We have a need for Two Factor Authentication (TFA) for our Consultants. When a consultant leaves or is terminated, we would like to take away the key and prevent them from logging into any of the client sites we support. Each client site is an independent domain. Each site has Active Directory and all sites have firewalls, with a majority of PIX devices. Currently, we have to touch every client site and change Groups and Passwords in AD and on the Firewall. As many of you know, this can be time consuming.
Additionally, we would like this TFA solution to be compatible with a whole disk encryption solution using the same hardware key.
Currently I am looking into SafeWord, Aladdin, and others. Are there any other consultants dealing with this type of security support issue? If so, what are your ideas?