Evidian Enterprise Single Sign-on

Secure and simplify access from anywhere

Reduce up to 50%
helpdesk calls for password reset*

Save 15€/call
on your help desk cost (on average)*

To follow or contact us:
Linkedin | Twitter

 

*based on analyst reports

What is SSO (Single-Sign On)?

SSO (Single-Sign On) is the functionality that allows users to sign-in (authenticate) only once during a whole session, no matter how many applications are being accessed. They can then access their data transparently, without the constraint of retyping a new user name/password couple.

By creating an obligatory passage point between a user and its applications, an organization can effectively control the accesses. Moreover, a log of these accesses and administration operations is kept centrally, which facilitates audit. This facilitates compliance with confidentiality, integrity and availability requirements.

Evidian Enterprise SSO (Single Sign-On)

Free your users from remembering and typing passwords!
Evidian Enterprise SSO provides agile single sign-on to all users, businesses and organizations. By automating password management, Evidian Enterprise SSO simplifies your users’ lives and lets you drive your security policy.

With Evidian Enterprise SSO:

Replace user passwords with a single authentication

Strenghten security by strictly enforcing the password policy

Provide support for strong authentication methods (MFA)

Non-intrusive and easy to deploy solution

For web (on IE, Edge, Firefox, Chrome), legacy and desktop applications

Available for Windows and MacOS (with Safari and Chrome)

Evidian Enterprise SSO performs the SSO functionality. The video shows a single sign-on that allows access to different applications with strong passwords for each application.

White paper: Enterprise Single Sign-On featuring mobility, security and simplicity

Why do enterprises invest in SSO?

Facilitate access rights administration

Managing users for multiple applications has become time-consuming and also a financial handicap for companies as certain applications share the same authentication, while others have dedicated user bases.
By centralising usernames and passwords, Evidian Enterprise SSO allows administrators to spend less time on password management tasks. This saved time can instead be spent on development of systems and on improving system performance. Evidian Enterprise SSO is a non-intrusive software and the solution is transparent for the end user. The method to detect an authentication window is easy to use and no modifications to applications are needed.

Simplify technology for users

With Evidian Enterprise SSO, passwords are entered and renewed automatically. Users save time and can access their applications with no restrictions. Current applications need not to be modified, neither Windows software nor web applications ( the Windows domain, CRM portal, Oracle or SAP applications, supplier portals).

Employees can get on with their work without worrying about forgotten passwords, and without having to change them regularly according to ever more complex criteria: special characters, length, case, etc.

Optimize your costs

A support call generally costs €15. Thanks to Evidian Enterprise SSO, these calls can be reduced by up to 30 %, as employees no longer will lose the application passwords. Automating connections avoids account lockouts due to typos or faulty keyboards as much as possible.
The cost of ownership and licences associated with applications can be optimized thanks to Evidian Enterprise SSO allowing creation of a list of active accounts for each application. When using Evidian Authentication Manager/SSPR, if a user lose his Windows password, the user can reset his Windows password at any time and without having to contact support.

IDnomic-acces_poste

Reinforce security

By managing passwords’ lifecycle, Evidian Enterprise SSO ensures that accounts’ passwords correspond to your corporate security policies. With Enterprise SSO you will limit password sharing between your employees as well as passwords written down in an unsecure way
Evidian Enterprise SSO can help you strengthen access to your applications by combining Multi Factor Authentication (MFA) to access your most critical applications.

Increase Productivity

Evidian Enteprise SSO provides one unique authentication to login to authorized applications. Users are no longer required to type or memorize passwords across multiple applications, and significantly reduce time needed for daily tasks.

Furthermore, by reducing password fatigue it will also reduce calls to the helpdesk up to 50%.

Compliance and audit

Evidian Enterprise SSO will help you comply with latest data regulations, such as GDPR he solution is CSPN certified.

The solution will also ensure you to keep track of Who had accessed an application, at what time and date, on which workstation and by using which type of authentication method.

Adapts to your business needs

The main function of the product is to prevent users from entering a username and password for each application used. It also allows a user to delegate access to an application to another user without having to disclose their password

Delegate user accounts

What happens if an employee wishes to be replaced by a colleague while he or she is away?

Previously with an unsecured solution, said employee revealed his or her login and password, with all the inherent risks in terms of security and audit. Evidian Enterprise SSO, on the contrary, allows an employee to temporarily delegate access to a colleague. Of course, he or she can only do so if your security policy authorizes it. Moreover, a record of accesses is kept, so you know which operations have been performed by which user.

