One of the things we do here at PortalGuard is to make sure our product is the best it can be in Single Sign-on, Self-Service Password Reset, and Multifactor Authentication! We have put extensive research into developing solutions to customer problems, as well as updating PortalGuard based on what customers want out of their authentication solution. Here are several highlighted features we have integrated into the PortalGuard solution over the last year.
In version 5.7, PortalGuard introduced Lanyard Login, a simplified login solution for young students in grades K-5. By eliminating traditional usernames and passwords, students instead are given by their teachers a unique QR code badge that they scan to access their accounts and start learning with their favorite applications. This creates more time for productivity and student success in the classroom. PortalGuard Lanyard Login can be easily managed by teachers, administrators, or school IT and integrates fully with Chromebook logins and G Suite. The usability of this feature is also beneficial to students with disabilities by promoting independence and helping in reducing frustration levels. A school can utilize both the Lanyard Login feature for their younger students while also providing older students, faculty, and admin with traditional SSO functionality.
With the release of version 6.0, PortalGuard launched the Authentication Proxy. For legacy or cloud-based web applications that do not support identity federation, the Authentication Proxy can be employed to enable Single Sign-On. This proxy centralizes, hosts, and vaults credentials creating a better experience for end-users. Allowing the option to alternate between multiple credentials for a single web app, the proxy is a server-side solution and does not require browser toolbars or client-side software. The proxy provides cybersecurity check notifications, fraudulent URL checking from phishing attacks, notifications of unwanted download types, and cloud app tracking and reporting. Additionally, it also offers Universal Logout which effectively logs the user out of all applications at once.
Google reCAPTCHA v2.0 on PortalGuard Login
PortalGuard has long supported reCAPTCHA for certain actions but has now made it an option for the main Login action to better prevent direct, brute force attacks. For most organizations using Active Directory, these attacks will typically cause account lockouts. This can amount to a Denial-Of-Service attack when dealing with bot net attacks from multiple source IP’s that repeatedly lock accounts after they are administratively unlocked. The use of Google’s reCAPTCHA version 2.0 helps ensure the request is coming from an actual person and not an automated process.
OAuth 2.0 and OpenID Connect
OpenID Connect v1.0 (OIDC v1.0) for federated SSO and Open Authentication 2.0 (OAuth 2.0) joined the list of supported authentication methods (SAML, WS-Federation, CAS, Shibboleth, and password-based Legacy Web Apps with the SSO Proxy) in version 6.2. The OIDC standard is controlled by the OpenID Foundation. An authentication layer that is built on top of the OAuth 2.0 protocol, OIDC verifies the identity of the end-user based on the authentication that is performed by an authorization server. OAuth, an open standard for token-based authentication and authorization on the internet, qualifies end-users account information without exposing their password.
InCommon Metadata Sync Support
PortalGuard recently added InCommon Metadata synchronization support. The InCommon Federation is a conglomerate of schools where members of these institutions can access applications that are created and hosted by other InCommon members. PortalGuard provides the functionality that allows members of InCommon to work more efficiently and no longer worry about applications becoming outdated due to back-end updates. To read how this is done, check out our recent press release here.
Multifactor Authentication Integrations
Duo Security’s Duo Push was fully integrated with PortalGuard starting in version 5.8 to make 2FA even easier and more secure with out-of-band communication for participating Duo and PortalGuard customers. After entering your username and password with PortalGuard, a notification is sent to your smartphone via the Duo App, where you can verify an authorization request with a simple tapping of “approve”.
In version 6.1, PortalGuard introduced even more MFA integrations with the following vendors:
- Smart Cards – used extensively by the military and federal government, PIV (aka CAC) cards utilize a cryptographic chip which contains a public/private key-pair. The Smart Card is protected by a pin that releases the user’s identity to PortalGuard via a HTTPS negotiation leveraging standard Public Key Infrastructure (PKI).
- The FIDO standard introduced by the FIDO Alliance boasts founding members such as Google and Yubico. PortalGuard supports this cost-effective hardware token whether it be the Titan Security Key by Google or Yubico's own Security Key which works with popular browsers, web sites and services.
- PortalGuard also offers support for a biometrics-based multi-factor option utilizing the service provider VoiceIt. They are a cloud-based biometrics service where you record different phrases during a one-time enrollment and can subsequently be prompted to repeat them later as a second factor proof of "something you are".
PortalGuard remains flexible with other MFA options including Google Authenticator, HOTP HMAC tokens, Yubikey hardware tokens, RSA SecurID, the PortalGuard Mobile app, reCAPTCHA, SMS OTP, Voice Call OTP, Email OTP, Help Desk Generated OTP, and printed codes.
Are you interested in learning more about PortalGuard and its features?
Contact us today to schedule a free demo!