Every organisations has different core infrastructure, and along with that, different requirements for authenticating against their IT Systems.
Passwordstate offer two base forms of authentication - Active Directory Integrated, and Forms-Based Authentication. Additional secondary forms of authentication are also possible, including two-factor authentication.
Active Directory Integrated Authentication
Passwordstate leverages the investment your have made in your Active Directory implementation, and fully supports multiple Active Directory domains and forests.
In addition to importing user credentials direct from Active Directory, Passwordstate also uses the authentication mechanism inherent to Active Directory & Internet Information Services.
When using Active Directory Integrated Authentication user's are not required to provide any login details to authenticate to Passwordstate - their browser passes through their already logged in credentials to the web tier, which then passes on to the database tier for validation.
Manual Active Directory Authentication
If you prefer not to use "Pass Through" Active Directory Authentication, you can choose to use Manual Active Directory Authentication. Manual authentication requires the users to first manually authenticate using their AD username and password.
Two-Factor Authentication with RSA SecurID
Make use of the leading two-factor authentication solution, and require your users to authenticate using RSA's SecurID tokens.
Two-Factor Authentication with Google Authenticator
Google provides a free two-factor authentication solution called Google Authenticator, with authentication software available for most mobile clients.
Two-Factor Authentication using Email and a Temporary Pin Code
When you first authenticate to Passwordstate, a temporary Pin Code can be emailed to an email address of your choice (could even be an SMS Gateway). The Pin Code is only active as long as the time period as specified by your Passwordstate Security Administrator(s).
When using Active Directory Integrated authentication, you also have the option to enable a secondary ScramblePad authentication. Individual users can enable ScramblePad authentication, or Security Administrators can elect to make it mandatory for all users.
ScramblePad Authentication works by assigning a Pin number to a user's account. When asked to authenticate, the user must match their pin number against a series of randomly generated letters.
If your preference is not to use the Active Directory Integrated authentication method, you can opt for Forms-Based authentication. With Forms-Based authentication, there is no reliance on AD at all, and users must supply username/password every time they wish to use Passwordstate.
Please Note: When using Forms-Based authentication, synchronizing Security Groups with Active Directory is not possible. Local Passwordstate Security Groups are still available.