DigitalPersona Pro Enterprise
January 02, 2013
$84 per user, U.are.U Fingerprint Reader $89, Pro Reports module extra.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Group policy-based management allows for great control, SSO, user self-registration and password reset.
- Weaknesses: Logging is inadequate without the Reports add-on.
- Verdict: A solid product definitely worth considering.
Large scale deployment of multifactor authentication services is a complex undertaking, and the administration of those services can prove problematic for administrators. DigitalPersona has put a great deal of thought into this, and as long as one is using Active Directory, the company's Pro Enterprise product may just be the solution.
The software arrived on a CD and contained both the client and server installation files. While it wasn't particularly difficult, the installation was a multi-step process. As the product is tightly integrated into Active Directory, we were first required to run a schema extender. We needed to do this a few times - first to set the appropriate schema permissions, then again to actually perform the extensions after the changes had replicated. After that, we ran a separate domain configuration wizard, and finally we installed the server components. Once that finished, we needed to install the license activation software, and then, using the Group Policy Management Editor, we were able to activate our license. After configuring a Group Policy Objects (GPO) with our preferences, the server portion of the installation was complete. The client software installation was much more straightforward - we simply ran the setup .exe and clicked "Next" until we were done.
As mentioned above, the product is tightly integrated with Active Directory, so it can be completely managed through GPO. We find this to be a powerful way to control the software. The tool supports the storing of biometric data, either on the server or locally on the workstation. It enables multifactor authentication for Windows itself, as well as other applications and websites through the wonderfully executed Password Manager Pro application. Similar to tools like LastPass, Password Manager Pro provides single sign-on capabilities to virtually any website or application by allowing administrators to set up website and application logins for their users. The software can be restricted to only allow websites and applications specified by administrators, or it can be allowed to accept registrations from the end-users as well. The product works with a number of different types of authentication tokens, supporting fingerprint readers, PINs, Bluetooth, Proximity and contactless smart cards and facial recognition.
Regretably, the base product appears to fall short in the logging department. All authentication activity is logged locally in the client's Windows Event logs, which makes auditing a chore. This can be rectified with an add-on product, Reports Pro. Installed on a separate server with a MS SQL backend, Reports makes use of the Windows Events Forwarding mechanism to collect authentication data. Using a web-based interface, administrators can create reports, and the subscription feature can automatically run those reports on a scheduled basis. It's a nice product, unfortunately it's an additional cost.
As far as support, we found a few instances of broken or missing hyperlinks on the company's website, and some of the information appeared to be outdated.
DigitalPersona Pro Enterprise is priced at $84 per user with U.are.U Fingerprint Reader at $89. The Pro Reports add-on is listed at $1,500 for 250 users, $2,000 for 251-1,500 users, and $3,000 for more than 1,500 users.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards