What is Authentication Manager?
The Authentication Manager offers a simple and coherent solution to manage and secure user access to PCs. Authentication Manager manages password authentication. To answer enterprise problematics, it helps deploy strong authentication in the most complex business contexts such as shared PCs (hospitals, retail stores, factories, …) or clusters of workstations (trading floors, network operating centers, …). It manages shared or generic Windows accounts and enables Windows account delegation between users.
To follow or contact us:
Evidian Authentication Manager:
Multi-Factor strong Authentication (MFA)
Passwords are the weak point of many authentication policies. Single or shared Windows passwords create a risk of intrusion and make it almost impossible to precisely verify the use of Windows accounts.
Evidian Authentication Manager with strong authentication resolves these problems by replacing passwords with MFA: devices or biometrics. Authentication manager with Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
With Evidian Authentication Manager:
► Secured access to your workstations and servers in any situation
► Replace user passwords with MFA: devices or biometrics
► Strenghten security by strictly enforcing the password policy
► Login simultaneously to several PCs
► Non-intrusive solution
► Available for cluster PC and kiosk PC.
With Evidian Authentication Manager, secure access to your PCs and servers in any situation. Cover all authentication scenarios, whether a user accesses one or
several PCs, or several users share one PC.
How to centralize and secure the MFA lifecycle?
Facilitate access rights administration
Managing users for multiple applications has become time-consuming and also a financial handicap for companies as certain applications share the same authentication, while others have dedicated user bases.
By centralising usernames and passwords, Evidian Enterprise SSO allows administrators to spend less time on password management tasks. This saved time can instead be spent on development of systems and on improving system performance. Evidian Enterprise SSO is a non-intrusive software and the solution is transparent for the end user. The method to detect an authentication window is easy to use and no modifications to applications are needed.
Simplify technology for users
With Evidian Enterprise SSO, passwords are entered and renewed automatically. Users save time and can access their applications with no restrictions. Current applications need not to be modified, neither Windows software nor web applications ( the Windows domain, CRM portal, Oracle or SAP applications, supplier portals).
Employees can get on with their work without worrying about forgotten passwords, and without having to change them regularly according to ever more complex criteria: special characters, length, case, etc.
Optimize your costs
A support call generally costs €15. Thanks to Evidian Enterprise SSO, these calls can be reduced by up to 30 %, as employees no longer will lose the application passwords. Automating connections avoids account lockouts due to typos or faulty keyboards as much as possible.
The cost of ownership and licences associated with applications can be optimized thanks to Evidian Enterprise SSO allowing creation of a list of active accounts for each application. When using Evidian Authentication Manager/SSPR, if a user lose his Windows password, the user can reset his Windows password at any time and without having to contact support.
By managing passwords’ lifecycle, Evidian Enterprise SSO ensures that accounts’ passwords correspond to your corporate security policies. With Enterprise SSO you will limit password sharing between your employees as well as passwords written down in an unsecure way…
Evidian Enterprise SSO can help you strengthen access to your applications by combining Multi Factor Authentication (MFA) to access your most critical applications.
Evidian Enteprise SSO provides one unique authentication to login to authorized applications. Users are no longer required to type or memorize passwords across multiple applications, and significantly reduce time needed for daily tasks.
Furthermore, by reducing password fatigue it will also reduce calls to the helpdesk up to 50%.
Compliance and audit
The solution will also ensure you to keep track of Who had accessed an application, at what time and date, on which workstation and by using which type of authentication method.
Adapts to each business need
Evidian Authentication Manager adapts the use of strong authentication (MFA – Multi-factor authentication) to the professional constraints of users.
It secures access to workstations and servers in any situation and cover all authentication scenarios for all types of user profiles.
With Evidian Enterprise Access Management you can add a layer of authentication to your primary method. When logging in to your Windows session, a second authentication factor reinforces access point security. You can add an authentication method supported by Authentication Manager and Windows, in addition to your standard Authentication Manager method as a contextual authentication.
