Here at BIO-key, we're always busy innovating to help you and your organization focus on what you do while we keep improving your IAM with product enhancements, many of which are based on your feedback and requests.
In our latest Customer Masterclass webinar, we introduced many of you to the newest updates to the PortalGuard solution and the benefits your organization can expect from them, including:
For a deeper dive, check out the June Masterclass on-demand:
You Asked, We Listened: Latest Updates to the PortalGuard Platform
You can also access the masterclass slides here.
From email and SMS to tokens and biometrics, we're always looking to offer varied approaches and methods for multi-factor authentication (MFA) so organizations can secure their environment, while meeting specific business needs and user requirements.
We now support proximity cards for authentication — including desktop logins, browser logins, and self-service password resets — which can be implemented in passwordless, single-factor authentication, and MFA workflows.
This authentication method is available for customers using the PortalGuard IDaaS platform with our BIO-key WEB-key solution — our Identity-Bound Biometric engine.
Contextual authentication (aka adaptive authentication) allows an organization to leverage users’ contextual information — a combination of IP address/network, date/time, and geolocation — to apply the appropriate level of authentication based on the level of risk present. For example, under this authentication approach, users who are deemed suspicious (e.g., logging in from an unrecognized device) will have to perform a step-up authentication with our advanced authentication methods.
To improve the contextual information that is used, we now support IPv6-based geolocation, in addition to IPv4.
We’ve introduced a new Pluggable Authentication Module (PAM) for enforcing MFA for Linux/Unix access. If you’re familiar with our Windows PortalGuard Desktop application, it’s essentially the same thing but for Linux/Unix and supports most of our standard authentication methods.
Multiple enhancements to password management within PortalGuard have been made. Password expiration time is now more granular so you can configure more variables around password expiration time to best support your organization’s security policy. Additionally, we’ve provided new capabilities and enhanced features around reporting for password resets.
We’ve also streamlined the login process for remote desktop. Previously, when you log in, you would have to supply a username and password, and if you had 2FA/MFA activated in the remote desktop, you would have to re-enter your password again to complete the sign-in process. Now, you can pass the initial credentials all the way through the RDP, so you only have to enter your password once.
PortalGuard Desktop is our platform for Windows endpoint authentication to secure desktop logins across laptops, desktops, and tablets, with flexible options for MFA and self-service password reset, including Identity-Bound Biometrics.
Around PortalGuard Desktop, we’ve made new enhancements, including:
PortalGuard Desktop is an optional piece, but it’s something all our customers can take advantage of with their current PortalGuard licensing. If this is something you're generally interested in learning more about or implementing in your organization, please don’t hesitate to reach out to us.
Tailored authentication (TA) is one of the offerings we provide to all our customers to help customize our solutions to your unique needs. We typically initiate these projects as a scope of work, then build the new feature or capability into the product itself so that all customers can benefit from the enhancement.
Please don’t hesitate to reach out to the BIO-key team if you want to learn more or have a specific requirement to address. No project is too big or too small and we’re always curious about the unique needs of your IAM strategy.
A recent example of a tailored authentication project we had in place with one of our customers is improving the usability of our DUO Security integration. This TA was another example of one of the key benefits of PortalGuard — being able to take different point solutions for authentication and integrate them under a single security policy, or single set of security policies and improve the overall user experience.
Now, you can force specific actions, such as DUO enrollment during the PortalGuard login process and generate printed DUO bypass codes. DUO will still be the app that prompts for MFA during login, but the nice thing is that you have the complement of PortalGuard, which offers a much wider range of single sign-on support to all types of applications, as well as self-service password reset — a feature that DUO doesn’t offer. Also, once a user is enrolled and has all their information set up in DUO and PortalGuard, the user can manage their DUO account settings via the PortalGuard Account Management page.
Here are some important enhancements for PortalGuard IDaaS users:
We’ve added RADIUS support — the networking protocol to authorize and authenticate users who are trying to access any remote network — to PortalGuard IDaaS and support for RADIUS authentication protocols, including PAP, CHAP, and MSCHAPv2.
We've also improved support for VDI (virtual desktop infrastructure) for specific environments, such as Citrix and VMware, allowing PortalGuard IDaaS to support these types of access and secure these logins with MFA using our broad range of authentication methods, including:
AttributeSync is now available for the IDaaS platform, which enables automatic syncing of user attributes (standard and custom fields) between the IDaaS cloud directory and on-premises LDAP or Active Directories. This represents a one-way sync from any on-premises directories to the IDaaS cloud directory that can be scheduled on a recurring basis depending on what type of syncing schedule you want to have.
Most of our customers are currently using the [onbio-key.com] type of default DNS domain. Now you’ll be able to let your brand shine with the ability to use your own DNS domain, for example, having [login.yourorganization.com] as your portal.
As we continue to innovate and release new products your feedback is essential to make sure we are addressing your needs. That’s why we appreciate and are always looking for early adopters.
Interested in being the first to try new features? Let us know if you’d like to be an early adopter.
If you’re interested in a discussion with our executive team about how you can leverage your PortalGuard investment to its fullest, please reach out to me: alexander.apostolov@bio-key.com