Web Single Sign-On and Web Access Manager

An integrated Single Sign-On (SSO) for the web and your office computer

When employees return to their office workstation, Evidian extends Single Sign-On to all Windows applications with its Evidian Enterprise SSO module. For employees, the internet becomes a natural and secure extension to their intranet. As a result, the SSO is truly integrated – from the office PCs to the web. The same one-time password works in both situations. And if an application password is changed in the office, SSO access continues to work remotely and reciprocally. That gives peace of mind to mobile users and partners. They know that access won't be refused when they need it most. The reference is the same for office workstations and the remote Web SSO. A Web Single Sign-On for external cloud and SaaS applications. Even internet-based web applications can be managed by Evidian Web Access Manager. It is not necessary to have administration or modification rights for applications to implement Evidian Web Access Manager. The same one-time password can therefore be used to access external applications that may require a password which is known or not known by your users. Applications stored, outsourced or in the cloud are accessible in one click, without having to remember another password. A non-intrusive Web SSO for web applications Evidian Web Access Manager does not require modification of your web applications, or a plug-in or executable file for your browser. It means you can add internal or external web resources to your secure portal. Evidian Web Access Manager is not designed for a single technology or certain types of web application:
  • It is not necessary to modify the configuration of protected servers.
  • It is not necessary to add officers or components to protected servers.
  • Evidian Web Access Manager is neutral. It is not based on J2EE, .NET, ASP or PHP technologies, nor on user systems (such as Windows, Linux, Solaris, AIX etc.) or on specific or specialised authentication mechanisms (Basic HTTP Authentication, forms of all kinds and dynamics, or integrated Microsoft authentication (e.g. NTLM, Kerberos)).
Evidian Web Access Manager rapidly deals with new applications; for a web application, for administration, for a router, for a specific professional application, for a CMS, for Microsoft Outlook Web Access, for SAP, for VMware vCloud Director, for Oracle E-Business Suite SaaS, etc.

For more information:

A Web SSO compatible with company environments

Evidian Web Access Manager does not create constraints for the environment already in place in the company.
  • It adapts to the company environment and architecture.
  • It respects the company administration roles. Application administrators do not become access administrators.
  • It respects network architectures and the systems already in place. Evidian Web Access Manager, multi-OS in the DMZ, is administered by the security administrators.
  • It takes multi-directory structures into account, and the history of identity source creation: acquisitions, mergers, branches, sub-organisations, external users, etc.
The implementation of Evidian Web Access Manager is reversible: without affecting applications, user directories, web browsers, or the systems and procedures in place within the company.

A customised and flexible Web SSO for your needs

  • Complete customisation of the Web Access Manager home pages and availability of several APIs to modify processes (Post-Authentication, Post-Authorisation, etc.)
  • As well as means of authentication (forms, Radius, LDAP, certificates, SAML, Kerberos, etc.), Web Access Manager offers an SDK to develop proprietary means of authentication.
  • Web Access Manager can insert authentication forms dynamically into an existing client portal, or modify the content of requests and web pages.
  • Web Access Manager can modify the feeds that it protects, even for authentication requests from Flash/AIR applications.
WAM, as a protocol switch, adapts to requirements, becoming the access point that controls access to all applications, adapting to security needs and the user experience.

A Web SSO to secure internal and external applications

  • As Web Access Manager does not require any server modules, it can control access to the company's external servers.
  • Web Access Manager controls access to SaaS services and handles user SSO information.
  • Web Access Manager is interoperable with cloud services through SAML and acts as the Identity Provider (IdP) for SalesForce or GoogleApps.
  • Web Access Manager acts as the Service Provider (SP) or Identity Provider (IdP) and federates access to applications for users from several trusted domains, such as the company's special partners.
  • Web Access Manager strengthens security of access to VMware vCloud or Citrix Xen Desktop
WAM controls access to internal and external applications in a unique way. The same primary authentication gives access to all web applications.

Auditing, load balancing and high availability

Evidian Web Access Manager provides complete audit reports. Web Access Manager is integrated into Evidian I&AM and centralises audit events from each access point. Evidian Web Access Manager has no SPOF (Single Point Of Failure). You can add several servers for the purposes of high availability and load balancing. As a result, you can include hundreds of thousands of users in critical situations.

Supported environments

Evidian Web Access Manager requires a Sun Solaris, Red Hat Enterprise Linux or Windows server. Evidian Web Access Manager supports Single Sign-On for HTML, Java(*) and Flash(*) applications. In addition, the I&AM9 and Evidian Enterprise SSO companion modules provide Single Sign-On for Windows applications, Citrix and in terminal mode, the automatic provisioning of the access policy and user accounts, the delegation of accounts, and the centralisation of consolidated audits.