Branch employees and sales staff in outlets can use a PC in kiosk mode and find their own environment quickly without having to change their Windows session. In hospitals, a doctor’s working session continues throughout his/her shift.
In order to reduce costs in purchasing workstations, many companies use shared workstations with generic Windows accounts to access the Windows session without having to log off and log back on.
Evidian Enterprise Access Management provides different kiosk modes.
With the standard kiosk feature of Evidian, the Windows generic account is set centrally to the targeted computer.
If the Microsoft autologon feature is already set on the target PC, you can securely share a Windows session among users with the Multi User Desktop feature of Evidian, switching quickly from one user to another. Evidian Multi-User Desktop displays an interface that may hide the full Windows desktop when no user is authenticated on the workstation and hiding user’s application environment when leaving the workstation. Multi User Desktop can use the same Authentication Methods supported by Authentication Manager.
Evidian Kiosk Access combined with Evidian Enterprise SSO allow users application access without having to memorize each password.
Traders and technicians in the control room can open, lock, unlock or close a cluster of PCs with single multi-factor authentication. They can also delegate access to their locked sessions, partially or completely, temporarily or permanently.
The Evidian cluster mode is intended to employees who have several computers on their desk and need to use them at the same time. The cluster mode is also useful for a video wall displaying screens of multiple computers that must be open with a single authentication.
Typically in a hospital, you must log on to multiple PCs during the day.
The Roaming Session feature simplifies the successive authentication to several computers. When a user, typically a doctor, needs to access several computers during the day, he only has to authenticate strongly once on the first computer to initiate a roaming session. Then, during his roaming session period, he will just have to present his authentication device to open or unlock his Windows session on computers. This function is particularly used by hospitals emergency desks, where nurses and doctors need immediate access to information.
As users move from one computer to another, they might forget to lock the computer they are leaving. Evidian allow to switch workstations securely. Indeed, the Double-Login Prevention feature ensures that when a user is authenticating on a computer, the session opened on the previously used computer is locked.
Extend usage of existing cards
Evidian Authentication Manager allows the use of contactless badges for Windows session opening (combined with Windows password or a PIN). Therefore, your physical access control badge can also be used for logical access on workstations or servers.
Evidian provides a series of IAM consulting services to help you build your identity and access management project. These services cover three principle domains:
► Implementation/demonstrator’s assistance with implementation/model
► Advice and audit services
► Design: technical architecture with the constraints of high availability (IT safety plan), detailed IAM functional specifications (workflow, policy, upstream and downstream provisioning), SSO and strong authentication, Web SSO.
For our E-SSO & Authentication Manager, WAM, IAM and SafeKit products, Evidian offers to implement a POC (Proof of concept):
Audit & services
The advice and audit group offers to support you with:
- Preparation studies
- Defining the project (outline, project plan, WBS)
- The design stages of the identity and access management solution.
We will spend time specifically on considering the organisational and technical aspects of such projects, and the ROI: financial, for users, professionals, IT support teams and of course security teams (implemented from an SMSI, professional regulatory constraints: Bale II/III, Solvency, HIPAA).
With regard to audit, the methodology adopted is the following:
Here are some examples of consulting tasks that can be achieved in Evidian:
|Audit of the existing set-up|
|Proposing a management model for the organisation’s authorisations with Policy Manager|
|Needs assessment in terms of strong authentication|
Evidian offers you support in the design phase of your project using our E-SSO & Authentication Manager, WAM, IAM and SafeKit products.
Here are some examples of tasks that can be achieved in Evidian:
|ESSO technical and functional specifications|
|WAM technical and functional specifications|
|IAM technical and functional specifications|
A major player in the aeronautical sector, let’s call it X, decided to provide shared access for all its branches and divisions. At the same time, X had set up a private cloud to store the access portal and shared services. To facilitate access to these services, X wished to offer a Single Sign-On service to its users, and extend this service to all its divisions.
