With Evidian Authentication Manager, secure access to your workstations and servers in any situation. Cover all authentication scenarios, for a user accessing one or several PCs, or several users sharing the same PC.
Passwords are the weak point of many authentication policies. Single or shared Windows passwords create a risk of intrusion, and make it almost impossible to precisely verify the use of Windows accounts.
Evidian Authentication Manager with strong authentication resolves these problems by replacing passwords with MFA: devices or biometrics. But strong authentication does have operational constraints. To deploy it and manage thousands of users, it must cover all usage scenarios – otherwise, it may get in the way of employees’ work.
Branch employees and sales staff in outlets can use a PC in kiosk mode and find their own environment in a few seconds without having to change their Windows session. In hospital, a doctor’s working session continues throughout their shift.
Traders and technicians in the control room can open, lock, unlock or close a cluster of PCs with single multi-factor authentication. They can also delegate access to their locked sessions, partially or completely, temporarily or permanently.
Evidian Authentication Manager simplifies the use and daily management of strong authentication:
With Evidian Authentication Manager, you are not restricted to a single technology. You use the right authentication in the right place. Your security policy only needs to be defined once for all access modes.
Evidian Authentication Manager replaces several administration consoles. The helpdesk unlocks or removes access in a few seconds, whether for a Windows password, smartcard, RFID, biometrics or one-time password (OTP).
Windows users can unlock access themselves with emergency passwords in self-service mode (SSPR). This eliminates many support calls.
Evidian Authentication Manager adapts the use of strong authentication to the professional constraints of users, by allowing scenarios to be developed such as:
A broad range of authentication methods.
Most authentication technologies are supported:
Evidian Authentication Manager allows you to manage the life cycle of cards through a single point. You assign cards and manage replacements, black lists, data and certificates.
Sales staff and branch employees share a kiosk and obtain their personal desktop in seconds, without restarting the Windows session. When doctors do their rounds, their Windows sessions move with them around the hospital.
Traders and control room staff can access a cluster of PCs with a single authentication. They can lock it, unlock it, or delegate it, partially or completely, temporarily or permanently.
When users go on holiday or are absent for any reason, Evidian Authentication Manager allows them to delegate access to their computer under the control of the security policy.
Users can use generic Windows accounts in full security. They don’t need to know any passwords and are identified by their names. They can obtain temporary access in this way.
When Evidian Authentication Manager is launched on a PC for the first time, the user chooses the questions and answers. If they forget their access token, they can obtain temporary access in this way.
Mobile users can reinitialise their access if they are not connected. They reply to questions from the login window of their laptop computer.
Signed audit trails are stored in a central database. Analyse them by access point, application, user, smartcard, etc. The data can be exported to SIEM tools and reports.
Evidian Authentication Manager is part of Evidian’s identity and access management solutions. The authentication and identity life cycles converge.
Evidian Authentication Manager uses your LDAP database or Active Directory. Users are not duplicated.
All the security data is encrypted and stored, and no additional boxes need to be installed. You can begin in one department and then roll out Evidian Authentication Manager to thousands of users.
Evidian Authentication Manager works on most versions of Microsoft Windows, Terminal Server and Citrix XenApp.
With QRentry™, you access Windows using a QR Code™.
QRentry drastically reduces helpdesk costs: users unlock their own access using a smartphone if they forget their Windows password, or even lose their smartcard or authentication token. By controlling the technicians’ access to the local Windows administrator account, QRentry eliminates a common loophole in compliance policies.
QRentry is an Evidian Authentication Manager module, a software solution that facilitates the use of strong authentication and allows authentication scenarios to be developed. QRentry can be downloaded from Google Play or the Apple Store.
Video – QRentry in action:
What: When a user loses their password, smartcard or authentication token, they can unlock their access using a QR code.
Why: QRentry is the ideal partner for the use of strong authentication, which generates numerous calls to the helpdesk such as “lost smartcard” or “biometrics not working“.
What: Technicians must use a QR code to access a PC’s local administrator account. A record is kept of all access in a central location in the technician’s name, and access rights can be removed in a few seconds. Users can no longer imitate a technician to obtain admin rights.
Why: QRentry makes the “admin / admin” semi-public passwords useless and difficult to modify. Local administrator accounts are no longer the “Achilles heel” of compliance.
Evidian Self-Service Password Reset (SSPR) offers several intuitive procedures to securely allow end-users to reset their Windows password from their web portal, their workstation or their mobile.
Evidian Enterprise SSO replaces user passwords with a single authentication such as a password, biometrics, a smartcard or a radio badge. Access is immediate, whether the applications are internal or external to the company.
More on Evidian Enterprise SSO.
Traders or operation centers working with multiple screens or with a video wall require a single login to multiple computers at once. Evidian proposes a unique feature on the market with a single authentication to lock / unlock all sessions on a cluster of computers. The solution is compatible with password, smart card, RFID, biometrics.