On-premise

Multi Factor Authentication

Download platform (Windows)

On-Premise Protectimus platform

The Protectimus On-Premise MFA (multi factor authentication) platform can be installed on local infrastructure, or on the client's private cloud.

You retain control over confidential information (user data, secret keys), and you can secure the multi-factor authentication server to meet even the most stringent security requirements. For example, you can place the on-premise platform on an isolated network without internet access and add additional protection using firewalls.

The Protectimus On-Premise platform for multi-factor authentication supports multidomain environments, clusters, replication, and backups. Additional MFA authentication platform features can be developed upon request. You can also link your SMS provider using the SMPP protocol.

Cross-platform

The Protectimus on-premise 2FA server is written in Java to be platform-independent. It supports Linux, FreeBSD, Windows, and other operating systems.

Multidomain environments

The Protectimus multifactor authentication platform supports user authentication in multidomain environments with Active Directory. This means that you can set up two-factor authentication for users on different domains within a single organization.

Replication and backup functionality

The Protectimus On-Premise two-factor authentication solution supports backups and data replication functionality to prevent the loss of valuable data.

On-Premise Protectimus platform

Data Signing or Dynamic Linking

CWYS (Confirm What You See) technology protects against phishing, banking Trojans, data replacement, etc. One-time passwords are generated using data about the current transaction, such as transaction amount, currency, and payment purpose.

Self-service portal

Your users can independently manage their personal data, MFA device (tokens) or MFA app (adding, deactivating, reissuing). The system administrator determines which actions are available to users.

Integrates with your chosen SMS provider

SMS authentication is available, so you can link any SMS operator of your choosing. The on-premise 2FA platform offers deep integration with your SMS provider over the SMPP protocol, enabling you to manage every service event and status.

Access Filters

You can set up the Protectimus MFA authentication system so that only users from selected countries and at a specific time of the day could access their accounts. For example, you can allow access only to users from Ireland from 8:00 to 18:00. Otherwise, access will be denied.

A cluster-based, fault-tolerant system

To ensure uninterrupted operation of your MFA server, you can deploy it to a cluster of several servers (we recommend using at least three nodes.) You’ll need a load balancer to distribute the load among them.

Analysis of the user environment

Protectimus 2FA platform allows analyzing the user’s environment (browser version, operating system, language, screen resolution, color depth, etc.) and requesting two-factor authentication only when the allowed number of mismatches is exceeded.

Here what our customers say

  • SICIM
  • DXC
  • Volet

На даний момент моя оцінка роботи компанії - 10 з 10. Важливим фактором у виборі цього провайдера двофакторної автентифікації була можливість кастомізації 2FA системи під наш проект. Після того, як ми зв'язалися з командою Protectimus і пояснили завдання, вони безкоштовно впровадили для нас необхідний функціонал. Жодних проблем не виникло. Все працює добре.

Крістіан Г, Системний адміністратор SICIM

Ми обрали Protectimus за їхню унікальну технологію Dynamic Strong Password Authentication (DSPA). Завдяки цьому рішенню нам вдалося одразу захистити всі необхідні системи, оскільки воно дозволяє інтегрувати 2FA безпосередньо з Active Directory. Вже рік користуємося MFA платформою Protectimus і повністю задоволені!

Мауро С., Xchanging Italy a DXC Technology

За ці роки у нас був лише позитивний досвід співпраці. Protectimus підтримував нас на всіх етапах — від інтеграції до впровадження додаткових функцій під наші специфічні завдання. Завдяки цьому рішенню двофакторної автентифікації ми впевнені, що інфраструктура та користувачі Volet надійно захищені. Protectimus дає нам не просто відчуття безпеки, а справжній, реальний захист. Однозначно рекомендую!

Артем Ш., Директор з інформаційної безпеки компанії Volet

Basic specifications
and requirements

  • Supports Linux, FreeBSD, Windows, and other operating systems.
  • Supports Google Chrome, Mozilla Firefox, and Internet Explorer.
  • All system components comply with the Java Programming Style Guidelines; the DRY (Don’t Repeat Yourself), DIE (Duplication Is Evil) and TDD (Test-Driven Development) development practices; and the OATH (Initiative for Open Authentication) OTP authentication standards.
  • Protectimus multi factor authentication solutions use the HMAC, HOTP, TOTP, and OCRA algorithms to generate one-time passwords.
  • Before installing the Protectimus multi authentication platform on your server, Java (JDK version 8) must be installed, as well as the PostgreSQL DBMS, version 10 or later. In PostgreSQL, a new database must be created for use by the platform.
  • To deploy the Protectimus multi factor authentication platform on private cloud infrastructure, the cloud must meet the following requirements: CPU: 2 cores, memory: 8 GB; OS: Linux; cloud disk: 20 GB; load balancer.

Pricing

The minimum rate is US$199 per month for 99 users.

The greater the number of users, the less the cost per user.
Additional technical support can be purchased separately.

Lifetime License and Enterprise Service Plan

Contact our sales team at sales@protectimus.com
for pricing information.

Knowledge Base

To set up two-factor authentication for the Roundcube client, start by registering with the Protectimus service. Create a resource, user, and token, then assign them to the resource. Next, download the Protectimus 2FA plugin for Roundcube from this page or GitHub and install it. Once installed, follow the step-by-step instructions in our guide on adding two-factor authentication to Roundcube.

Most services use email for changing passwords and restoring access to accounts. That means that reliable email access protection — and in this case, that means Roundcube authentication security — is fundamental to IT security in general. Even if you use a secure password, that password could be intercepted by a keylogger, brute-forced, or obtained using phishing or social engineering. Two-factor authentication adds an extra level of Roundcube brute force protection — one-time passwords are valid for 30 to 60 seconds. They can’t be guessed or collected, and they’re difficult or impossible to intercept.

Two-factor authentication protects Roundcube from keyloggers and brute-force attacks. It also guards against phishing and social engineering attacks, and data signing functionality protects against man-in-the-middle attacks. Roundcube just can’t be secure without a verified multi-factor authentication plugin for Roundcube. The Roundcube MFA plugin from Protectimus lets you configure multifactor authentication for Roundcube in just a few minutes. Features available in Protectimus’s solution include geographic and time-based filters, self-service, CWYS data signing, user environment analysis, and a broad assortment of 2FA tokens to choose from.

The Protectimus multi-factor authentication plugin for Roundcube supports hardware OTP tokens with hard-coded secret keys, the reflashable Protectimus Slim NFC and Protectimus Flex hardware token, the Protectimus Smart 2FA app for iOS and Android, email, and SMS authentication. Roundcube two-factor authentication methods also include delivery of one-time passwords over Telegram, Viber, and Facebook Messenger. Hardware tokens are the most reliable OTP tokens. These tokens cannot be infected by viruses, and intercepting one-time passwords is impossible. Messaging service chatbots are both convenient and secure; however, we don’t recommend SMS-based authentication.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.