As the name suggests, PassGo Technologies' Defender 5.2 Active Directory Edition (ADE) is designed to integrate two-factor authentication into your existing Windows domains. As with SecureComputing's SafeWord, management is through Active Directory, so there's no need to learn a new management system.
It's surprisingly easy to deal with, too. First, you have to create an access node, which is an object that holds access information for an entry point to your network. Each access node has a type associated with it.
The Radius type enables you to configure any device that uses Radius authentication to pass its request through to PassGo.
There's also a PassGo Defender Agent type, which is built to work with products that have to have agent software installed, such as the replacement Windows log-on agent, so you can introduce two-factor authentication to all your client computers.
Regardless of the type, the configuration remains largely the same, and for each access node you add the Active Directory users and groups the node applies to and, finally, the security policy. This policy defines how users can authenticate with the options available through tokens and/or the AD password or a separate PassGo password.
We were provided with PassGo's Defender Go-3 token, which generates a single-use password at the press of a button. If you want more security, there are Defender DualTOK tokens, which can be used in asynchronous mode - a machine generated challenge number is input to produce the response number. Finally, there is a software-based token for Windows PCs.
Tokens can be imported en masse using Active Directory and then assigned individually to users. To keep management to a minimum, though, you can also install the self-registration service, which uses an IIS web application to allow your users to register their tokens automatically. PassGo Technologies can also provide its WebMail application, which protects remote web-access to Exchange, iNotes and GroupWise email systems.
PassGo's Defender is simple to install and manage thanks to its ActiveDirectory integration. While support for a wider range of tokens might be important for some companies, its ease of use makes this an effective choice.