The Solution to Campus Password Security

PortalGuard is a user authentication product that specifically addresses the needs of higher education. A web-based solution that is installed in-house, it addresses security and compliance through a multifaceted approach.

PortalGuard provides the following in a single turnkey package (some functions can be purchased separately):

SELF-SERVICE PASSWORD RESET

This basic PortalGuard function, hugely popular in higher education, allows users to securely reset their own passwords, using previously entered personal information – including, if desired, two- factor authentication.

SINGLE SIGN-ON

With PortalGuard, independent software systems can be unified under one authentication process, allowing a student or faculty member to enter the same name and password across multiple systems. Single sign-on tightens security markedly by creating a single “chokepoint” for authentication and decreasing attack surfaces. It also reduces service calls to the help desk.

TWO-FACTOR AUTHENTICATION

This security method requires users to present two methods of identifying themselves, such as a password (or answers to personal questions during a password reset), and a mobile phone number. With PortalGuard, personal security questions can be set up, and a mobile phone or personal email address can also be used to verify identity, for example.

REAL-TIME PASSWORD SYNCHRONIZATION

PortalGuard helps IT administrators manage passwords, keeping them in sync across user directories. It supports Microsoft Active Directory, Novell eDirectory, and any LDAP v3-compliant directory, plus custom SQL user tables. When a user changes a password, PortalGuard passes the changes down to all linked accounts instantly.

CONTEXTUAL USER AUTHENTICATION

A cutting-edge approach to security that raises the bar for authentication by weighing context, such as where the user is at what time, and what device is being used.

PortalGuard also addresses these challenges:

DEVICE-AGNOSTIC: PortalGuard is web-based, so it is platform- and browser-agnostic. It works across all devices used by students, faculty, and staff, including Windows and Apple systems, all mobile devices, and Internet Explorer, Chrome, Firefox, and Safari browsers.

PortalGuard runs from a single web site and can be run on a virtual machine or can share a server – it can leverage an existing server by running on top of Microsoft IIS, for example. No additional server space, hardware or bandwidth is needed.

PASSWORD RECOVERY RIGHT FROM WINDOWS: An optional PortalGuard desktop component can be installed directly on Windows workstations to request enrollment of challenge answers, phone or email after a Windows login. It also allows password recovery right from the Windows logon screen, using the same interface as direct browser access which helps reduce training.

SINGLE SIGN-ON TO BLACKBOARD: One of PortalGuard's most well-known features. A huge challenge on college campuses is providing single sign-on to Blackboard. PortalGuard makes Blackboard single sign-on possible because it supports the XML- based open standard data format SAML.

HIGH INITIAL STUDENT PARTICIPATION: Schools can import existing student data into PortalGuard, then ask students to set their own initial passwords by answering a set of questions the first time they use the system. IT administrators control how self- service password reset is introduced. The first time a student logs in through any standard interface, a popup window can appear asking them to enroll.

Once enrollment is complete, a student who fails at a login is intercepted by PortalGuard, which jumps in with the option to reset their forgotten password. Based on administrative settings, students can also optionally enroll a mobile phone number or personal email address to help prove their identity when resetting their forgotten password.

SEPARATEGROUP POLICIES: Security policies can be applied to single users, groups (faculty vs. students vs.staff),or entire organizational units in the user directory. PortalGuard supports any LDAP v3 directory, as well as custom SQL-based user repositories.

PRICING TAILORED FOR HIGHER ED: PortalGuard offers a server-based license under a flat yearly fee, with no user cap or restrictions. That eliminates the overhead associated with monitoring active user counts, and can drop the per- user price dramatically. PortalGuard Self-service Password Reset is available as a standalone product, or as part of the complete authentication solution set.