PortalGuard Settings
Featured articles
More articles
- PG RADIUS v2 - Disable OTP Method Prompt
Problem You have completed the RADIUS v2 configuration and wish to disable the first of the two prompts during MFA - the one that asks the user to choose which method to use for the RADIUS MFA request. Solution Update the ‘AuthMethodPrompt' setting and set it to 'no’. Navigate to the RADIUS v2 server (typically an Alpine Linux server running Docker). Use a file
- Understanding the "Use Active Directory's 'Computed Password Expiry'?" Setting
Question In the Password Expiration section of a PortalGuard Security Policy, what does the “Use Active Directory’s ‘Computed Password Expiry’?” setting instruct PortalGuard to do when checking for expired password? A common example often cited alongside this question: If we have different password expiration policies set on different OUs within AD, does PG look
- Change the PIN requirements for FIDO2 WebAuthn Keys
Problem When enrolling or using your FIDO2 Authentication hardware keys with PortalGuard, you are receiving a prompt to set/enter the PIN for the device. You would like to change this requirement. Requirements You already have FIDO2 WebAuthn setup in PortalGuard as an available authentication method. Further details can be found here: Solution Modify the userVerification
- How To Resolve the 'Authentication Failed' error when Users Attempt a Password Change
Problem End-Users receive an 'Authentication Failed' error when attempting a Password Change. Solution Ensure the PortalGuard service account is being utilized to enact the Password Change, as opposed to the individual user. Navigate to the PortalGuard server and open the PortalGuard Configuration Editor. Navigate to the User Repositories tab. Select the User
- List of Files Modified with WEB-Key Installation
Question What files are modified when the WEB-Key Client is installed on my workstation? Answer FileName C:\Documents and Settings C:\msi.trace C:\Program Files (x86)\BIO-key C:\Program Files (x86)\BIO-key\Common C:\Program Files (x86)\BIO-key\Common\BIO-keyVirtualClient.dll C:\Program Files (x86)\DigitalPersona C:\Program Files (x86)\DigitalPersona\Bin C:\Program
- List of Files Modified with PG Desktop Installation
Question What files are modified when PortalGuard Desktop is installed on my workstation? Answer C:\windows\system32 customPGDesktop2FATile.bmp libcrypto-1_1-x64.dll msvcp110d.dll msvcp120.dll msvcr110.dll msvcr120.dll npPGClient.dll PGCredentialPRovider.dll PGDesktop2FA-Enroll.bmp PGDesktop2FA-FPOnly.bmp PGDesktop2FA.bmp WebKeyLocalServicex64.dll WebKeyLoggerx64
- PortalGuard Server Requirements
Problem Looking to build a new PortalGuard server and need minimum server requirements. Solution: Minimum Recommended Requirements for the PortalGuard Server: Windows 2012/2016/2019/2022 Server OS Family IIS installation is required 6 GB RAM 80 GB HDD Storage Space 4 core CPU IIS Installation Requirements: These can be found in Chapter 2 – Install IIS – Windows
- Password Change Link Not Displaying in Account Management
Problem The "Change Now" link is no longer showing on the Account Management page for end users. They utilize this link to change their password through PortalGuard. Solution To display this link on the Account Management page a few minor changes will need to be made to the pg_acct.js page. This change will force the link to be displayed for the end users.
