DigitalPersona Pro Enterprise
Strengths: Group policy-based management allows for great control; SSO; user self-registration and password reset
Weaknesses: Logging is inadequate without the reports add-on
Verdict: A solid product definitely worth considering
Large-scale deployment of multi-factor authentication services is a complex undertaking, and the administration of those services can prove problematic for administrators. DigitalPersona has put a great deal of thought into this, and as long as you're using Active Directory, its Pro Enterprise product may just be the solution.
The software arrived on a CD Rom that contained both the client and server installation files. While it wasn't particularly difficult, the installation was a multi-step process. As the product is tightly integrated into Active Directory, we were first required to run a schema extender. We needed to do this a few times, first to set the appropriate schema permissions, then again to actually perform the extensions after the changes had replicated. After that, we ran a separate domain configuration wizard, and finally we installed the server components. Once that finished, we needed to install the licence activation software, and then using the group policy management editor, we were able to activate our licence. After configuring a GPO with our preferences, the server portion of the installation was complete. The client software installation was much more straightforward - we simply ran the setup .exe and clicked next until we were done.
As we mentioned above, the product is tightly integrated with Active Directory, so it can be completely managed through group policy objects. We find this to be a very powerful way to control the software.
The product supports the storage of biometric data either on the server or locally on the workstation. It enables multi-factor authentication for Windows itself, as well as other applications and websites through the wonderfully executed Password Manager Pro application. This provides single sign-on capabilities to virtually any website or application by allowing administrators to set up website and application logins for their users. The software can be restricted to only allow websites and applications specified by administrators, or it can be allowed to accept registrations from the end-users as well. The product works with a number of different types of authentication tokens, supporting fingerprint readers, PINs, Bluetooth, Smart, Proximity and Contactless cards, and facial recognition.
Regretfully, the base product appears to fall short in the logging department. All authentication activity is logged locally in the client's Windows event logs, which makes auditing a chore. This can be rectified with an add-on product, Reports Pro. Installed on a separate server with a MS SQL backend, Reports Pro makes use of the Windows events forwarding mechanism to collect authentication data. Utilising a web-based interface, administrators can create reports and the subscription feature can automatically run those reports on a scheduled basis. It's a great product, but unfortunately it's an additional cost.
DigitalPersona's documentation is extremely well done. A quick-start guide was provided on the installation CD, and detailed administration guides are available on the website. With everything indexed and bookmarked, we had no trouble locating any information we were looking for in short order.
DigitalPersona offers a single support plan, which provides eight-hours-a-day/five-days-a-week phone-based and email support. It also hosts an online knowlegebase, though at the time of writing it could use a little maintenance. We found a few instances of broken or missing hyperlinks, and some of the information appeared to be outdated.
DigitalPersona Pro Enterprise is priced at c£52* per user. The Reports Pro add-on is listed at c£935 for 250 users, c£1,246* for 251-1,500 users, and c£1,870* for over 1,500 users.
*Converted from US dollars (only sell in dollars)