Evidian > Products > Web SSO & Identity Federation with Web Access Manager
experience at least
one compromised account threat per month
let their employees use their own device
to access business applications
emanate from on-prem apps as of today,
while modern federation protocols are expected
to account for 60% by 2022
A modern IT landscape relies more and more on Cloud apps. However on-prem apps largely prevail. Evidian Web Access Manager (WAM) enables you to transparently address access challenges for both environments.
While security remains your main concern, users expect a totally frictionless experience in their corporate digital journey, indifferently using corporate assets, their own devices from inside the entreprise realm or directly from the internet.
Protect and enable employees, contractors, partners and customers with Evidian WAM.
WAM allows to track audits events: authentication and any user request or administrators actions.
The solution becomes a key enabler for compliance as it answers most technical challenges sets by the EU’s GDPR.
Cloud Identity Security by Evidian is our offer to align your Identity and Access Management with your Cloud strategy. It allows to automatically provision (and de-provision) user accounts to Cloud providers, as well as creating and managing service accounts without any impact on your Cloud applications. It also permits to leverage your identity repository: on-prem AD, Azure AD or any other directory. By default the Principle of Least Privilege is applied and a set of predefined roles is proposed for immediate take-off. Accesses are protected across all your IT, Cloud, SaaS, on-prem with transparent SSO and strong multi-factor Authentication methods.
Your resources deserve the best protection. Nowadays, a company's IT assets tend to be mainly web accessible, yet there is a variety of such services: modern web applications, REST APIs, legacy web resources, mobile apps...
And that is to be combined with other parameters: do we speak about homebrew applications? hosted on-premises or in the cloud? SaaS applications? Accessed from a PC, a tablet, an iPhone or a Chromebook?... Evidian Web Access Manager is a versatile solution that helps you answer these challenges... and more!
From a simple central point of access to your SaaS business applications to complex scenarios involving suppliers and consumers, keep control of your important assets.
Evidian WAM extensively supports Identity Federation standards, acting as an Identity provider to authenticate internal users toward SaaS apps, as a service provider to let you securely publish your own services or even as an IdP proxy to allow your partners' users access your resources in a trustworthy way.
REST APIs are the way toward modernization, either to create custom applications or to open your IT to the outer world.
Delegate the burden of protecting your APIs to Evidian Web Access Manager: it can both manage API authorization with OAuth 2.0 and let you securely publish your APIs with access protection, ensuring only the right ressources are accessed by the right app at any time.
Passwords have been identified as a vector of data breach for a long time now.
Evidian WAM comes with a large catalog of embedded authentication methods. From simple OTP, X509 certificates, TOTP to next generation authentication means : patented challenge-response Evidian GridCard, Evidian QRentry (QRcode generated OTP), Push Authentication with Evidian Authenticator mobile app, as well as the new Fido 2 standard. Third party authentication services (such as Gemalto, RSA, Double Octopus, ...) can also be seamlessly integrated.
All these methods can be combined to create stronger authentication scenarios. In addition Evidian comes with Adaptive Authentication and step-up that let you decide which method a user should use according to his location, the time of the day, his browsing environment and the ressource he is trying to access.
Security is not all about encryption, all security strategies must take into account the human factor. Today, the average internet user possesses more than one hundred online accounts, which means just a few passwords to remember and a lot of associated poor behaviors (password re-use, weak password, password sharing, etc...).
Leveraging Evidian universal SSO combined with strong authentication, drastically diminishes your exposed attack surface and makes it much harder to exploit compromised credentials. In the meantime user experience is enhanced : one unique point of access whatever the location, whatever the device, to access all his work tools.
With the embedded "CIAM Connect Toolkit", easily integrate customer oriented functionalities into your existing public website. More than half of the consumers give up registration when facing classical forms, let them authenticate with their social identity (from Google, LinkedIn or any other).Existing users are not forgotten and will be able to link their current account with the social ID of their choice.
Include bot protection with captcha and email verification. Privacy and trust are always our concern, the solution comes with consent management and a fully featured self-service account management interface.
Provided APIs will let you gather user data in your marketing tools, synchronously and asynchronously. And, at last, just add your Google Analytics ID to the configuration, to enrich your dashboards with CIAM related events (creation, authentication, profile modification, and so on).
Transform an existing page into an access portal or start from scratch, in both cases Evidian Web Access Manager can help you. It comes with an integrated access portal, encompassing a self-service user portal and access links to authorized services, plus a personal list of user preferred services.
Alternatively you can take advantage of the included Integration SDK to seamlessly add these features to an existing website such as your intranet, while inheriting from your organization styling.
Web Access Manager is built for modern web security. It offers a wide variety of authentication methods, access control to different Web resources, SSO...
By allowing a fine tuning of the SSL protocol (protocol, encryptions…) and Certificates (CRL, OSCP…), administrators can secure the stream of information with the highest security level.
No plugin is necessary for Web browsers and cookies cannot be modified. You can also apply IP filtering on workstations accessing WAM services and use the available APIs to extend the WAM features.
Auto-administration of WAM main functions secures user behaviors and limits the need for help desk calls. The autonomous user does not need to contact a third party and provide sensitive information to get assistance. This function includes the following:
Evidian WAM with Evidian Analytics & Intelligence provide a comprehensive auditing infrastructure, with reports and predefined dashboards on events pertaining to administration, authentication, application access and SSO key quality indicators. Security audit events are also generated for each user action, thus enabling to track risky behaviors or just display information regarding the usage of the solution.
All requests (GET, POST,…) are traced in log files. A rotation mechanism can also be configured for the size and length of these files. You can also push this data towards a Syslog infrastructure.
WAM can apply a common password policy to all WAM portals (and to all possible user populations). This policy enables to define the following elements:
WAM also enables users to reset their primary password through a classic Q&A mechanism. If he has forgotten his password, the user will be able to reset it after being identified and having answered correctly the questions he has chosen beforehand.
Optional and complementary, the Analytics module reinforces the Evidian Web Access Manager offer. It collects the audit trails generated by the Evidian WAM product, sorts and enriches them in order to generate a synthetic representation while respecting the compliance rules, business security policies and risk management objectives of the business.
Its ergonomic and dynamic web interface provides you with dashboards that allow you to view and analyze events relating to the activity of your users. Thanks to Analytics for WAM, you will be able to determine trends, investigate the origin of a problem, assess a level of risk or even meet a regulatory requirement.
Trustway for data protection and Evidian for access management are compatible with the McAfee Cloud access security broker CASB. The combined offer ensures greater control to customers for their data encryption and Identity and Access Management needs across their multi-cloud environment. Atos is now the first partner certified by McAfee SIA for MVISION Cloud products.
McAfee and Atos have also partnered to provide a Cloud Access Security Broker (CASB) Service combining best of breed technology from McAfee MVISION Cloud and Atos’ cybersecurity capabilities.
Atos and Google Cloud form a global partnership to deliver secure hybrid Cloud, data analytics & machine learning, digital workplace and collaboration solutions, to bring organizations new secure business solutions.
Atos integrates to this solution a unified cloud Identity and Access Management (IAM) solution.
Acting as a single identity provider and management system for all platforms, cloud and on-premise, this new solution, based on Evidian software from Atos, enables organizations to keep control of all identities that need access to their business systems, providing them with ultimate security.
Passwords are the weak point of many authentication policies. Single or shared Windows passwords create a risk of intrusion and make it almost impossible to precisely verify the use of Windows accounts.
Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
Evidian Identity Governance and Administration leverages your organization by getting your Identity Management processes accurate, efficient and reliable.
A single authentication for all applications using passwords.
Control identities and rights to enable business transformation