StrikeForce ProtectID 2.2.4
Strengths: Neat out-of-band solution, good enterprise performance, nice price
Weaknesses: Ease of use, documentation, basic support, not totally integrated
Verdict: Nice offering, requires more configuration, out-of-band options more flexible for end-user deployments
StrikeForce ProtectID is a multi-factor authentication platform utilising out-of-band phone (PIN, OTP via SMS, OTP via voice), OTP via email, hard token and OATH-compliant soft token client (Desktop/BlackBerry/J2ME phone) for authentication.
The solution is delivered as hardware but we evaluated it in a virtual environment. There are several modules that need to be loaded and multiple OS dependencies to be installed first. We did not test the installation of the software as we were supplied a virtual machine, but it had an institutive installer that guided you through the process.
This solution really strived to utilise something you had already by turning it into your token for strong authentication. Any portable device that was Java-enabled could become a token, as could a PC with a client; other options include out-of-band voice or PIN to a mobile phone, and the traditional array of various soft and hard token support.
The management interface is a web-based console featuring role-based delegated administration. Reporting and detailed audit logging are provided.
Nice options available to the end user include a self-service password reset application and a self-service provisioning interface. There is support for integration with most web-based applications, including web (HTTP), Radius, ISAPI, ISA, Outlook Web Access, Citrix Secure Access Gateway, CA Siteminder, Oracle OAAM and RSA ClearTrust.
LDAP and Microsoft AD integration were not seamless, but there was an Active Directory sync mechanism available as a workaround.
ProtectID did have enterprise capabilities, such as authentication redundancy. This allows an organisation to set up both a primary and a secondary method of authentication in case the primary method is broken, missing or unavailable, reducing costly password-related helpdesk calls.
Support is provided for 90 days and upgraded options are available after that. We did not see a knowledgebase or access to the documentation on the StrikeForce website.
We like the concept, it worked well but it requires substantial effort to configure and maintain.