Compliance with regulatory requirements and the need to protect confidential data is leading a growing number of companies to increase their information system access security by implementing strong authentication systems, that replace the traditional user ID/password combination.
Avencis’s access control solution verifies the user’s identity by adding on strong authentication methods, such as cryptographic tokens, smart cards, one-time passwords and biometrics.
Management of multiple authentication modes
SSOX adapts to needs and/or to solutions already used within the company:
- Cryptographic smart card or token
- Contactless card
- Card and certificate
- Set of questions/answers
- One-time passwords (OTP calculator)
- Biometrics (Match On card, Match On Server, Match On Device, Match On PC)
Compatible with the main technology standards
- Support for almost all commercial cards and tokens: including Gemalto, Morpho/Sagem, SafeNet and Oberthur.
- Support for Microsoft SmartCard Logon: SSOX extends Windows certificate authentication (automatic renewal of Windows password and authentication by questions/answers for forgotten cards).
Flexible access control
- Definition of desktop access policies: based on populations of users and set time slots.
- Support for degraded connection modes: if the network is unavailable, a local cache on the card an be used to authenticate the user on the desktop.
Authentication in kiosk mode
- Management of fast user switching on the same desktop.
- Secure fast identification: after a successful initial authentication (card and certificate, RFID, etc.), generation of a finite session token, stored on the card’s contact and contactless portions. Users log on to another desktop using only their card.
- Session roaming: native integration with application publication solutions (such as Citrix, Microsoft TSE and Systancia) allows users to retrieve their workspace using their card when they change desktops.
- Virtual session management: individual users have access to their own applications, which are hidden from other desktop users.
Management of desktop clusters
- Simultaneous access to several desktops: security policies are defined on a master desktop and propagated on clusters of slave desktops. Users authenticate themselves once, on the master desktop.
Decrease in helpdesk costs
- Self-troubleshooting module: users can authenticate themselves with questions/answers or unlock their physical means of authentication in the Windows authentication banner, without seeing the reactivation information (SOPIN or PUK).
Continuity of service
- Controlled self-troubleshooting for users without the support team’s involvement through the self-help module.
- Taking into account business requirements: for example, emergency response plans and emergency override mode for health care facilities.