There are a few things to know about WiKID:

Functionally:

1.  It works in your network.  Using RADIUS, we can talk to all the major remote access solutions and VPNs.  If you're currently using two-factor auth, we can replace it.   With Aass, you need to install software too - you need a proxy to secure the radius traffic.

2.  It works with your directory.  Using NPS or another radius server, you can separate authorization in your directory and authentication to WiKID.   We have docs on how to this with NPS and Freeradius.   AaaS requires two-steps, login with AD creds, then phone authentication.  WiKID is one-step two-factor authentication.

3.  Our new native  AD 2FA protocl allows: A).  2FA for windows administrators, both Domain and Local; B). 2FA for users.  C). Password resets for users. Use 2FA instead of 20 questions or expensive help desk calls.  Here's how to add 2FA for Admins on both Linux and Windows boxes.   Pay for 2FA by elimating password reset calls.

4.  Both factors are represented in WiKID's one-time passcode. We use asymmetric keys generated on the device.  We do not have copies!

5. We support RADIUS attributes, TACACS+ and have an LGPL-license API all included at no extra cost. 

Financially:

1.  We post our pricing so there's no bait-and-switch, sales tactic BS. 

2.  It's an annual subscription.  So, we are very motivated to deliver secure reliable, maintenance-free software and we do.  You have the same risk as with a service.

Operationally:

1.  Pre-sales engineering > post-sales support.  Use the 30-day eval and 5 free users to make sure it works for you.  There't no operational risk. You actually can't pay us until you setup the server. 

2.   If you have a lot of users, you can manage user registration programmatically via the API.  We provide scripts to allow users to add themselves based on AD credentials. 

3.  We do not offer hardware tokens, just software tokens on PCs and smartphones.  We support a lot of platforms though.