Every organisations has different core infrastructure, and along with that, different requirements for authenticating against their IT Systems.
Passwordstate offer two base forms of authentication - Active Directory Integrated, and Forms-Based Authentication, with 16 additional secondary forms of authentication - including various two-factor authentication options.
Active Directory Single Sign-On
Passwordstate leverages the investment your have made in your Active Directory implementation, and fully supports multiple Active Directory domains and forests.
In addition to importing user credentials direct from Active Directory, Passwordstate also uses the authentication mechanism inherent to Active Directory & Internet Information Services.
When using Active Directory Integrated Authentication, the default Authentication option of Single Sign-On (Passthrough Authentication) does not require the user to provide any login details to authenticate to Passwordstate - their browser passes through their already logged in credentials to the web tier, which then passes on to the database tier for validation. If you prefer your users to manually enter the domain credentials to authenticate, you can use the 'Manual AD Authentication' option listed below, in conjunction with any of the other two-factor authentication options listed.
Manual Active Directory Authentication
If you prefer not to use "Pass Through" Active Directory Authentication, you can choose to use Manual Active Directory Authentication. Manual authentication requires the users to first manually authenticate using their AD username and password.
RSA SecurID Two-Factor Authentication
Make use of the leading two-factor authentication solution, and require your users to authenticate using RSA's SecurID tokens http://www.emc.com/security/rsa-securid.htm
AuthAnvil Two-Factor Authentication
Passwordstate also supports Scorpion Softwares Multi Factor Authentication solution for two-factor authentication - http://www.scorpionsoft.com/software/multi-factor-auth
Duo Push Authentication Two-Factor Authentication
Make use of the leading cloud-based two-factor authentication solution, and choose Duo Security's Push Authentiation - https://www.duosecurity.com/
One-Time Password using Hardware or Software Tokens
Based on either the TOTP
(Time-Based) or HOTP
(Counter-Based) algorithms, you can use either hardware or software tokens for additional two-factor authentication.
Two-Factor Authentication with Google Authenticator
Google provides a free two-factor authentication solution called Google Authenticator, with authentication software available for most mobile clients - https://code.google.com/p/google-authenticator
SafeNet Two-Factor Authentication
Passwordstate also supports SafeNet's Cloud or On-Premise Two-Factor Authentication solution - http://www.safenet-inc.com/multi-factor-authentication/two-factor-authentication-2fa/
When using Active Directory Integrated authentication, you also have the option to enable a secondary ScramblePad authentication. Individual users can enable ScramblePad authentication, or Security Administrators can elect to make it mandatory for all users.
ScramblePad Authentication works by assigning a Pin number to a user's account. When asked to authenticate, the user must match their pin number against a series of randomly generated letters.
If your preference is not to use the Active Directory Integrated authentication method, you can opt for Forms-Based authentication. With Forms-Based authentication, there is no reliance on AD at all, and users must supply username/password every time they wish to use Passwordstate.
Please Note: When using Forms-Based authentication, synchronizing Security Groups with Active Directory is not possible. Local Passwordstate Security Groups are still available.
Two-Factor Authentication using Email and a Temporary Pin Code
When you first authenticate to Passwordstate, a temporary Pin Code can be emailed to an email address of your choice (could even be an SMS Gateway). The Pin Code is only active as long as the time period as specified by your Passwordstate Security Administrator(s).