X wanted to simplify the authentication process for users to access the “cloud”, which had to comply with four successive authentications at the time.
We analysed the existing portal
It was a web application installed in the “cloud”, federating access to all divisions, and allowing access to the shared resources of the company. The “cloud” contributed to direct access to shared services such as the CRM, intranet applications, HR, etc.
Choosing the right technical solutions:
- E-SSO (Enterprise SSO): An SSO device is installed on each workstation. Whenever the user enters a login/password, the SSO remembers it locally. After the user has successfully logged on, the SSO agent waits for the application’s login request. It intercepts those requests and automatically fills in the fields.
- Web SSO: Web SSO is an extension of the E-SSO device, designed specifically for web applications. A web portal is the interface between the client and the applications.
- SSO federation.
Analysing each scenario:
- Scenario 1: Using E-SSO for various divisions
- Scenario 2: Using WAM for the main portal and offering E-SSO as an option
- Scenario 3: Integrating the access portal into the WAM and offering E-SSO as an option.
Analysing the costs: in terms of equipment, licences and effort required to implement each scenario.
Offering an analysis of the different scenarios: selection criteria, decision matrix, SWOT table.
Find out more
Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.
The Evidian expertise centre helps its clients and partners to implement their projects, offering reliable expert assistance with its products and IAM solutions.
They occasionally run projects from end to end:
► to establish reference points in new geographical areas
► to carry out pioneering, innovative projects, in new technological environments.
In order to do this, they maintain a methodology for carrying out IAM projects, implementing company SSO projects and extending remote access projects.
Evidian has developed its own IAM methodology, and demonstrated it with large prestigious accounts: it allows you to use the main building blocks of the IAM structure in an incremental yet consolidated way: constituting the identity reference, managing roles, etc.
To facilitate the implementation of our User Access Services solution, the Evidian expertise centre supports its clients in the use of its security solutions. Over the years, it has acquired strong skills in implementing Evidian solutions in a complex environment.
These skills are a determining factor that will ensure the quality of your project.
We propose, through a complete service offering, to bring on board a team of Senior security consultants that are certified for CISSP, Microsoft, etc.
Our service offering takes clients’ needs into account in terms of flexibility, availability and the means of implementation.
The Evidian expertise centre participates in the complete life cycle of implementation projects, delivering Evidian Mobility solutions alone or with partners. We deliver customised services to define the architecture, and plan and implement the solutions offered to our clients.
Microsoft SharePoint was quickly adopted by professionals to share documents which are often confidential. A large European airport wished to publish links to applications stored internally. This raised the question of secure access and access controls to these applications.
The solution proposed to the airport allowed them to secure access to Microsoft SharePoint as well as to their internal applications. The Evidian expertise centre demonstrated a solution to allow professional collaboration between internal staff and partners in full confidence, with the following characteristics:
– Transparent NTLM authentication for internal users
– Weak authentication with a different account from the Active Directory one for internal users when they connect from outside
– Strong authentication by Mail OTP for partners that work in the airport
– Integrated access control while maintaining the SharePoint user interface
– Protection of SharePoint and internal applications against any attack
– Single Sign-On for SharePoint and internal applications offered by the airport to internal users and partners
Find out more
Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.
The Evidian expertise centre.
The Evidian expertise centre makes the best experts available to you, to support you throughout the life cycle of your security solution:
Upstream: set out a specification, verify the principles, etc.
For the implementation: installation, configuration, customisation, … or turnkey implementation
Downstream: training operators, usage, maintenance in operational condition, etc.
The forty experts may participate in all aspects of operations from units based in: Paris, Cologne, Manchester, Brussels, New York and Tokyo.
Evidian Support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.
Evidian Support prioritises the establishment of a real partnership, guaranteeing better response times to resolve incident tickets.
Our Support programmes allow you to establish a response adapted to your needs, whatever they are:
► Standard Support & Maintenance for access to updates and the support knowledge database, submitting incident tickets and assistance during working hours.
