Protectimus DSPA

Scheduled password changes

The Protectimus DSPA component for Active Directory two-factor authentication regularly changes users' passwords in AD. The administrator specifies the password change interval. In this system, passwords are composed of two parts: a static part (specified by the user) and a dynamic part (a one-time password generated using the TOTP algorithm). The resulting passwords look like this: P@ssw0rd!459812.

On-premise platform

The Protectimus DSPA component for Active Directory security and Protectimus two-factor authentication platform are installed on the client's premises. You can manage all the data and processes yourself to ensure the maximum level of infrastructure security. The Protectimus on-premise platform is designed for multidomain environments. It also offers cluster, replication, and backup features.

Hassle-free administration

Unlike traditional MFA solutions, Protectimus DSPA frees administrators from the need to install additional software on client machines and update it periodically. After integrating the Protectimus DSPA component with Active Directory, multi-factor authentication passwords will automatically be required to log into all systems connected to Active Directory MFA (Winlogon, RDP, OWA, etc.)

How does it work?

Protectimus integrates directly with Microsoft Active Directory (or any other user directory) to add a six-digit password onto users' static passwords. The six digits are a one-time password generated using the TOTP algorithm, so they constantly change. Active Directory users’ and computers’ passwords now look like this: P@ssw0rd!459812, where P@ssw0rd! is the fixed part, and 459812 is a one-time password.

The administrator sets the one-time password change interval, which can be 30 seconds or longer. The interval must be a multiple of 30 seconds. The Active Directory change password frequency can be set individually for each user. It is also possible to choose which groups of users are required to use Protectimus Dynamic Strong Password Authentication (DSPA) and which are not. The Protectimus DSPA component regularly changes users' passwords on the schedule set by the administrator. In this process, only the six final digits are changed.

Thus, Active Directory user authentication looks like this: users can gain access to their accounts by entering their fixed passwords and the one-time code all in one go. To generate OTPs, users can use the in-app one-time password generator Protectimus SMART; a chatbot on Telegram, Viber, or Facebook; or special hardware tokens for Protectimus DSPA.

On-premise Platform

The Protectimus on-premise platform supports multidomain environments. Clustering, replication, and backup features are also available. Using the on-premise platform gives you total control over the data, processes, and fault tolerance of the system, as well as the server's level of protection against attacks. You can build a security system around your authentication server to your own specifications. You can use any firewall, close off the server completely to outside access, and use any other security measures you desire.
Before installing the Protectimus authentication platform on your server, Java (JDK version 8) must be installed, as well as the PostgreSQL DBMS, version 10 or later.

Private Cloud

Protectimus two-factor authentication server can be also deployed in the client’s private cloud. no matter where the platform is installed, either in your environment or in the private cloud, it supports multidomain environments, clustering, replication, and backup features, as well as it gives the client total control over sensitive data and processes.
Before installing the Protectimus authentication platform on the private cloud, make sure the cloud infrastructure you set up fulfills the following technical specifications: Instance type: 2 Core (СPU), 8 GB (MEM); OS for all Instances: Linux; Cloud Disk: 100GB/per month for each Instance; Network Traffic: 1000GB/per month; Load Balancer.