered – just tap yes or no on the screen to confirm the authentication request.

FIDO2/WEBAuthn (Hardware Tokens)*

FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. Functionally, FIDO2 tokens support the same usage as FIDO U2F, though utilizing a different industry standard and browser-based API. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed without any additional actions from the user.

Learn more about FIDO-key Security Keys

WEB-key (Identity-Bound Biometrics)*

WEB-key is an enterprise-grade Identity-Bound Biometrics platform from BIO-key. IBB creates a centralized unique biometric identity that can be used to verify you anywhere. The primary method for capturing the biometric is by using a fingerprint scanner.

Learn more about WEB-key

BIO-key MobileAuth (Identity-Bound Biometrics)

As the only multi-factor authentication app to offer Identity-Bound Biometric authentication options, BIO-key MobileAuth™ safeguards access to critical data with authentication that verifies the user, and offers multiple, easy-to-use authentication methods for users to choose from all while reducing operational costs for IT departments.

Learn more about MobileAuth

Integrated Device-based Biometrics

Integrated device-based biometrics refers to biometric methods where all processing, matching, and authenticating of the biometric is completed on the device. This includes methods such as Touch ID and Face ID on iOS devices, biometric authentication on Android devices, and Windows Hello on Windows devices.

Proximity Cards*

Proximity Cards (Prox Cards) are physical cards that allow authentication based off a stored encoded number. These cards can be used by holding them up to an electronic reader, which can detect and pull that encoded number, decode it, and pass that value to the connected device for authentication. Prox cards are contactless, meaning no contact needs to be made between the person holding the card and the reader. The cards support distances from 1 to 20 inches, depending on the version of the card.

* Only available for the Windows version of PortalGuard Desktop 

PortalGuard Desktop for MacOS

Organizations of all sizes and industries have a segment of their user population that uses MacBooks as their primary workstation. The latest update to PortalGuard Desktop allows you to provide true Multi-factor Authentication for Mac logins at the desktop level.  

Why PortalGuard Desktop for MacOS?

When it comes to selecting the right cybersecurity product, we know you have a number of choices. Here’s how PortalGuard Desktop sets itself apart: 

Enforces MFA when unlocking the Mac device. Not all competitors enforce this. 

Provides the most flexibility by supporting the greatest number of authentication options. 

Offers customer branding through customizable designs and visuals on the interactive MFA dialog boxes. 

Works with both on-premises and cloud / IDaaS deployments of PortalGuard (many alternative solutions are cloud-only).

Customer Benefits

Enhance the PortalGuard solution with integrations from our partners:

Increase security and help prevent workstation takeover by enforcing MFA for logins to MacOS.

Satisfy cybersecurity insurance requirements for Apple workstations.

Quickly deploy with existing installations of PortalGuard servers. 

Find out what PortalGuard can do for your business.