Large scale deployment of multifactor authentication services is a complex undertaking, and the administration of those services can prove problematic for administrators. DigitalPersona has put a great deal of thought into this, and as long as one is using Active Directory, the company's Pro Enterprise product may just be the solution.
The software arrived on a CD and contained both the client and server installation files. While it wasn't particularly difficult, the installation was a multi-step process. As the product is tightly integrated into Active Directory, we were first required to run a schema extender. We needed to do this a few times - first to set the appropriate schema permissions, then again to actually perform the extensions after the changes had replicated. After that, we ran a separate domain configuration wizard, and finally we installed the server components. Once that finished, we needed to install the license activation software, and then, using the Group Policy Management Editor, we were able to activate our license. After configuring a Group Policy Objects (GPO) with our preferences, the server portion of the installation was complete. The client software installation was much more straightforward - we simply ran the setup .exe and clicked "Next" until we were done.
As mentioned above, the product is tightly integrated with Active Directory, so it can be completely managed through GPO. We find this to be a powerful way to control the software. The tool supports the storing of biometric data, either on the server or locally on the workstation. It enables multifactor authentication for Windows itself, as well as other applications and websites through the wonderfully executed Password Manager Pro application. Similar to tools like LastPass, Password Manager Pro provides single sign-on capabilities to virtually any website or application by allowing administrators to set up website and application logins for their users. The software can be restricted to only allow websites and applications specified by administrators, or it can be allowed to accept registrations from the end-users as well. The product works with a number of different types of authentication tokens, supporting fingerprint readers, PINs, Bluetooth, Proximity and contactless smart cards and facial recognition.
Regretably, the base product appears to fall short in the logging department. All authentication activity is logged locally in the client's Windows Event logs, which makes auditing a chore. This can be rectified with an add-on product, Reports Pro. Installed on a separate server with a MS SQL backend, Reports makes use of the Windows Events Forwarding mechanism to collect authentication data. Using a web-based interface, administrators can create reports, and the subscription feature can automatically run those reports on a scheduled basis. It's a nice product, unfortunately it's an additional cost.
As far as support, we found a few instances of broken or missing hyperlinks on the company's website, and some of the information appeared to be outdated.
DigitalPersona Pro Enterprise is priced at $84 per user with U.are.U Fingerprint Reader at $89. The Pro Reports add-on is listed at $1,500 for 250 users, $2,000 for 251-1,500 users, and $3,000 for more than 1,500 users.