Strengths: Does everything expected and then some – with ease of use and unlimited users.
Verdict: Excellent product for that first step into dual-factor authentication. We select it as our Best Buy.
PortalGuard is a multifactor authentication, web-based single sign-on (SSO) through Internet Information Services (IIS) and self-service password reset server and application rolled into one.
The install is guided by a PistolStar engineer who has either developed or tested PortalGuard through screen sharing and VoIP, included with every purchase. This is a nice touch. The PortalGuard server application is easy to install, no doubt because the engineer guiding us through the install knew the product inside and out. This almost doubled as a training session, as during the install we were able to ask questions and learn how the product worked. This saved us a tremendous amount of time in setup and reduced the gap between setup and actually having something useful to work with. PortalGuard has support for RADIUS servers; SSL VPNs; single sign-on (SSO) web servers and Active Directory servers; Sharepoint, Exchange and Outlook Web App, federation websites, like Google Apps, Microsoft Office 365; and many more.
The offering does exactly what one would expect it to - as a dual-factor authentication server and then some. The different authentication methods include a mobile authenticator (like Google Authenticator), phone call, SMS, email, RSA SecurID, Yubico Yubikey, and/or a number of personal challenge answers to be set up by the users when they configure their preferred methods of authentication. Many of these are taken care of on first startup. However, if one has the user's email or phone number already in an Active Directory field, PortalGuard can optionally look for some of that information. PortalGuard also supports extra logging functionality and tying this extra data into a SIEM.
The aspects that really set PortalGuard apart are its granularity of controls, ease of use and contextual-based authentication. The tool allows every little detail to be different between user groups, or even individual users, all from an easy-to-use GUI application that sits on the server. With the configurable contextual-based authentication, if a user logs in consistently from a certain IP at the same time every day and doesn't get their password wrong, PortalGuard does not need to ask for another factor. If a user is logged into a local network inside the building, the policy could be set to be a little more relaxed than if the user was logging in through a VPN out of state on vacation.
The documentation is clear, concise and extensive. The support is nine-hours-a-day/five-days-a-week for the standard package, 12/5 for the gold package, and 24/7 for the platinum package. Gold support is $3,500 per year, and platinum is $250 per hour per incident.
PistolStar's PortalGuard is one of the most full-featured products we've tested with great value per user, ease of use and impressive customer assistance, as well as support for a wide range of products and services for multifactor authentication integration. For this - in combination with no real downsides - we picked this as our Best Buy.