eviden-logo

Evidian > Products > Web SSO & Identity Federation with Web Access Manager > Web Access Manager: Usage scenario

Web Access Manager: Usage scenario


Evidian Web Access Manager is the key to the vault securing numerous applications, portals, etc. Evidian presents several successful usage scenarios where it has been deployed in large companies or organisations.

Forms

Evidian Web Access Manager provides its own portal home page to authenticate users. This portal can be customised in accordance with the company style guide. You can also use a web page from a web server protected by Evidian Web Access Manager as the user home page for the portal.

Evidian Web Access Manager allows the web pages of protected applications to be modified dynamically. This unique functionality makes it possible to use any page on a protected server as an authentication window for restricted-access services.

Here is an example of a web page from a server in the original version.

WAM-Formulaire-originel

Once the page has been protected by Evidian Web Access Manager, this page will receive a new user authentication form. This page is in the "public" zone, accessible to all, and will serve as a portal for protected services that require authentication.

The authentication form and a link to the password recovery service have been dynamically inserted without modifying the web server.

WAM-Formulaire-modifie

Users can then be authenticated for access to their private services:

A new menu has been inserted dynamically into the page. It contains links to users' private services. Even if the user has bookmarks linking to private services, and is not authenticated, an authentication request will be automatically triggered.

The customisation of the authentication form, and the information displayed after authentication, is done through portions of the HTML code and can therefore be presented in any format.

This functionality allows any web page or web server to be transformed into a portal user homepage and facilitates the seamless integration of Evidian Web Access Manager into the company branding.

At no point are the original web pages modified on the server.

WAM-Formulaire-service

Google Apps

Evidian Web Access Manager supports SAML 2.0 as a Service Provider or Identity Provider. When company domain users wish to access the company's "Google Apps" applications, Evidian Web Access Manager is used as the Identity Manager.

When users connect to Google applications using URLs such as https://mail.google.com/d/domain.com or https://calendar.google.com/d/domain.com or through the Google authentication hub https://www.google.com/apps, they will be redirected to the company's authentication page.

Evidian Web Access Manager's Identity Provider supports all kinds of authentication, and users who, for example, have already been authenticated in the company's copy of Kerberos, will see no authentication window. Single Sign-On is federated for cloud and Google applications as well as the company's internal applications.

Here is an example of an access scenario for Google applications. A user "werner" tries to connect to his Google Calendar account through his company's dedicated URL: https://calendar.google.com/a/anon.frec.bull.fr. He is instantly redirected to the Identity Provider URL.

The user authentication is therefore managed by the IDP, while decisions about the strength of the authentication and the means of authentication are taken by the company. Each authentication produces logs and audit events.

WAM-GoogleApps-originel

Once he has been correctly identified, the user is automatically redirected to the page of the Google service.

WAM-GoogleApps-authentifie

All of the Google services are accessible.

Users may be handled by Google Apps manually or automatically, using Google Apps Directory Sync.

The IDP configuration has native support in Evidian Web Access Manager without the need for additional licences or software. Any configuration that protects internal web applications can rapidly become an Identity Provider for cloud services.

WAM-GoogleApps-access

Clouds

The cloud transforms the way people work with their company applications. Professional users deploy more and more software available in SaaS mode to complete their tasks. Salesforce, for example, offers all the functionality of a CRM to the sales staff who use it, and Google Apps allows its users to be more productive. However, the questions arising are even more obvious:

  • What about security?
  • How can we ensure effective access control?
  • How can we help users through, with the multiplication of URLs for SaaS mode services, and logins and passwords that are constantly changing?

Evidian uses identity federation standards to provide a Single Sign-On for cloud applications.

Evidian has also developed proprietary tools to protect and provide SSO to specific SaaS mode applications that do not comply with standards. Evidian addresses cloud security with the following usage scenarios:

  1. Companies using applications available in SaaS mode
  2. Companies that use their own private cloud
  3. Providers of cloud services that wish to protect the services they offer

Cas d'usage Cloud 2

Social authentication (or delegated authentication)

Issue

A truck manufacturer wished to provide access to dedicated services (technical documentation, the catalogue, reporting, etc.) for its dealers. The manufacturer's aim was to simplify access for dealers while minimising the administration tasks related to user account management.

cas d usage auth sociale

Our solution

Because users can be located anywhere, we suggested creating a Social Login. Dealers could then use their LinkedIn accounts to access dealer services.

Evidian Web Access Manager includes an authentication module allowing user authentication to be externalised to an external identity provider. The implementation of protocols such as SAML, OpenID and OAuth allow authentication to be delegated to a large number of identity providers.

Cas d'usage authent sociale

Evidian Products - Protect your company from cyber attacks by unauthorized users

Identity as-a-service

Evidian takes care of everything related to your Identity and Access Management with IDaaS

Learn more   >

Identity Governance and Administration

Manage access and authorization of all your users in your company

Learn more   >

Web Access Manager

Gateway for web apps with SSO, multi-factor authentication, identity federation

Learn more   >

Analytics

Monitoring and powerful reporting for regulatory compliance

Learn more   >

Authentication Manager

Authentication Manager

Enterprise multi-factor & passwordless authentication on Windows PCs

Learn more   >

Enterprise Single Sign-On (SSO)

Secure access to legacy and web apps on PCs & mobiles with SSO

Learn more   >

Self Service Password Reset (SSPR)

Reset Windows passwords online and offline

Learn more   >

SafeKit

High availability software for Evidian and partner applications

Learn more   >

Evidian IAM leader in the French and German markets and in U.S. Public Sector

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in France

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in Germany

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in U.S. Public Sector

What are IAM cyber security tools and solutions?

Evidian Products - Protect your company from cyber attacks by unauthorized users

Identity as-a-service

Evidian takes care of everything related to your Identity and Access Management with IDaaS

Learn more   >

Identity Governance and Administration

Manage access and authorization of all your users in your company

Learn more   >

Web Access Manager

Gateway for web apps with SSO, multi-factor authentication, identity federation

Learn more   >

Analytics

Monitoring and powerful reporting for regulatory compliance

Learn more   >

Authentication Manager

Authentication Manager

Enterprise multi-factor & passwordless authentication on Windows PCs

Learn more   >

Enterprise Single Sign-On (SSO)

Secure access to legacy and web apps on PCs & mobiles with SSO

Learn more   >

Self Service Password Reset (SSPR)

Reset Windows passwords online and offline

Learn more   >

SafeKit

High availability software for Evidian and partner applications

Learn more   >

Evidian IAM leader in the French and German markets and in U.S. Public Sector

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in France

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in Germany

Evidian IAM

Evidian IAM cyber security tools and solutions – Leader in Identity and Access Management in U.S. Public Sector

What are IAM cyber security tools and solutions?