Create a single access
point to the corporate
applications

The solution based on Axidian Access creates single access point for passthrough authentication of employees in the corporate IT systems

SCHEDULE PRODUCT DEMO

Task
Solution
Technical parameters

Task

Companies from all industries and sectors largely rely on a wide spectrum of desktop and web applications, including both general-purpose and specialized software.

General-purpose software is widely used in the Electronic Document Management Systems (EDMS), Enterprise Resource Planning (ERP) Systems, and accounting systems. On the other hand, specialized applications often serve as software components for Automated Process Control Systems (APCS), Customer Relationship Management (CRM) and Warehouse Management Systems (WMS). That said, specialized applications are often custom-made.

All these services can be used for addressing a variety of corporate tasks — offering government services, ensuring legal compliance, or engaging in revenue-generating activities. Most of such systems require authorization.

It is important to keep in mind that some software solutions cannot be easily integrated with a domain directory service such as Active Directory. Many services also maintain internal user databases, and therefore require separate authentication. Sadly enough, applications that support sign-on options other than password-based authentication are still uncommon.

That said, password-based authentication has several widely known disadvantages:

You need a security incident to actually occur to learn that your password has been compromised, while intruders will do their best to disguise their presence in your IT infrastructure.
The risk of theft and illegal use of passwords for malicious activity intensifies in the case of remote work.
Passwords are highly vulnerable to social engineering techniques when users are coerced to directly or indirectly disclose their password to the intruder.
Regular users may find it hard to meet all password security requirements, especially when they have to use separate user accounts for different services.

Given the prevalence of broadband Internet access and the growing popularity of remote connections, these disadvantages may become a critical vulnerability for both your corporate applications and the entire company. After all, if the credentials of one of your accountants were to fall into the hands of intruders, this may have quite serious implications for your company, including total shutdown of its operations.

The choice of desktop and web applications may be enormous, even if we talk about one single industry, which makes the development of individual connectors (special modules enabling pass-through authentication) for each target app extremely challenging. This is not an easy task even when it comes to most popular services. Likewise, the development of connectors for your custom applications may prove quite expensive; not many companies can afford this.

Different kinds of software implementing Single Sign-On technology are widely used for ensuring secure unified authentication across all corporate desktop and web applications. Products of this class are also designed to build centralized authentication and password management systems (its functionality being similar to Password Manager software).

Solution

You can build a reliable unified authentication system by using a Single Sign-On product that supports a variety of target desktop and web applications.

Axidian Access features a specialized module, Enterprise Single Sign-On, that supports all types of applications. This module enables SSO login by intercepting GUI login and password entry forms and inserting relevant credentials.

A special utility helps to create an ESSO template for each target application. The template contains application-specific instructions for the ESSO agent: where to enter the credentials and which button (s) to click in order to log in. This means that the system can support almost all types of desktop and web applications with their own authentication systems. The ESSO agent is a client component that can be installed both on a workstation running Microsoft Windows or a Microsoft Remote Desktop Server.

The scenarios that can be deployed with the Enterprise Single Sign-On software are discussed below.

Secure remote connection to a single point of entry: MS RDS with a pre-installed ESSO module enables pass-through authentication across all terminal applications.
Password management for pass-through (transparent) authentication: the module will store your logins and passwords and automatically insert them into relevant fields whenever a desktop or web application is launched.
Passwords hidden from the user: passwords can be assigned by an administrator or by using an Identity Governance & Administration (IGA) solution.
Extension of the above scenario: the ESSO module can intercept the GUI password entry forms, automatically insert the old password, generate a new one, insert it into relevant fields, and «click» the OK button. This way, the users will not be able to bypass Axidian Access when logging into an application.
Strong authentication factors: you can enable various strong authentication methods (from one-time passwords to biometrics) across all scenarios. The hidden password scenario combined with strong authentication for all corporate applications ensures top-level security across your entire IT infrastructure.

All ESSO parameters can be customized via access policies. A relevant policy can be applied to a specific unit in your organizational structure (for example, an OU in Active Directory), and the settings for all users located in this unit or its child objects will be aligned with this policy. The scope of a given policy can be fine-tuned by filtering it with user groups.

Technical parameters

User directories

Active Directory

Target resources

Microsoft Windows
Microsoft Remote Desktop Server

Desktop and web application security settings

Hierarchy: policies applied at the level of all applications, at the level of individual apps, and at the level of user groups
Password management: password storage only or hidden passwords with password renewal (via the application’s password renewal form)
Authentication: strong authentication for all applications or pass-through authentication (without using additional authentication factors)

Authentication technology

Biometrics: fingerprints, palm vein pattern, and face geometry (2D and 3D)
Hardware devices: contactless cards, USB tokens, iButtons, and RFID cards
One-time passwords: TOTP/HOTP applications, OTP tokens, one-time password delivery via SMS, Telegram and email
Other methods: push authentication app

Third-party tool integrationn

Workstation security solutions: Secret Net Studio
Permission and user account management tools: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
Public key infrastructure management tools: Axidian CertiFlow
Tools for information security event monitoring and correlation: SIEM solutions

Get the budget estimation of your project

GET QUESTIONNAIRE

Best practice solutions

Replace passwords with biometric authentication

Implement two-factor authentication based on smart cards

Create a single access point to the corporate applications

Access information systems with RFID cards

Secure remote access to corporate resources

Implement centralized authentication management

Create a single access point to the corporate web applications

Meet the PCI DSS requirements

Finance

Telecom

manufacturing

Retail

government

Transport

Andy Woo

Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

KC KuppingerCole Report

Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

Michael Bürger

Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

Leo Querubin

Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

Volkan Duman

Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

Marko Pust

Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

Heng Lie

Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

Sergey Yeliseyev

X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.