ActivIdentity 4TRESS Authentication Appliance FT2011 is a versatile server providing strong authentication to a wide range of services and online applications - such as virtual private networks (VPN), remote access, terminal services and web-based applications - through RADIUS, SAML v2-based authentication portal and web-service APIs. The tool is available as a hardware or virtual appliance. We evaluated the physical device.

We set up the tool using the terminal interface. We had to run a health check on the appliance and then perform the initial configuration to put it on our network. Once the network details are provided, one can browse to the secure web interface to perform the remaining configuration. At this point, we enabled the various components, such as the authentication server, portal, management console and token portal. We configured the various users for the interfaces/portals and let the setup complete. The process took about an hour. The appliance comes complete with an embedded Oracle database, and configuration of it is all done without any direct involvement. Once the product is loaded, one will need to note the various portals and communication ports for accessing various services. Anything needed can be accessed via the various appliance portals. It just takes some time to navigate back and forth among all the portals.

Centralized management is available through a set of web-based user interfaces. The 4TRESS Management Console is used for configuration, and day-to-day operations and administration. The Configurer Portal is used to modify and maintain low-level parameters, such as device and credential types, and authentication policies templates. The 4TRESS Authentication Portal is the SAML front-end portal that provides the logon interface for service provider authentication. The 4TRESS Soft Token Activation Portal allows end-users to securely and easily activate 4TRESS Soft Tokens. A nice feature of the various portals is that they can be rebranded and set up for multitenant hosted environments of organizations supporting multiple business units.

The appliance registers and remembers all machines the user has successfully authenticated. When a new machine is engaged, the user is required to logon with the username/password, and with an additional authentication lifecycle management for user credentials.

Another feature we liked was 4TRESS Fraud Detection, a cloud-based, device profiling, identification and risk-score technology. The centralized auditing is attractive. It is secure and contains all the data one would need for any compliance review. The documentation is also well done and helped us through the install and use of the appliance and client. Eight-hours-a-day/five-days-a-week support is available at 20 percent of list price, and 24/7 service is offered at 25 percent of list price.

The hardware appliance (with no hardware security module), including a one-year warranty, is $6,999. A user license for a midsize enterprise deployment is around $40, and for a midsize online banking deployment around $11. In both cases, volume discounts apply.