Authentication Manager: Multi-Factor strong Authentication (MFA)
Passwords are the weak point of many authentication policies. Single or shared Windows passwords create a risk of intrusion and make it almost impossible to precisely verify the use of Windows accounts.
Evidian Authentication Manager with strong authentication resolves these problems by replacing passwords with MFA: devices or biometrics. Authentication manager with Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
- Secured access to your workstations and servers in any situation
- Replace user passwords with MFA: devices or biometrics
- Strenghten security by strictly enforcing the password policy
- Login simultaneously to several PCs
- Non-intrusive solution
- Available for cluster PC and kiosk PC
Easily implement, centralize and secure the MFA lifecycle
Evidian Authentication Manager allows you to manage the lifecycle of MFA through a single point. You assign (smartcard) and manage replacements, blacklists, data and certificates... using the existing infrastructure.
Secure complex authentication scenarios - Simplify MFA deployment
Increase Productivity - Improve Security & Compliance - Reduce usage costs
Secure complex authentication scenarios
Evidian Authentication Manager answers specific issues coming from different types of activity sectors. The different functionalities of Evidian Authentication Manager will help employees and Information Technology team to be more efficient during their daily tasks without compromising security. A large range of authentication technologies are supported by Authentication Manager.
Simplify multi-factor authentication (MFA) deployment
Evidian Authentication Manager simplifies the use and daily management of strong authentication:
- Centralized access policy management.
- Authentication profile based on groups.
- Integrated card management system (Assign, lock/unlock, blacklist, format, lend smart card, reports).
- Centralized audit of all attempts to access the computers.
With Evidian Authentication Manager, you are not restricted to a single technology. You use the right authentication in the right place. Your security policy only needs to be defined once for all access modes.
Evidian Authentication Manager allow your staff to save time during daily tasks, thanks to functionalities providing them to switch quickly workstations and sessions, by limiting the use of passwords, securely and seamlessly integrated in your environment.
Improve Security and compliance
Evidian Authentication Manager manages the lifecycle of cards through a single point. You assign cards and manage replacements, blacklists and optionally certificates. Combined with Enterprise SSO, Authentication Manager adds a layer of security to access your most critical applications. Access to the Windows session, and use of an Authentication method is audited by the solution.
You can therefore demonstrate compliance with your access policy. You can monitor your employees’ attempts to access PCs. The audit events contain user identification. This enables you to demonstrate that your access policy is observed and fulfills its objectives. Evidian Authentication Manager embeds a reporting module allowing dashboard generation on key indicators such as: activity, snapshot, risk, surveillance and KPIs. Reports can be downloaded by authorized users.
Reduce usage costs
Thanks to Evidian Authentication Manager, from a single console, help desk staff unlock or remove access immediately for any authentication means (password, smart card, RFID, biometrics, One-Time Password (OTP)…).
Moreover, users unlock their Windows access using Self-Service Password Request (SSPR). This eliminates “unlock me” support calls.
Adapts to each business need
Evidian Authentication Manager adapts the use of strong authentication (MFA – Multi-factor authentication) to the professional constraints of users. It secures access to workstations and servers in any situation and cover all authentication scenarios for all types of user profiles.
Two-Factor Authentication - Kiosk Access
Cluster Authentication - Session Management - Extend usage of existing cards
With Evidian Enterprise Access Management you can add a layer of authentication to your primary method. When logging in to your Windows session, a second authentication factor reinforces access point security. You can add an authentication method supported by Authentication Manager and Windows, in addition to your standard Authentication Manager method as a contextual authentication.
Branch employees and sales staff in outlets can use a PC in kiosk mode and find their own environment quickly without having to change their Windows session. In hospitals, a doctor’s working session continues throughout his/her shift.
In order to reduce costs in purchasing workstations, many companies use shared workstations with generic Windows accounts to access the Windows session without having to log off and log back on.
Evidian Enterprise Access Management provides different kiosk modes.
With the standard kiosk feature of Evidian, the Windows generic account is set centrally to the targeted computer.
If the Microsoft autologon feature is already set on the target PC, you can securely share a Windows session among users with the Multi User Desktop feature of Evidian, switching quickly from one user to another. Evidian Multi-User Desktop displays an interface that may hide the full Windows desktop when no user is authenticated on the workstation and hiding user's application environment when leaving the workstation. Multi User Desktop can use the same Authentication Methods supported by Authentication Manager.
Evidian Kiosk Access combined with Evidian Enterprise SSO allow users application access without having to memorize each password.
Traders and technicians in the control room can open, lock, unlock or close a cluster of PCs with single multi-factor authentication. They can also delegate access to their locked sessions, partially or completely, temporarily or permanently.
The Evidian cluster mode is intended to employees who have several computers on their desk and need to use them at the same time. The cluster mode is also useful for a video wall displaying screens of multiple computers that must be open with a single authentication.
Typically in a hospital, you must log on to multiple PCs during the day.
The Roaming Session feature simplifies the successive authentication to several computers. When a user, typically a doctor, needs to access several computers during the day, he only has to authenticate strongly once on the first computer to initiate a roaming session. Then, during his roaming session period, he will just have to present his authentication device to open or unlock his Windows session on computers. This function is particularly used by hospitals emergency desks, where nurses and doctors need immediate access to information.
As users move from one computer to another, they might forget to lock the computer they are leaving. Evidian allow to switch workstations securely. Indeed, the Double-Login Prevention feature ensures that when a user is authenticating on a computer, the session opened on the previously used computer is locked.
Extend usage of existing cards
Evidian Authentication Manager allows the use of contactless badges for Windows session opening (combined with Windows password or a PIN). Therefore, your physical access control badge can also be used for logical access on workstations or servers.
Certification and compliance
Enterprise SSO - Single Sign-On
The proliferation of passwords have become the main security threats for organizations. The need to simplify access for users
by a one click access to their applications, without compromising security policies, has become a main goal for many companies.
- Replace user passwords with a single authentication
- Strenghten security by strictly enforcing the password policy
- Provide support for strong authentication methods (MFA)
- Non-intrusive and easy to deploy solution
- For web*, legacy and desktop applications
- Available for Windows and MacOS**
*on Internet Explorer, Edge, FireFox and Chrome.
**with Safari and Chrome
SSPR (Self-Service Password Reset)
Evidian Self-Service Password Reset (SSPR) offers several intuitive procedures to securely allow end-users to reset their Windows password from their web portal or the Windows login screen. The solution provides a full set of audit trail reports of WHO resets a Windows password WHEN and from WHERE.
- Change password when connected or not to the network
- Without contacting the helpdesk
- (Q&A) Answering pre-defined questions
- Scanning a QR Code with Evidian QRentry App
- One-time password (OTP) sent via email and/or SMS
- Using a challenge response mechanism
Strong Authentication via QR Code
Authenticate with a smartphone and a QR code (even offline) thanks to QRentry, which can be downloaded on a smartphone from Google Play and the Apple Store. When users lose their password or smartcard, they can unlock their PC via QR Codes (secure One-Time Passwords (OTP)).
- Strong authentication using a QR Code
- Use as second factor authentication (2FA)
- QRentry for Windows Authentication
- Low-footprint deployment
- Security and confidentiality
- Fast user adoption
- Boosts your enterprise’s innovation image