Multi Factor Authentication: On Premise Platform

On-Premise Protectimus platform

The Protectimus On-Premise MFA (multi factor authentication) platform can be installed on local infrastructure, or on the client's private cloud. You retain control over confidential information (user data, secret keys), and you can secure the multi-factor authentication server to meet even the most stringent security requirements. For example, you can place the on-premise platform on an isolated network without internet access and add additional protection using firewalls.

The Protectimus On-Premise platform for multi-factor authentication supports multidomain environments, clusters, replication, and backups. Additional MFA authentication platform features can be developed upon request. You can also link your SMS provider using the SMPP protocol.

Cross-platform

The Protectimus on-premise 2FA server is written in Java to be platform-independent. It supports Linux, FreeBSD, Windows, and other operating systems.

Multidomain environments

The Protectimus multifactor authentication platform supports user authentication in multidomain environments with Active Directory. This means that you can set up two-factor authentication for users on different domains within a single organization.

Replication and backup functionality

The Protectimus On-Premise two-factor authentication solution supports backups and data replication functionality to prevent the loss of valuable data.

Basic specifications and requirements

- Supports Linux, FreeBSD, Windows, and other operating systems.
- Supports Google Chrome, Mozilla Firefox, and Internet Explorer.
- All system components comply with the Java Programming Style Guidelines; the DRY (Don't Repeat Yourself), DIE (Duplication Is Evil) and TDD (Test-Driven Development) development practices; and the OATH (Initiative for Open Authentication) OTP authentication standards.
- Protectimus multi factor authentication solutions use the HMAC, HOTP, TOTP, and OCRA algorithms to generate one-time passwords.
- Before installing the Protectimus multi authentication platform on your server, Java (JDK version 8) must be installed, as well as the PostgreSQL DBMS, version 10 or later. In PostgreSQL, a new database must be created for use by the platform.
- To deploy the Protectimus multi factor authentication platform on private cloud infrastructure, the cloud must meet the following requirements: CPU: 2 cores, memory: 8 GB; OS: Linux; cloud disk: 20 GB; load balancer.

Data Signing or Dynamic Linking

CWYS (Confirm What You See) technology protects against phishing, banking Trojans, data replacement, etc. One-time passwords are generated using data about the current transaction, such as transaction amount, currency, and payment purpose.

Self-service portal

Your users can independently manage their personal data, MFA device (tokens) or MFA app (adding, deactivating, reissuing). The system administrator determines which actions are available to users.

Integrates with your chosen SMS provider

SMS authentication is available, so you can link any SMS operator of your choosing. The on-premise 2FA platform offers deep integration with your SMS provider over the SMPP protocol, enabling you to manage every service event and status.

Access Filters

You can set up the Protectimus MFA authentication system so that only users from selected countries and at a specific time of the day could access their accounts. For example, you can allow access only to users from Ireland from 8:00 to 18:00. Otherwise, access will be denied.

A cluster-based, fault-tolerant system

To ensure uninterrupted operation of your MFA server, you can deploy it to a cluster of several servers (we recommend using at least three nodes.) You'll need a load balancer to distribute the load among them.

Analysis of the user environment

Protectimus 2FA platform allows analyzing the user's environment (browser version, operating system, language, screen resolution, color depth, etc.) and requesting two-factor authentication only when the allowed number of mismatches is exceeded.

OATH tokens

The Protectimus on-premise solution supports OATH tokens from all vendors, as long as their secret keys are known.

Protectimus Two & Flex

Classic and Reprogrammable hardware TOTP tokens in a key fob form factor; waterproof and shockproof.

Protectimus Slim NFC

Reprogrammable TOTP tokens in a card form factor that support time synchronization. Being hardware tokens, Protectimus Slim NFC is one of the best 2 factor authentication options in terms of security.

Protectimus Smart OTP

MFA authenticator app for generating one-time passwords; supports HOTP, TOTP, and OCRA algorithms, with time synchronization. MFA authentication apps Protectimus Smart OTP are available for Android and iOS.

Protectimus SMS

Integration with the client's chosen SMS provider. SMPP-based integration enables the client to manage service event and status.

Protectimus Mail

One-time password delivery via email. Uses the HOTP algorithm.

Messaging chatbots

Delivery of one-time passwords and other notifications via Telegram, Viber, and Messenger.

Available integrations:

Winlogon & RDP

Set up 2FA when logging into Windows 7/8/8.1/10 and when connecting to a computer running Windows over RDP.

Microsoft ADFS

Ready-to-use component for integration with
Microsoft AD FS 3.0 and 4.0.

Microsoft OWA

Integration with Outlook Web App
(Exchange Server 2013/2016/2019) in a few clicks.

RADIUS

The ready-to-use Protectimus RProxy component supports integration with any system or device over the RADIUS protocol: Citrix NetScaler (ADC), XenApp, XenDesktop, VMware, and others.

Single sign-on (SSO)

Enable your users to access multiple applications using a single set of credentials: static and one-time passwords.

RoundCube

Set up two-factor authentication
for the RoundCube email client.

Active Directory, LDAP (with Protectimus DSPA)

Direct integration with directory services enables you to secure access to all nodes in your infrastructure at once.

API-based integration

You can use our API for direct integration. Our API is designed according to REST principles. Data is transmitted as XML or JSON.

SDK-based integration

For quick and easy integration, take advantage of our ready-to-use SDKs for Java, PHP, and Python.

Download platform (Windows) Read manual
if you use a different OS, contact us at [email protected]

On Premise Platform Pricing

Subscription

The minimum rate is US$199 per month for 99 users.

The greater the number of users, the less the cost per user.

Additional technical support can be purchased separately.

Lifetime license with 12 months of support

US$20,000 + $14.99 per user.

If you deploy the platform on a cluster: US$30,000 + $14.99 per user.

Additional technical support can be purchased separately.