- Enabling CAPTCHA in PortalGuard
Problem You would like to enable CAPTCHA functionality within PortalGuard. Solution Quick Navigation Enabling CAPTCHA within PortalGuard’s Configuration Editor Enabling CAPTCHA within PortalGuard’s Security Policy Displaying CAPTCHA within PortalGuard’s Login Page Enabling CAPTCHA within PortalGuard’s Configuration
- Adding Helpdesk Phone Number
Problem You want to add your helpdesk phone number into the help text. Solution Change the hardcoded text in the 'pg_custom.js' file. How to change the Helpdesk Phone Number in the 'pg_custom.js' file Navigate to the PortalGuard Server Open an Administrative Text editor (such as Notepad++) Open C:\inetpub\PortalGuard\_layouts\images\PG\js\pg_custom.js Search
- How to Enable and Edit the Terms of Use Agreement
Problem You want to display the Terms of Use Agreement on your PortalGuard site and allow users to accept or deny them. Solution Enable the Terms of Use display in the PortalGuard Configuration Editor, and modify the pg_custom.js file to change the contents. IMPORTANT NOTE: Improper syntax in any JavaScript changes or additions WILL break the PG Website and impact
- Help Desk User Lookup Not Returning Results
Problem The Help Desk User type-ahead/lookup is not returning any results when entering a user's name. Solution If the search value is generic initially, this could be an issue with too many results being returned from the LDAP search. The steps below describe how to determine if this is the case and how to address it. In the PG_log...txt file, search for the
- Automatically Bypass the 'Try to continue logging in' prompt during Self-Service Actions
Problem You want to bypass the 'Try to continue logging in' prompt during Self-Service Actions, automatically proceeding to the next step during Challenge Question, Phone, and/or Email Enrollment. Solution Update the 'pg_custom.js' file with the appropriate function to skip this intermediate screen. File Location C:\inetpub\PortalGuard\_layouts\images\PG\js
- Changing the length of One Time Pass codes (OTPs)
Problem - Want to change the length of OTPs the end user receives. Solution - Edit the security Policy for which group you would like to receive longer OTPs. The following steps will allow you to update the length of the OTP being sent from PortalGuard. Steps for Solution: Navigate to the PortalGuard Server Open the PortalGuard Configuration
- Archiving RBAEvents Table
Problem The pstar SQL Database is too large to run Reports and most of the storage is being taken up by the RBAEvents table. Solution Run SQL scripts to back up data for a set number of days and Archive the RBAEvents table to lighten up the production database. How to archive RBAEvents NOTE: These steps utilize two (2) SQL scripts in the attached zip file. Create
- Require Email Address for PortalGuard Login
Problem Allow users to login using Domain name instead of username. Solution Important Note: This change requires your end users to all have a populated ‘mail’ attribute in Active Directory. If they do not, this change will prevent the user from being able to login to PortalGuard. As such, it may be worthwhile to test this change in a test environment first
- Use Regroup as SMS Provider
Problem You want to use Regroup as the SMS provider for PortalGuard. Solution The configuration to use Regroup within PortalGuard is very straightforward: Launch the PortalGuard Configuration Editor (PG_Config.exe) Click the Edit Bootstrap button Go to the tab: Services -> SMS Set Delivery Type: Hosted Service Set Provider: Regroup Paste your API Key into the
- HaveIBeenPwned? Integration for Password Change and Password Reset
Problem You want to check new passwords against the HaveIBeenPwned? database to address any potential security concerns. Solution Either enable the Native HaveIBeenPwned? Integration or add it to your PortalGuard Implementation Quick Navigation Steps to Enable the Native HaveIBeenPwned? Integration Add HaveIBeenPwned
- Syncing Multiple PortalGuard Servers
Problem You have two or more PortalGuard servers and would like to synchronize the Configuration files between them. Solution Add server to the 'Synchronize PortalGuard Servers' dialog in the PortalGuard Configuration Editor. How to Add a Server for Synchronization The various configuration files and settings between the two PortalGuard servers are maintained
- AS400 User Repository Integration
Problem Integrate PortalGuard with AS400 server repository. Solution Adding a new user repository and changing repository type. Steps for Solution Navigate to your PortalGuard Server Open the PortalGuard Configuration Editor On the bottom, select the ‘User Repositories’ tab and click the ‘Create’ button In the new window, fill out the name, description, and display
- Adding Security Policy