Shared application accounts

Evidian Enterprise SSO allows users to access shared accounts without knowing passwords. When the account requires a password change, the Evidian solution proceeds to the generation of a new password, and each authorized user will take advantage of it without realizing it.

The use of the shared account is audited by the solution and the administrator may retrieve which user grants access to which application, and when.

Reauthenticate

For critical applications, Evidian E-SSO can be easily configured to ask for reauthentication to access application. You can reauthenticate with a Password or force the use of MFA for your most critical applications.

4 eyes authentication

When the need of an approval of a third person is necessary to validate a sensitive operation (use case Bank/Insurance/Pharma…), the user and validator can use Evidian E-SSO to securely validate the operation and enhancing security of this 4 eyes authentication by requesting strong authentication to inject the signature.

Enterprise SSO for mobile device

Enterprise SSO for mobile devices (QRentry for Android and iOS) automatically enters application passwords for you, stores securely personal notes and passwords in your mobile eVault. Those information are securely stored in your SSO directory and available from your workstation and your mobile devices.

Consulting

Evidian provides a series of IAM consulting services to help you build your identity and access management project. These services cover three principle domains:

Implementation/demonstrator’s assistance with implementation/model
Advice and audit services
Design: technical architecture with the constraints of high availability (IT safety plan), detailed IAM functional specifications (workflow, policy, upstream and downstream provisioning), SSO and strong authentication, Web SSO.

Demonstration

For our E-SSO & Authentication Manager, WAM, IAM and SafeKit products, Evidian offers to implement a POC (Proof of concept):

Prerequisites
  • POC specification/Needs requirement from the pilot project
  • List of constraints: number of sites, deadlines, costs, number of persons, number of applications, etc.
  • Technical infrastructure: VM, directory technology (e.g. AD/ADLS, Fedora, database)
Participants
  • RSSI/Project Manager, MOA, MOE
Content
  • POC script
  • Installation and configuration of the EVIDIAN software according to the POC specification
  • Assistance
  • Restitution
Equipment
  • VM with the Evidian WAM software installed, presentation for the restitution

Audit & services

The advice and audit group offers to support you with:

  • Preparation studies
  • Defining the project (outline, project plan, WBS)
  • The design stages of the identity and access management solution.

We will spend time specifically on considering the organisational and technical aspects of such projects, and the ROI: financial, for users, professionals, IT support teams and of course security teams (implemented from an SMSI, professional regulatory constraints: Bale II/III, Solvency, HIPAA).

With regard to audit, the methodology adopted is the following:

Here are some examples of consulting tasks that can be achieved in Evidian:

Task

Content

Audit of the existing set-up
  • Identifying the references and applications to be taken into account
  • Identifying existing processes and analysing how they take place
  • Analysing the directory architecture
  • Analysing the access control policy in place
  • Identifying access control measures
  • Identifying the applications provided/adapted
  • Identifying any SPOFs (Single Point of Failure) as well as Split Brain cases
Proposing a management model for the organisation’s authorisations with Policy Manager
  • Modelling applications
  • Modelling professional roles
  • Defining professional roles
  • Defining rules for the separation of powers
Needs assessment in terms of strong authentication
  • Offering an access control policy based on the following three criteria:
  • User profiles
  • Access point profiles (user positions)
  • Application profiles
  • Detailed authentication mechanisms based on target users, terminals used and access achieved

Design

Evidian offers you support in the design phase of your project using our E-SSO & Authentication Manager, WAM, IAM and SafeKit products.

Here are some examples of tasks that can be achieved in Evidian:

Task

Content

ESSO technical and functional specifications
  • Managing user security profiles
  • Managing security profiles for access points (workstations)
  • Managing application security profiles
  • Fast user switching
  • Administration of the solution
WAM technical and functional specifications
  • Managing the portal and/or local or remote web agents
  • Defining web servers
  • Managing services
  • Managing access control
  • Managing SSO
  • Managing data input
  • Managing authentication
  • Managing certificates and keys for CRLs
  • Administration of the solution
IAM technical and functional specifications
  • Synchronisation feed specifications
  • Workflow specifications
  • Security policy specifications
  • Provisioning specification

Expert testimony

Issue

A major player in the aeronautical sector, let’s call it X, decided to provide shared access for all its branches and divisions. At the same time, X had set up a private cloud to store the access portal and shared services. To facilitate access to these services, X wished to offer a Single Sign-On service to its users, and extend this service to all its divisions.
X wanted to simplify the authentication process for users to access the “cloud”, which had to comply with four successive authentications at the time.

