Single Sign-On, using your Active Directory credentials, is available for Windows PCs joined to the domain. When used, users are automatically authenticated to Active Directory and the Passwordstate web site, without the need for them to specify their username and password.
If you prefer not to use Single Sign-On Active Directory Authentication method, you can choose to use Manual Active Directory Authentication, whereby the user must first manually authenticate using the site their AD username and password.
Make use of the leading two-factor authentication solution, and require your users to authenticate using RSA's SecurID tokens https://www.rsa.com/products/securid/
Passwordstate also supports YubiKey authentication with the Yubico Cloud based OTP, or the OATH - TOTP and OATH - HOTP protocols - https://www.yubico.com.
Make use of the leading cloud-based two-factor authentication solution, and choose Duo Security's Authentication - either Push, SMS or Phone Call - https://www.duosecurity.com/.
Google provides a free two-factor authentication solution called Google Authenticator, with authentication software available for most mobile clients - https://code.google.com/p/google-authenticator.
Integrate authentication with your existing RADIUS infrastructure as well. Based on the RADIUS Protocol, free RADIUS servers such as http://freeradius.org/ can be used, as well as many commercials ones.
ScramblePad Authentication works by assigning a Pin number to a user's account. When asked to authenticate, the user must match their pin number against a series of randomly generated letters.
When you first authenticate to Passwordstate, a temporary Pin Code can be emailed to an email address of your choice (could even be an SMS Gateway). The Pin Code is only active as long as the time period as specified by your Passwordstate Security Administrator(s).
Passwordstate also supports SAML2 authenticator, with various SAML providers who support this standard. Providers such as https://www.okta.com/, https://www.onelogin.com/, or even Active Directory Federation Services (ADFS).
If your preference is not to use the Active Directory Integrated authentication method, you can opt for Local Account authentication. With Local Account authentication, there is no reliance on AD at all, and users must supply username/password every time they wish to use Passwordstate.