On-premise

Multi Factor Authentication

Download platform (Windows)

On-Premise Protectimus platform

The Protectimus On-Premise MFA (multi factor authentication) platform can be installed on local infrastructure, or on the client's private cloud.

You retain control over confidential information (user data, secret keys), and you can secure the multi-factor authentication server to meet even the most stringent security requirements. For example, you can place the on-premise platform on an isolated network without internet access and add additional protection using firewalls.

The Protectimus On-Premise platform for multi-factor authentication supports multidomain environments, clusters, replication, and backups. Additional MFA authentication platform features can be developed upon request. You can also link your SMS provider using the SMPP protocol.

Cross-platform

The Protectimus on-premise 2FA server is written in Java to be platform-independent. It supports Linux, FreeBSD, Windows, and other operating systems.

Multidomain environments

The Protectimus multifactor authentication platform supports user authentication in multidomain environments with Active Directory. This means that you can set up two-factor authentication for users on different domains within a single organization.

Replication and backup functionality

The Protectimus On-Premise two-factor authentication solution supports backups and data replication functionality to prevent the loss of valuable data.

On-Premise Protectimus platform

Data Signing or Dynamic Linking

CWYS (Confirm What You See) technology protects against phishing, banking Trojans, data replacement, etc. One-time passwords are generated using data about the current transaction, such as transaction amount, currency, and payment purpose.

Self-service portal

Your users can independently manage their personal data, MFA device (tokens) or MFA app (adding, deactivating, reissuing). The system administrator determines which actions are available to users.

Integrates with your chosen SMS provider

SMS authentication is available, so you can link any SMS operator of your choosing. The on-premise 2FA platform offers deep integration with your SMS provider over the SMPP protocol, enabling you to manage every service event and status.

Access Filters

You can set up the Protectimus MFA authentication system so that only users from selected countries and at a specific time of the day could access their accounts. For example, you can allow access only to users from Ireland from 8:00 to 18:00. Otherwise, access will be denied.

A cluster-based, fault-tolerant system

To ensure uninterrupted operation of your MFA server, you can deploy it to a cluster of several servers (we recommend using at least three nodes.) You’ll need a load balancer to distribute the load among them.

Analysis of the user environment

Protectimus 2FA platform allows analyzing the user’s environment (browser version, operating system, language, screen resolution, color depth, etc.) and requesting two-factor authentication only when the allowed number of mismatches is exceeded.

Here what our customers say

  • SICIM
  • DXC
  • Volet

At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. There were no problems. Everything works well.

Cristian G, System Administrator at SICIM

Protectimus was chosen because of their unique Dynamic Strong Password Authentication (DSPA) technology. Using this product, we added 2FA to all the systems we needed to protect in one fell swoop, as it allowed us to integrate two-factor authentication services straight with Active Directory. We have been using the Protectimus two-factor authentication platform for a year and are satisfied with this product.

Mauro S., Xchanging Italy a DXC Technology

Over the past years, we’ve had only positive cases of working together. Protectimus helped us at every stage, from integration to adding additional features that solved our specific tasks. Using Protectimus, we are confident that Volet infrastructure and users are well protected. Protectimus gives us what money can’t buy – not a sense of security, but REAL security. I highly recommend it for implementation.

Artem Sh., Info Security Director at Volet

Basic specifications
and requirements

  • Supports Linux, FreeBSD, Windows, and other operating systems.
  • Supports Google Chrome, Mozilla Firefox, and Internet Explorer.
  • All system components comply with the Java Programming Style Guidelines; the DRY (Don’t Repeat Yourself), DIE (Duplication Is Evil) and TDD (Test-Driven Development) development practices; and the OATH (Initiative for Open Authentication) OTP authentication standards.
  • Protectimus multi factor authentication solutions use the HMAC, HOTP, TOTP, and OCRA algorithms to generate one-time passwords.
  • Before installing the Protectimus multi authentication platform on your server, Java (JDK version 8) must be installed, as well as the PostgreSQL DBMS, version 10 or later. In PostgreSQL, a new database must be created for use by the platform.
  • To deploy the Protectimus multi factor authentication platform on private cloud infrastructure, the cloud must meet the following requirements: CPU: 2 cores, memory: 8 GB; OS: Linux; cloud disk: 20 GB; load balancer.

Pricing

The minimum rate is US$199 per month for 99 users.

The greater the number of users, the less the cost per user.
Additional technical support can be purchased separately.

Lifetime License and Enterprise Service Plan

Contact our sales team at sales@protectimus.com
for pricing information.

Knowledge Base

To set up two-factor authentication for the Roundcube client, start by registering with the Protectimus service. Create a resource, user, and token, then assign them to the resource. Next, download the Protectimus 2FA plugin for Roundcube from this page or GitHub and install it. Once installed, follow the step-by-step instructions in our guide on adding two-factor authentication to Roundcube.

Most services use email for changing passwords and restoring access to accounts. That means that reliable email access protection — and in this case, that means Roundcube authentication security — is fundamental to IT security in general. Even if you use a secure password, that password could be intercepted by a keylogger, brute-forced, or obtained using phishing or social engineering. Two-factor authentication adds an extra level of Roundcube brute force protection — one-time passwords are valid for 30 to 60 seconds. They can’t be guessed or collected, and they’re difficult or impossible to intercept.

Two-factor authentication protects Roundcube from keyloggers and brute-force attacks. It also guards against phishing and social engineering attacks, and data signing functionality protects against man-in-the-middle attacks. Roundcube just can’t be secure without a verified multi-factor authentication plugin for Roundcube. The Roundcube MFA plugin from Protectimus lets you configure multifactor authentication for Roundcube in just a few minutes. Features available in Protectimus’s solution include geographic and time-based filters, self-service, CWYS data signing, user environment analysis, and a broad assortment of 2FA tokens to choose from.

The Protectimus multi-factor authentication plugin for Roundcube supports hardware OTP tokens with hard-coded secret keys, the reflashable Protectimus Slim NFC and Protectimus Flex hardware token, the Protectimus Smart 2FA app for iOS and Android, email, and SMS authentication. Roundcube two-factor authentication methods also include delivery of one-time passwords over Telegram, Viber, and Facebook Messenger. Hardware tokens are the most reliable OTP tokens. These tokens cannot be infected by viruses, and intercepting one-time passwords is impossible. Messaging service chatbots are both convenient and secure; however, we don’t recommend SMS-based authentication.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.