► Platinum Support & Maintenance for customised high-level support in a complex environment with availability constraints.
All the Support services are accessible on the support portal.
Support assistance is requested by opening an incident ticket with the Calldesk.
After opening an incident ticket, the nearest Support Centre experts will contact you.
Worldwide locations for Evidian Support:
|EMEA||Atos – Evidian, France, 78340 Les Clayes-sous-Bois, France||French – English|
|Atos – Evidian, France, 69578 Limonest||French – English|
|Atos – Evidian, Germany, 51149 Cologne||German|
|Atos – Evidian UK, England, Macclesfield, Cheshire||English|
|NORTH AMERICA||Atos – Evidian Inc. USA, New York, NY 10038||English|
|APAC||Atos – Evidian Japan, Japan, Tokyo 150-8512||Japanese|
Standard support and maintenance
Standard Support and Maintenance gives you access to the following services:
- Protected access, 24/7, to the support portal
- Advice and searching the support knowledge base for solutions
- Submission of and advice on incident tickets
- Remote assistance from experts at the Support Centre during working hours
- Providing new corrections
- Downloading versions, updates and product service packs
- Downloading product documentation
- Registering for the Information Bulletin publications and Support News (RSS feed).
Remote assistance is provided during working hours by the Support Centre, from Monday to Friday. Support is requested by opening an incident ticket in the support portal.
Platinium support and maintenance
Platinum Support and Maintenance offers customised support that takes into account the complexity of your technical and organisational environment. It responds to your service level needs and your contractual availability (SLA) by offering close monitoring and proactive support actions.
An Account Monitoring Technical Lead within the Support organisation will be your personal point of contact for all questions and incidents related to the products. They implement and run pilot projects for customised services:
- Monitoring meetings and provision of dashboards
- On-site visits for proactive support actions
- The implementation of a customised escalation procedure
- Faster response times
- 24/7 assistance with critical production incidents.
These services are in addition to services provided with Standard Support and Maintenance.
For certain products (*), the support team can keep a reference copy of your version with the list of corrections specific to your configuration. This service allows improved responsiveness with greater security, when emergency corrections are made during production.
(*) Authentication Manager & Enterprise SSO 8.0x, Identity & Access Manager 9.0x.
Training makes a significant difference to projects. The in-depth knowledge of Evidian products makes participants much more productive and allows for predictive project planning.
Our clients are constantly working to improve their productivity and profitability in an increasingly competitive market. To this end, they adopt new technologies with solutions that meet their needs exhaustively but are also social and open with a long and productive life. Our partners use Evidian products to implement these solutions. They can all attend training and certification programmes offered by the Evidian Institute in order to take advantage of Evidian products and make best use of the technology.
After attending the Evidian Institute training sessions, each person, depending on their job and their role within the project, will be in a position to effectively determine the best configuration and final architecture of the solutions. It will also improve the participants’ confidence in their capacity to rapidly implement projects and meet deadlines. Some of them will learn how to adapt the solutions to the needs of the end client for a minimal cost. Others will learn how best to take advantage of the numerous and powerful functions of Evidian products.
This white paper details the strong authentication methods that are most commonly used in organizations and their specific features.
Secure access to your PCs and servers in any situation. Cover all authentication scenarios, whether a user accesses one or several PCs, or several users share one PC.
Enterprise SSOSimplify access for users by a one click access to their applications, without compromising security policies.
Visit solution page >
SSPR (Self-Service Password Reset)The SSPR solution provides a full set of audit trail reports of WHO resets a Windows password WHEN and from WHERE.
Visit solution page >
Identity Governance and AdministrationControl identities and rights to enable business transformation.
Visit solution page >
Web Access ManagerThe central point of access to all your applications.
Visit product page >
Analytics and IntelligenceDetect Suspicious behaviour and improve governance.
Visit product page >