Our proposal

We analysed the existing portal

It was a web application installed in the “cloud”, federating access to all divisions, and allowing access to the shared resources of the company. The “cloud” contributed to direct access to shared services such as the CRM, intranet applications, HR, etc.

Choosing the right technical solutions:

  • E-SSO (Enterprise SSO): An SSO device is installed on each workstation. Whenever the user enters a login/password, the SSO remembers it locally. After the user has successfully logged on, the SSO agent waits for the application’s login request. It intercepts those requests and automatically fills in the fields.
  • Web SSO: Web SSO is an extension of the E-SSO device, designed specifically for web applications. A web portal is the interface between the client and the applications.
  • SSO federation.

Analysing each scenario:

  • Scenario 1: Using E-SSO for various divisions
  • Scenario 2: Using WAM for the main portal and offering E-SSO as an option
  • Scenario 3: Integrating the access portal into the WAM and offering E-SSO as an option.

Analysing the costs: in terms of equipment, licences and effort required to implement each scenario.

Offering an analysis of the different scenarios: selection criteria, decision matrix, SWOT table.

Find out more

Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.

Project management

The Evidian expertise centre helps its clients and partners to implement their projects, offering reliable expert assistance with its products and IAM solutions.

They occasionally run projects from end to end:

to establish reference points in new geographical areas

to carry out pioneering, innovative projects, in new technological environments.

In order to do this, they maintain a methodology for carrying out IAM projects, implementing company SSO projects and extending remote access projects.

IAM methodology

Evidian has developed its own IAM methodology, and demonstrated it with large prestigious accounts: it allows you to use the main building blocks of the IAM structure in an incremental yet consolidated way: constituting the identity reference, managing roles, etc.

Atos cybersecurity Evidian Methodology-IAM

Enterprise SSO

To facilitate the implementation of our User Access Services solution, the Evidian expertise centre supports its clients in the use of its security solutions. Over the years, it has acquired strong skills in implementing Evidian solutions in a complex environment.

These skills are a determining factor that will ensure the quality of your project.

We propose, through a complete service offering, to bring on board a team of Senior security consultants that are certified for CISSP, Microsoft, etc.

Our service offering takes clients’ needs into account in terms of flexibility, availability and the means of implementation.

WAM

The Evidian expertise centre participates in the complete life cycle of implementation projects, delivering Evidian Mobility solutions alone or with partners. We deliver customised services to define the architecture, and plan and implement the solutions offered to our clients.

An exemple

Issue

Microsoft SharePoint was quickly adopted by professionals to share documents which are often confidential. A large European airport wished to publish links to applications stored internally. This raised the question of secure access and access controls to these applications.

Our solution

The solution proposed to the airport allowed them to secure access to Microsoft SharePoint as well as to their internal applications. The Evidian expertise centre demonstrated a solution to allow professional collaboration between internal staff and partners in full confidence, with the following characteristics:

– Transparent NTLM authentication for internal users

– Weak authentication with a different account from the Active Directory one for internal users when they connect from outside

– Strong authentication by Mail OTP for partners that work in the airport

– Integrated access control while maintaining the SharePoint user interface

– Protection of SharePoint and internal applications against any attack

– Single Sign-On for SharePoint and internal applications offered by the airport to internal users and partners

Find out more

Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.

Services

The Evidian expertise centre.

The Evidian expertise centre makes the best experts available to you, to support you throughout the life cycle of your security solution:

Upstream: set out a specification, verify the principles, etc.

For the implementation: installation, configuration, customisation, … or turnkey implementation

Downstream: training operators, usage, maintenance in operational condition, etc.

The forty experts may participate in all aspects of operations from units based in: Paris, Cologne, Manchester, Brussels, New York and Tokyo.

Client support

Evidian Support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.

Evidian Support prioritises the establishment of a real partnership, guaranteeing better response times to resolve incident tickets.

Our Support programmes allow you to establish a response adapted to your needs, whatever they are:

Standard Support & Maintenance for access to updates and the support knowledge database, submitting incident tickets and assistance during working hours.
Platinum Support & Maintenance for customised high-level support in a complex environment with availability constraints.

Do you have any questions? Would you like a free and customised evaluation? Contact us.
Are you already a customer with a support contract? Access Evidian Support.

All the Support services are accessible on the support portal.
Support assistance is requested by opening an incident ticket with the Calldesk.
After opening an incident ticket, the nearest Support Centre experts will contact you.

