Compliance with regulatory requirements and the need to protect confidential data is leading a growing number of companies to increase their information system access security by implementing strong authentication systems, that replace the traditional user ID/password combination.

Avencis’s access control solution verifies the user’s identity by adding on strong authentication methods, such as cryptographic tokens, smart cards, one-time passwords and biometrics.

Management of multiple authentication modes

SSOX adapts to needs and/or to solutions already used within the company:

  • Cryptographic smart card or token
  • Contactless card
  • Card and certificate
  • Set of questions/answers
  • One-time passwords (OTP calculator)
  • Biometrics (Match On card, Match On Server, Match On Device, Match On PC)
  • ID/password

Compatible with the main technology standards

  • Support for almost all commercial cards and tokens: including Gemalto, Morpho/Sagem, SafeNet and Oberthur.
  • Support for Microsoft SmartCard Logon: SSOX extends Windows certificate authentication (automatic renewal of Windows password and authentication by questions/answers for forgotten cards).

Flexible access control

  • Definition of desktop access policies: based on populations of users and set time slots.
  • Support for degraded connection modes: if the network is unavailable, a local cache on the card an be used to authenticate the user on the desktop.

Authentication in kiosk mode

  • Management of fast user switching on the same desktop.
  • Secure fast identification: after a successful initial authentication (card and certificate, RFID, etc.), generation of a finite session token, stored on the card’s contact and contactless portions. Users log on to another desktop using only their card.
  • Session roaming: native integration with application publication solutions (such as Citrix, Microsoft TSE and Systancia) allows users to retrieve their workspace using their card when they change desktops.
  • Virtual session management: individual users have access to their own applications, which are hidden from other desktop users.

Management of desktop clusters

  • Simultaneous access to several desktops: security policies are defined on a master desktop and propagated on clusters of slave desktops. Users authenticate themselves once, on the master desktop.

Decrease in helpdesk costs

  • Self-troubleshooting module: users can authenticate themselves with questions/answers or unlock their physical means of authentication in the Windows authentication banner, without seeing the reactivation information (SOPIN or PUK).

Continuity of service

  • Controlled self-troubleshooting for users without the support team’s involvement through the self-help module.
  • Taking into account business requirements: for example, emergency response plans and emergency override mode for health care facilities.