Passwords are the weak point of many authentication policies. Single or shared Windows passwords create a risk of intrusion and make it almost impossible to precisely verify the use of Windows accounts.
Evidian Authentication Manager with strong authentication resolves these problems by replacing passwords with MFA: devices or biometrics. Authentication manager with Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
Evidian Authentication Manager allows you to manage the lifecycle of MFA through a single point. You assign (smartcard) and manage replacements, blacklists, data and certificates... using the existing infrastructure.
Evidian Authentication Manager answers specific issues coming from different types of activity sectors. The different functionalities of Evidian Authentication Manager will help employees and Information Technology team to be more efficient during their daily tasks without compromising security. A large range of authentication technologies are supported by Authentication Manager.
Evidian Authentication Manager simplifies the use and daily management of strong authentication:
With Evidian Authentication Manager, you are not restricted to a single technology. You use the right authentication in the right place. Your security policy only needs to be defined once for all access modes.
Evidian AM allow your staff to save time during daily tasks, thanks to functionalities providing them to switch quickly workstations and sessions, by limiting the use of passwords, securely and seamlessly integrated in your environment.
Evidian Authentication Manager manages the lifecycle of cards through a single point. You assign cards and manage replacements, blacklists and optionally certificates. Combined with Enterprise SSO, Authentication Manager adds a layer of security to access your most critical applications. Access to the Windows session, and use of an Authentication method is audited by the solution.
You can therefore demonstrate compliance with your access policy. You can monitor your employees’ attempts to access PCs. The audit events contain user identification. This enables you to demonstrate that your access policy is observed and fulfills its objectives. Evidian Authentication Manager embeds a reporting module allowing dashboard generation on key indicators such as: activity, snapshot, risk, surveillance and KPIs. Reports can be downloaded by authorized users.
Thanks to Evidian Authentication Manager, from a single console, help desk staff unlock or remove access immediately for any authentication means (password, smart card, RFID, biometrics, One-Time Password (OTP)…).
Moreover, users unlock their Windows access using Self-Service Password Request (SSPR). This eliminates “unlock me” support calls.
Evidian Authentication Manager adapts the use of strong authentication (MFA – Multi-factor authentication) to the professional constraints of users. It secures access to workstations and servers in any situation and cover all authentication scenarios for all types of user profiles.
With Evidian Enterprise Access Management you can add a layer of authentication to your primary method. When logging in to your Windows session, a second authentication factor reinforces access point security. You can add an authentication method supported by Authentication Manager and Windows, in addition to your standard Authentication Manager method as a contextual authentication.
Branch employees and sales staff in outlets can use a PC in kiosk mode and find their own environment quickly without having to change their Windows session. In hospitals, a doctor’s working session continues throughout his/her shift.
In order to reduce costs in purchasing workstations, many companies use shared workstations with generic Windows accounts to access the Windows session without having to log off and log back on.
Evidian Enterprise Access Management provides different kiosk modes.
With the standard kiosk feature of Evidian, the Windows generic account is set centrally to the targeted computer.
If the Microsoft autologon feature is already set on the target PC, you can securely share a Windows session among users with the Multi User Desktop feature of Evidian, switching quickly from one user to another. Evidian Multi-User Desktop displays an interface that may hide the full Windows desktop when no user is authenticated on the workstation and hiding user's application environment when leaving the workstation. Multi User Desktop can use the same Authentication Methods supported by Authentication Manager.
Evidian Kiosk Access combined with Evidian Enterprise SSO allow users application access without having to memorize each password.
Traders and technicians in the control room can open, lock, unlock or close a cluster of PCs with single multi-factor authentication. They can also delegate access to their locked sessions, partially or completely, temporarily or permanently.
The Evidian cluster mode is intended to employees who have several computers on their desk and need to use them at the same time. The cluster mode is also useful for a video wall displaying screens of multiple computers that must be open with a single authentication.
Typically in a hospital, you must log on to multiple PCs during the day.
The Roaming Session feature simplifies the successive authentication to several computers. When a user, typically a doctor, needs to access several computers during the day, he only has to authenticate strongly once on the first computer to initiate a roaming session. Then, during his roaming session period, he will just have to present his authentication device to open or unlock his Windows session on computers. This function is particularly used by hospitals emergency desks, where nurses and doctors need immediate access to information.
As users move from one computer to another, they might forget to lock the computer they are leaving. Evidian allows to swith workstations securely. Indeed, the Double-Login Prevention feature ensures that when a user is authenticating on a computer, the session opened on the previously used computer is locked.
Evidian Authentication Manager allows the use of contactless badges for Windows session opening (combined with Windows password or a PIN). Therefore, your physical access control badge can also be used for logical access on workstations or servers.
The proliferation of passwords have become the main security threats for organizations. The need to simplify access for users
by a one click access to their applications, without compromising security policies, has become a main goal for many companies.
*on Internet Explorer, Edge, FireFox and Chrome.
**with Safari and Chrome
Evidian Self-Service Password Reset (SSPR) offers several intuitive procedures to securely allow end-users to reset their Windows password from their web portal or the Windows login screen. The solution provides a full set of audit trail reports of WHO resets a Windows password WHEN and from WHERE.
Authenticate with a smartphone and a QR code (even offline), which can be downloaded on a smartphone from Google Play and the Apple Store. When users lose a password or a smartcard, they can unlock themselves their PC via QR Codes (secure One-Time Passwords (OTP)).