Worldwide locations for Evidian Support:

Region

Location

Languages

EMEAAtos – Evidian, France, 78340 Les Clayes-sous-Bois, FranceFrench – English
Atos – Evidian, France, 69578 LimonestFrench – English
Atos – Evidian, Germany, 51149 CologneGerman
Atos – Evidian UK, England, Macclesfield, CheshireEnglish
NORTH AMERICAAtos – Evidian Inc. USA, New York, NY 10038English
APACAtos – Evidian Japan, Japan, Tokyo 150-8512Japanese

Standard support and maintenance

Standard Support and Maintenance gives you access to the following services:

  • Protected access, 24/7, to the support portal
  • Advice and searching the support knowledge base for solutions
  • Submission of and advice on incident tickets
  • Remote assistance from experts at the Support Centre during working hours
  • Providing new corrections
  • Downloading versions, updates and product service packs
  • Downloading product documentation
  • Registering for the Information Bulletin publications and Support News (RSS feed).

Remote assistance is provided during working hours by the Support Centre, from Monday to Friday. Support is requested by opening an incident ticket in the support portal.

Platinium support and maintenance

Platinum Support and Maintenance offers customised support that takes into account the complexity of your technical and organisational environment. It responds to your service level needs and your contractual availability (SLA) by offering close monitoring and proactive support actions.

An Account Monitoring Technical Lead within the Support organisation will be your personal point of contact for all questions and incidents related to the products. They implement and run pilot projects for customised services:

  • Monitoring meetings and provision of dashboards
  • On-site visits for proactive support actions
  • The implementation of a customised escalation procedure
  • Faster response times
  • 24/7 assistance with critical production incidents.

These services are in addition to services provided with Standard Support and Maintenance.

Platinum Maintenance

For certain products (*), the support team can keep a reference copy of your version with the list of corrections specific to your configuration. This service allows improved responsiveness with greater security, when emergency corrections are made during production.

(*) Authentication Manager & Enterprise SSO 8.0x, Identity & Access Manager 9.0x.

Training

Training makes a significant difference to projects. The in-depth knowledge of Evidian products makes participants much more productive and allows for predictive project planning.

Our clients are constantly working to improve their productivity and profitability in an increasingly competitive market. To this end, they adopt new technologies with solutions that meet their needs exhaustively but are also social and open with a long and productive life. Our partners use Evidian products to implement these solutions. They can all attend training and certification programmes offered by the Evidian Institute in order to take advantage of Evidian products and make best use of the technology.

After attending the Evidian Institute training sessions, each person, depending on their job and their role within the project, will be in a position to effectively determine the best configuration and final architecture of the solutions. It will also improve the participants’ confidence in their capacity to rapidly implement projects and meet deadlines. Some of them will learn how to adapt the solutions to the needs of the end client for a minimal cost. Others will learn how best to take advantage of the numerous and powerful functions of Evidian products.

>> Training program

Migration program

Automatic transfer of the SSO data from your SSO solution to Evidian Enterprise SSO
Evidian Enterprise SSO automatically re-directs SSO data (Id and Password) from your current SSO solution and stores them into its own data repository. This migration is totally transparent for your end-users.

Business continuity
Both products having similar look and feel, workers are never impacted in their daily activity. The transition towards the market leader Evidian is carried out thanks to a simple software add-on. This program is simple to use and reliable; it has been tested on several projects around the globe.

Identity and Access Management (IAM)
Evidian SSO offers the possibility to automatically provision SSO data (application, accounts, Id and Password) from your own Identity Management solution using its user provisioning feature and the API or Web Service exposed and documented by Evidian Enterprise SSO.

Related resources

Atos cybersecurity Evidian E-SSO

Whitepaper

Enterprise Single Sign-On featuring mobility, security and simplicity

How to choose an enterprise single sign-on and password management solution for all applications?

Atos cybersecurity Evidian E-SSO

Factsheet

Single sign-on for a secure access from anywhere

Free your users from remembering and typing passwords. Evidian Enterprise SSO provides agile single sign-on to all users, businesses and organizations.

Atos cybersecurity Evidian Authentication manager MFA WP en

Whitepaper

Multi-factor strong methods: Which choice for your enterprise workstations?

This white paper details the strong authentication methods that are most commonly used in organizations and their specific features.

Related products

Authentication manager: Windows MFA (Multi-Factor Authentication)

Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
Visit solution page >

SSPR (Self-Service Password Reset)

The SSPR solution provides a full set of audit trail reports of WHO resets a Windows password WHEN and from WHERE.
Visit solution page >

Identity Governance and Administration

Control identities and rights to enable business transformation.
Visit solution page >

Web Access Manager

The central point of access to all your applications.
Visit product page >

Analytics and Intelligence

Detect Suspicious behaviour and improve governance.
Visit product page >

Interested in our Evidian Enterprise SSO solutions?