Multi-Factor Authentication
Consolidate your MFA strategy under one set of security policies.
Most organizations today understand that multi-factor authentication (MFA) is the standard for preventing unauthorized access and have implemented a variety of authentication methods to meet necessary requirements in security, usability, and flexibility. However, by deploying disparate solutions that do not exist under a single security policy, it becomes unnecessarily expensive and difficult for IT teams to manage.
MFA with PortalGuard allows you to consolidate and aggregate existing methods under a single, unified IAM platform, and add in more powerful authentication methods like Identity-Bound Biometrics, to further strengthen your cybersecurity.
Multi-factor Authentication Demos
Enjoy this brief demo of PortalGuard’s Multi-factor Authentication using Identity-Bound Biometrics then Request a Free Trial to try it out for yourself.
MFA Overview
New! MobileAuth with PalmPositive
Benefits
Identity-Bound Biometrics
Used for authentication and identification, IBB centrally stores biometric data in a non-reversible way, to create a unique biometric identity that’s used to verify the actual person taking action – not just their password, token or approved device.
Hybrid Environment & Desktop Support
PortalGuard can be used to secure logins from both the browser and desktop with flexible options for multi-factor authentication, Identity-Bound Biometrics, and self-service password reset.
Users enjoy adaptive MFA with PortalGuard allows businesses to consolidate existing authentication methods under a single, unified IAM platform to avoid unnecessarily high costs and unmanageable situations for IT teams.
Choosing the Right Authentication Method
Not sure which type of MFA is right for your business? Our latest eBook explores all the methods supported by PortalGuard, analyzes the pros and cons of each, and offers critical insight to help you make the right choice.
DOWNLOAD MFA RANKINGS EBOOK
PortalGuard MFA Use Cases
Multi-factor authentication with PortalGuard supports the following business use cases and authentication approaches:
With multiple web applications being accessed, IT staff often struggle to manage multiple user repositories while the help desk continues to receive more password-related tickets. BIO-key PortalGuard eliminates password prompts and gives users a single secure point of access to all their applications. In addition to lightening the load for IT staff, users do not need to struggle to remember long, complex passwords or adhere to unmanageable password policies.
Adaptive authentication is a form of multi factor authentication that considers the context of the end user’s access request. The authentication process identifies contextual parameters like location, device, network, application, and time of day. PortalGuard’s Adaptive Authentication provides organizations with insight into user access scenarios allowing them to make security and usability adjustments transparently to the user and dynamically adjust the authentication method to what is appropriate based on the user’s situation.
Remote Workforce + Remote Access
While the shift to a more remote workforce offers great work-life balance and flexibility, it also offers cybercriminals an opportunity to successfully carry out an attack. Now more than ever, there are more potential points of attack – many of which have fewer cybersecurity protections than traditional office buildings. With Identity-Bound Biometrics (IBB), the person’s identity is verified, and IT teams can confidently and consistently ensure that only approved and legitimate users are accessing protected information.
Customer IAM Capabilities
Whether your business has 200 or 2 million customers, the priority is the same: provide all customers with a secure, seamless and easy-to-use security solution. With BIO-key PortalGuard, strong, reliable multi-factor authentication (MFA) supports single sign-on, self-service password reset, self-registration and account management that’s ideal for securing your customers’ access.
In 2022, the average cost of a ransomware breach is $4.26 million, and depending on the industry, this number may be higher (healthcare and finance in particular). PortalGuard is a great choice for MFA that fulfills cyber insurance requirements. It offers flexible authentication options and aggregates your current solutions under a single set of policies for your remote and on-premises users.
Supported Authentication Methods
Check out the Multi-factor Authentication methods that PortalGuard MFA supports
Security Questions
Challenge Questions & Answers are one of the original and older methods of authentication. Users provide answers to previously enrolled questions. The enrollment is completed by either an admin or the user during the first-time logging into the system.
SMS OTP
The SMS Delivery Method (often referred to simply as ‘Phone’) involves The SMS delivery method (often referred to simply as ‘phone’) involves sending an SMS text message to an enrolled mobile phone number. This SMS text message contains a One-Time Passcode (OTP) that can only be used once to validate the user for a specific action.
Email OTP
The Email Delivery method involves sending an email to an enrolled email address. This email contains an OTP to validate the user to the PortalGuard System for a specific action. Administrators have full control over the length, character set, and validity of OTPs utilized by this option. These settings are shared by the ‘SMS’ OTP type as well.
Mobile Authenticator App
These applications generate a Time-Based One-Time Passcode (TOTP) and are installed on the user’s device. When authenticating the user will be prompted to locate and open the app on their device and then enter in the TOTP that is shown.
Push Notifications
A push token is an ‘out-of-band’ second factor tied to a mobile device. This second factor allows end-users to confirm or deny an authentication request by interacting with their mobile device in real-time. No codes need to be remembered – just tap yes or no on the screen to confirm the authentication request.
FIDO2/WEBAuthn (Hardware Tokens)
FIDO2 (AKA WebAuthn) differs from FIDO U2F in that it is designed for a “password-less” approach to secure authentication. Functionally, FIDO2 tokens support the same usage as FIDO U2F, though utilizing a different industry standard and browser-based API. FIDO2 Tokens support one of two usage types: Click to Authenticate or On-Device Authentication. Click to Authenticate requires a tap/click of the token while On-Device Authentication detects the FIDO2 request and automatically responds, allowing the authentication action to proceed without any additional actions from the user.
WEB-key (Identity-Bound Biometrics)
WEB-key is an enterprise-grade Identity-Bound Biometrics platform from BIO-key. IBB creates a centralized unique biometric identity that can be used to verify you anywhere. The primary method for capturing the biometric is by using a fingerprint scanner.
BIO-key MobileAuth (Identity-Bound Biometrics)
As the only multi-factor authentication app to offer Identity-Bound Biometric authentication options, BIO-key MobileAuth™ safeguards access to critical data with authentication that verifies the user, offers multiple, easy to use authentication methods for users to choose from all while reducing operational costs for IT departments.
Integrated Device-based Biometrics
Integrated device-based biometrics refers to biometric methods where all processing, matching, and authenticating of the biometric is completed on the device. This includes methods such as Touch ID and Face ID on iOS devices, biometric authentication on Android devices, and Windows Hello on Windows devices.
Proximity Cards
Proximity Cards (Prox Cards) are physical cards that allow authentication based off a stored encoded number. These cards can be used by holding them up to an electronic reader, which can detect and pull that encoded number, decode it, and pass that value to the connected device for authentication. Prox cards are contactless, meaning no contact needs to be made between the person holding the card and the reader. The cards support distances from 1 to 20 inches, depending on the version of the card.
Easy Administration
Self-Service Enrollment
Users can register themselves for both self-service password reset and MFA in one step.
Policy & Settings
Highly configurable policy management that allows authentication to be applied to specific users and/or groups.
Reporting & Auditing
Detailed audit reports of all login activity available to meet security and compliance requirements.
Integrations
Enhance the PortalGuard solution with integrations from our partners:
Find out what PortalGuard can do for your business.