If you haven’t heard of Entrust IdentityGuard you should do some reading. It is a very good alternative to RSA SecurID backed up by a market leader in PKI. The impression you get of RSA is that they are arrogant, complacent and with regards to their pricing, trying to bend you over a barrel as often as possible. Fortunately for enterprise customers there is an alternative!
With Entrust you are dealing with a company that is keen to break into the two factor market, offers a competitive package, provides software that includes a wide range of authentication methods built-in, will replace all your existing RSA tokens for free; and the tokens they do sell you, cost 1/10th the price of RSA. Even better they never expire. Additionally their support costs are not extortionate.
Its not perfect for sure, for example, it has got to be the most complicated SQL database install I have ever witnessed. If any Entrust developers are reading this, for god sake man, include the database creation and permissioning into the IdentityGuard installer.
It was written in Linux and ported to Windows, so if you are a Windows junkie like me its a bit of a struggle. Also it uses Apache Tomcat rather than IIS. Ever issued certificates for Tomcat? Not fun, but regardless of these minor points it kicks RSA’s ass.
I’ve used RSA for years and it is much more granular and after that initial period of confusion, it definitely grows on you. I would definitely recommend at least 5 days consulting time to make sure it is installed and configured optimally. I had 3 days onsite with a consultant and barely touched the surface.
Apart from IdentityGuard the only other component you will need is their IdentityGuard Self-Service module which sits in your DMZ and offers users the ability to manage their remote access authentication options remotely.
If you haven’t yet, check out their potential cost savings calculator.