Here at PortalGuard your security is our main concern. We are always trying new things to keep you secure, but also make your life a little bit easier. In v6.2 we have widened the range of applications you can gain access to through Single Sign-On (SSO). Open Authentication 2.0 (OAuth 2.0) adds yet another way you can safely gain access to applications. OpenID Connect v1.0 (OIDC v1.0) adds the benefit of gaining basic information about the end-user. Google reCAPTCHA helps protect you and your users from targeted attacks from hackers.
OpenID Connect (OIDC) is an authentication layer that is built on top of OAuth 2.0 protocol. OIDC is able to verify the identity of the end user based on the authentication that is performed by an authorization server, as well as obtain basic profile information about the end-user.
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. OAuth uses token-based authentication and authorization to qualify end-user’s information without exposing their password.
These newer authentication and authorization protocols can now be used within PortalGuard to provide federated SSO (and thus Multifactor Authentication) to even more applications and development frameworks.
Google reCAPTCHA v2.0 on PortalGuard Login
PortalGuard has long supported reCAPTCHA for certain actions but has now made it an option for the main Login action to better prevent direct, brute force attacks. For most organizations using Active Directory, these attacks will typically cause account lockouts. This can amount to a Denial-Of-Service attack when dealing with bot net attacks from multiple source IP’s that repeatedly lock accounts after they are administratively unlocked. The use of Google’s reCAPTCHA version 2.0 helps ensure the request is coming from an actual person and not an automated process.
PortalGuard v6.2 recently underwent manual penetration testing with the goal of finding and eliminating any possible security threats. Veracode goes through rigorous testing on PortalGuard to determine possible threats and the best way to defend against the ever changing world of hacking. Read more about this testing here: PortalGuard Maintains its Commitment to Deliver on Strong Application Security by Becoming Veracode Verified
Why do you want to upgrade to v6.2?
Adding OAuth broadens the range of applications you can initiate SSO into. This means you and your employees or students will save even more time and make it even easier for them to login applications. OAuth2.0 is new in comparison to other Federated protocols (SAML or CAS) and can do things that other Federated protocols cannot do due to the time-frame that they were introduced.
OpenID Connect uses an id token to determine what information can be accessed. This can be used to gather specific information about a user. OpenID Connect is where many new applications are heading, so in order to enable SSO for many newer applications you will need to use OpenID Connect. In the near future new applications could potentially stop supporting SAML. Now is the time to have the functionality of a system that supports multiple standards in place before this happens.
PortalGuard’s new use of Google reCAPTCHA helps defend against brute force attacks. These brute force attacks use bots that automatically attempt usernames and passwords and usually cause mass lockouts for many users. Google’s reCAPTCHA helps stop the use of the bots as it requires user input. If the brute force attack cannot pass the reCAPTCHA they cannot lock out accounts or access user accounts. This makes lives easier for both your users and your help desk.
Are you a PortalGuard customer interested in upgrading?
Are you new to PortalGuard and want to hear more?
Contact us today to request a free demo!