Problem Adding a security Policy for select group of users. Solution Create a new Security Policy in the PortalGuard Configuration Editor. Steps To Create a New Security Policy in the PortalGuard Configuration Editor Navigate to the PortalGuard Configuration Editor and select the ‘Security Policies’ tab Click Create on the right-hand side Modify your new security
- Authentication Methods-Twilio SMS
Problem You have configured the PortalGuard Bootstrap setting to use your Twilio account to send SMS messages but receive the "Hosted Service Delivery Failure" error when attempting to send an OTP. The PortalGuard runtime log shows the following error message: useTwilioService(): OTP delivery failed for user 'user1', err 21212: The 'From' number [YOUR-FROM-ADDRESS
- Allow Username OR Email Address for PortalGuard Login
Problem: Allowing both username and username@domain format to login to PortalGuard Solution: Edit the User repository To move forward, you will need to determine which field in AD you will use for the username@domain format. The steps below Assume userPrincipalName, but you may wish to use the mail field or something else. Steps for Solution: Open the PortalGuard
- Adding a Help Desk Region Through PortalGuard
Problem You need to add more specific control over the PortalGuard Help Desk Console to limit scope, available actions, or change the default search filter. Solution Configure a Help Desk Region through the PortalGuard Configuration Editor. Open the PortalGuard Configuration Editor Navigate to the 'User Repositories' tab Highlight the Policy you wish to configure
- Allow Access to the PortalGuard Help Desk Console
Problem You would like to allow access to the PortalGuard Help Desk Console, and subsequently manage users with an authorized account. Solution Allow access to the Help Desk Console through the 'User Repository' Configuration in the PortalGuard Configuration Editor. Steps for Allowing Access to the PortalGuard Help Desk Console On the PortalGuard Server, Open
- Using Help Desk Regions to Limit Help Desk User Permissions
Problem You would like to limit the permissions or scope of access granted to certain users with access to the PortalGuard Help Desk Console. Solution Configure a Help Desk Region through the 'User Repository' Configuration in the PortalGuard Configuration Editor. Steps for Configuring a Help Desk Region within the PortalGuard Help Desk Console On the PortalGuard
- Using Twilio as PortalGuard SMS Provider
Problem You want to use Twilio as the SMS provider for PortalGuard. Solution The configuration to use Twilio within PortalGuard is very straightforward: Launch the PortalGuard Configuration Editor (PG_Config.exe) Click the Edit Bootstrap button Go to the tab: Services -> SMS Set Delivery Type: Hosted Service Set Provider: Twilio Paste your Account SID Paste
- Group Authorization for PortalGuard Help Desk Access
Problem You would like to allow access to the PortalGuard Help Desk Console using Active Directory Groups or OU Designations. Solution Modify the 'User Repository' Configuration in the PortalGuard Configuration Editor, as well as the web.config file for the Help Desk Utility. Pre-Requisites This is currently ONLY supported for the PortalGuard Help Desk Utility
- Understanding PortalGuard Error Codes
Problem PortalGuard returning errors in the logging. The PG_log is showing major and minor error codes. Solution All the individual logic for request/response handling in PG are encapsulated by "agents". These agents ALWAYS return major error codes that indicate the overall success or failure of the request. Minor error codes are also returned by agents and
- How to use the PortalGuard Admin Dashboard Utility
Problem You want to know how to access the PortalGuard Admin Dashboard and generate reports or lookup details for specific user accounts. Solution Read through this article and follow the included steps to understand more about the PortalGuard Administrator Dashboard ("Admin Dashboard"), and utilize the various features. The Admin Dashboard provides your administrators
- Allow Access to the PortalGuard Admin Dashboard
Problem You want to grant specific users access to the PortalGuard Admin Dashboard to see Reports or utilize the User Detail Lookup Action. Solution Update the web.config file associated with the PortalGuard Admin Dashboard. On the PortalGuard server, navigate to 'C:\inetpub\PortalGuard\PG_DashBoard'. Locate the 'web.config' file in this folder and edit it in
- How to Create Custom Reports for the Admin Dashboard Utility
Problem You want to to view a different report via the Admin Dashboard Utility that returns information in a different configuration than one of the standard 'out-of-the-box' reports included with your PortalGuard Install. Solution Create a custom report xml to view via the Admin Dashboard Utility Important Note: This article covers custom reports in PortalGuard