Sidecar Mode

It is possible to have PortalGuard handle logins for remote HTTP servers on which PortalGuard is not directly installed. This is referred to as "Sidecar" mode. A small JavaScript library is added to the login form for the target HTTP server. This new code temporarily suppresses the login to the target server and calls out to the PortalGuard server instead. PortalGuard validates the user's credentials and verifies that the user does not need to take any specific PortalGuard actions (e.g. setting challenge answers). If PortalGuard requires the user to take action, a floating frame appears over the top of the target server's HTML login form in which the user performs the requested action directly against the PortalGuard server. Once no further action is required, the floating frame is closed and the original login attempt to the target server is allowed to continue as normal.

If no PortalGuard action is required of the user, then the floating frame never appears and the login attempt passes directly to the target server.

The Sidecar mode achieves a high level of integration with your current login forms without requiring any changes to the target server's back-end or authentication configuration. You can also easily add "Forgot password?" links directly to your normal login form that cause the PortalGuard "Reset Password" wizard to appear on demand in the floating frame. By leaving your standard login forms intact, end-user training, development changes and administrative overhead are almost completely eliminated.

The screenshots below demonstrate:

1) A standard corporate login form

2) Forcing the user to set their challenge answers using the PortalGuard Sidecar

3) Allowing users to reset their forgotten password using the PortalGuard Sidecar directly from the standard login form


Sidecar mode has the following requirements:

  • The target HTTP server must use a HTML form for user authentication. The HTTP server must not be configured to use Basic authentication since web browsers handle this form of authentication by simply popping up a dialog box in which the user enters their credentials.
  • The target and PortalGuard servers must both have Fully Qualified Domain Names (FQDN) in DNS that end with a common domain, e.g. "".
  • The target and PortalGuard servers must both be reachable on the network by end-users using their FQDNs, e.g. "" and "".
  • JavaScript must be enabled on the end-user's web browser


Our technicians will be happy to help you enable PortalGuard in Sidecar mode during a guided install. The entire process only takes approximately 20 minutes.