BIO-key PortalGuard – Revision 2021
BIO-key PortalGuard has been a player in Identity Management (IDM) for some time, but things have changed since we last tested it. Since PortalGuard was acquired by BIO-key, the product places more emphasis on biometrics for authentication. As well as offering an on-premises installation, you also have the option of an Identity as a Service (IDaaS) deployment, although there is still a bit of maturation to do before the PortalGuard IDaaS platform is released. ready to compete with our publishers. Choice award winners Okta and VMware Workspace One.
Two things about PortalGuard really stand out. The first is its pricing: you can get all the features that PortalGuard offers for a flat fee of $ 2-4 per month per user, depending on your total number of users. The second key selling point is the name of the BIO-key company. PortalGuard offers a number of flexible multi-factor authentication (MFA) options, but many include a biometric component, including the new MobileAuth mobile app with PalmPositive. The latter supports palm scanning which the company claims is up to 400 times more accurate than most device-based biometrics.
Getting started with PortalGuard
PortalGuard’s installation and configuration process hasn’t changed much since our 2017 review. The platform still runs on Microsoft Internet Information Services (IIS) and Microsoft SQL Server, which based on your business preferences and personal, can appear in the Advantages or Disadvantages column. PortalGuard Config Editor is the go-to utility for configuring how the software runs on your server and connects to your user repositories. If you’ve set up an LDAP connection before, you’ll be familiar with the process: set up server and port details, as well as LDAP paths for key aspects of your directory, and you’re pretty much ready to go. If your configuration needs some tweaking, you can configure LDAP attributes that contain common data, as well as apply search filters for users and groups.
If your organization uses an LDAP directory other than Microsoft Active Directory, PortalGuard supports several other notable LDAP directories as well as user stores based on SQL Server or Microsoft Azure AD.
Configuring security policies
Authentication or security policies are a critical part of any IDM, as they determine the authentication requirements placed on users who attempt to access corporate resources. Users deploying PortalGuard on-premises will again use the PortalGuard Configuration Editor to manage security policies. Currently, BIO-key does not appear to offer IDaaS customers a way to configure security policies on their own; instead, they should take advantage of PortalGuard’s support team. The company says web-based administrative tools will be available soon.
The PortalGuard Config Editor allows you to specify which users a policy applies to (for LDAP this can take the form of a filter on users or groups or even a particular organizational unit). Policies also control certain actions within PortalGuard’s sphere of influence, such as access to the platform’s SSO portal, as well as self-service features such as password change, reset , account recovery and unlocking. Other security policy settings involve things like auditing, user data change notifications, and password rules (complexity, expiration, restricted words, and regular expression-based rules).
My main gripe with security policies is that they place limits on flexibility over competing solutions. For example, there is no way to tie a particular policy to a set of apps, so users are prompted to use the same set of authentication methods regardless of the type of resource they are using. try to access. Another limitation is that some of the more advanced components that you can find in competing IDM suites like or VMware, are simply not available with PortalGuard without using code versus API. Features such as integration with your mobile device management (MDM) or unified endpoint management (UEM) solution, or even risk scores based on the current authentication attempt, are not immediately available. .
PortalGuard MobileAuth with PalmPositive
One of the more recent offerings from BIO-key, as mentioned, is MobileAuth with PalmPositive. This mobile application uses your smartphone’s camera to analyze the biometric data of your fingerprint. There are obvious advantages to this. For example, it allows you to include older phones in your user pool, as many older models of phones or budget models lack fingerprint readers, but almost all smartphones come with cameras. . Add BIO-key’s claim that palm biometrics are more reliable than fingerprint biometrics; the fact that registration is considerably faster and more convenient; and that biometric scanning is happening on the server, not the device, and that palm-based biometrics is really starting to look good.
Unfortunately, I think the usability aspect of palm reading suffers a bit compared to fingerprint identification. On the one hand, you basically have to take a photo with your palm, which requires two hands. Plus, it’s impossible to be subtle about the process if you’re in a meeting or in an informal conversation. Finally, you have to use the camera flash in order to get a quality scan of your palm, which means connecting in low-light environments like a theater is not an option.
Prices and packages
The cost of PortalGuard is determined by the number of users. The price starts at $ 4 per user per month for customers under 1,000 users and drops to $ 2 per user per month for organizations over 10,000 users. The advantage of the license structure is its simplicity: each license includes all features, with no upgrade required to access advanced features.
Overall, PortalGuard has improved significantly since the last time we tried it. BIO-key’s addition of palm-based biometrics should appeal to any organization looking for extra protection beyond passwords, and its low price should also be attractive.
But IT pros tasked with supporting large numbers of users will find that the platform lacks some of the administrative features of its rivals. You will need to contact customer support to set up security policies using the cloud service version, as well as to develop your own integrations with device management tools using an API. If you don’t mind, PortalGuard might be a good choice if you like its biometric features. Otherwise, you’re probably better off with a more complete platform like Okta.