On-Premise Protectimus platform
The Protectimus On-Premise MFA (multi factor authentication) platform can be installed on local infrastructure, or on the client's private cloud. You retain control over confidential information (user data, secret keys), and you can secure the multi-factor authentication server to meet even the most stringent security requirements. For example, you can place the on-premise platform on an isolated network without internet access and add additional protection using firewalls.
The Protectimus On-Premise platform for multi-factor authentication supports multidomain environments, clusters, replication, and backups. Additional MFA authentication platform features can be developed upon request. You can also link your SMS provider using the SMPP protocol.
The Protectimus on-premise 2FA server is written in Java to be platform-independent. It supports Linux, FreeBSD, Windows, and other operating systems.
The Protectimus multifactor authentication platform supports user authentication in multidomain environments with Active Directory. This means that you can set up two-factor authentication for users on different domains within a single organization.
Replication and backup functionality
The Protectimus On-Premise two-factor authentication solution supports backups and data replication functionality to prevent the loss of valuable data.
Basic specifications and requirements
- Supports Linux, FreeBSD, Windows, and other operating systems.
- Supports Google Chrome, Mozilla Firefox, and Internet Explorer.
- All system components comply with the Java Programming Style Guidelines; the DRY (Don't Repeat Yourself), DIE (Duplication Is Evil) and TDD (Test-Driven Development) development practices; and the OATH (Initiative for Open Authentication) OTP authentication standards.
- Protectimus multi factor authentication solutions use the HMAC, HOTP, TOTP, and OCRA algorithms to generate one-time passwords.
- Before installing the Protectimus multi authentication platform on your server, Java (JDK version 8) must be installed, as well as the PostgreSQL DBMS, version 10 or later. In PostgreSQL, a new database must be created for use by the platform.
- To deploy the Protectimus multi factor authentication platform on private cloud infrastructure, the cloud must meet the following requirements: CPU: 2 cores, memory: 8 GB; OS: Linux; cloud disk: 100 GB; load balancer.
Data Signing or Dynamic Linking
CWYS (Confirm What You See) technology protects against phishing, banking Trojans, data replacement, etc. One-time passwords are generated using data about the current transaction, such as transaction amount, currency, and payment purpose.
Your users can independently manage their personal data, MFA device (tokens) or MFA app (adding, deactivating, reissuing). The system administrator determines which actions are available to users.
Integrates with your chosen SMS provider
SMS authentication is available, so you can link any SMS operator of your choosing. The on-premise 2FA platform offers deep integration with your SMS provider over the SMPP protocol, enabling you to manage every service event and status.
You can set up the Protectimus MFA authentication system so that only users from selected countries and at a specific time of the day could access their accounts. For example, you can allow access only to users from Russia from 8:00 to 18:00. Otherwise, access will be denied.
A cluster-based, fault-tolerant system
To ensure uninterrupted operation of your MFA server, you can deploy it to a cluster of several servers (we recommend using at least three nodes.) You'll need a load balancer to distribute the load among them.
Analysis of the user environment
Protectimus 2FA platform allows analyzing the user's environment (browser version, operating system, language, screen resolution, color depth, etc.) and requesting two-factor authentication only when the allowed number of mismatches is exceeded.
The Protectimus on-premise solution supports OATH tokens from all vendors, as long as their secret keys are known.
Classic and Reprogrammable hardware TOTP tokens in a key fob form factor; waterproof and shockproof. Reprogrammable TOTP tokens in a card form factor that support time synchronization. Being hardware tokens, Protectimus Slim NFC is one of the best 2 factor authentication options in terms of security. MFA authenticator app for generating one-time passwords; supports HOTP, TOTP, and OCRA algorithms, with time synchronization. MFA authentication apps Protectimus Smart OTP are available for Android and iOS.
Classic and Reprogrammable hardware TOTP tokens in a key fob form factor; waterproof and shockproof.
Reprogrammable TOTP tokens in a card form factor that support time synchronization. Being hardware tokens, Protectimus Slim NFC is one of the best 2 factor authentication options in terms of security.
MFA authenticator app for generating one-time passwords; supports HOTP, TOTP, and OCRA algorithms, with time synchronization. MFA authentication apps Protectimus Smart OTP are available for Android and iOS.
Integration with the client's chosen SMS provider. SMPP-based integration enables the client to manage service event and status. One-time password delivery via email. Uses the HOTP algorithm. Delivery of one-time passwords and other notifications via Telegram, Viber, and Messenger.
Integration with the client's chosen SMS provider. SMPP-based integration enables the client to manage service event and status.
One-time password delivery via email. Uses the HOTP algorithm.
Delivery of one-time passwords and other notifications via Telegram, Viber, and Messenger.
Winlogon & RDP
Set up 2FA when logging into Windows 7/8/8.1/10 and when connecting to a computer running Windows over RDP.
Ready-to-use component for integration with
Microsoft AD FS 3.0 and 4.0.
Integration with Outlook Web App
(Exchange Server 2013/2016/2019) in a few clicks.
The ready-to-use Protectimus RProxy component supports integration with any system or device over the RADIUS protocol: Citrix NetScaler (ADC), XenApp, XenDesktop, VMware, and others.
Single sign-on (SSO)
Enable your users to access multiple applications using a single set of credentials: static and one-time passwords.
Set up two-factor authentication
for the RoundCube email client.
Active Directory, LDAP (with Protectimus DSPA)
Direct integration with directory services enables you to secure access to all nodes in your infrastructure at once.
You can use our API for direct integration. Our API is designed according to REST principles. Data is transmitted as XML or JSON.
For quick and easy integration, take advantage of our ready-to-use SDKs for Java, PHP, and Python.
On Premise Platform Pricing
The minimum rate is US$199 per month for 181 users.
The greater the number of users, the less the cost per user.
Lifetime license with 12 months of support
US$15,000 + $9.99 per user
Additional technical support can be purchased separately