Identity federation to secure your SaaS/Cloud assets

From a simple central point of access to your SaaS business applications to complex scenarios involving suppliers and consumers, keep control of your  important assets.

Evidian WAM extensively supports Identity Federation standards, acting as an Identity provider to authenticate internal users toward SaaS apps, as a service provider to let you securely publish your own services or even as an IdP proxy to allow your partners' users access your resources in a trustworthy way.

API protection for a modern IT

REST APIs are the way toward modernization, either to create custom applications or to open your IT to the outer world.

Delegate the burden of protecting your APIs to Evidian Web Access Manager: it can both manage API authorization with OAuth 2.0 and let you securely publish your APIs with access protection, ensuring only the right ressources are accessed by the right app at any time.

Next generation authentication

Passwords have been identified as a vector of data breach for a long time now.

Evidian WAM comes with a large catalog of embedded authentication methods. From simple OTP, X509 certificates, TOTP to next generation authentication means : patented challenge-response Evidian GridCard, Evidian QRentry (QRcode generated OTP), Push Authentication with Evidian Authenticator mobile app, as well as the new Fido 2 standard. Third party authentication services (such as Gemalto, RSA, Double Octopus, ...) can also be seamlessly integrated.

All these methods can be combined to create stronger authentication scenarios. In addition Evidian comes with Adaptive Authentication and step-up that let you decide which method a user should use according to his location, the time of the day, his browsing environment and the ressource he is trying to access.

SSO (Single Sign-on) to legacy, cloud, mobile apps

Security is not all about encryption, all security strategies must take into account the human factor. Today, the average internet user possesses more than one hundred online accounts, which means just a few passwords to remember and a lot of associated poor behaviors (password re-use, weak password, password sharing, etc...).

Leveraging Evidian universal SSO combined with strong authentication, drastically diminishes your exposed attack surface and makes it much harder to exploit compromised credentials. In the meantime user experience is enhanced : one unique point of access whatever the location, whatever the device, to access all his work tools.

Customer IAM Connect Toolkit: seamless and secure digital experience

With the embedded "CIAM Connect Toolkit", easily integrate customer oriented functionalities into your existing public website. More than half of the consumers give up registration when facing classical forms, let them authenticate with their social identity (from Google, LinkedIn or any other). Existing users are not forgotten and will be able to link their current account with the social ID of their choice.

Include bot protection with captcha and email verification. Privacy and trust are always our concern, the solution comes with  consent management and a fully featured self-service account management interface.

Provided APIs will let you gather user data in your marketing tools, synchronously and asynchronously. And, at last, just add your Google Analytics ID to the configuration, to enrich your dashboards with CIAM related events (creation, authentication, profile modification, and so on).

Web portal: tailored for all devices and fully customizable

Transform an existing page into an access portal or start from scratch, in both cases Evidian Web Access Manager can help you. It comes with an integrated access portal, encompassing a self-service user portal and access links to authorized services, plus a personal list of user preferred services.

Alternatively you can take advantage of the included Integration SDK to seamlessly add these features to an existing website such as your intranet, while inheriting from your organization styling.

Embbeded security

Web Access Manager is built for modern web security. It offers a wide variety of authentication methods, access control to different Web resources, SSO...

By allowing a fine tuning of the SSL protocol (protocol, encryptions…) and Certificates (CRL, OSCP…), administrators can secure the stream of information with the highest security level. 

No plugin is necessary for Web browsers and cookies cannot be modified. You can also apply IP filtering on workstations accessing WAM services and use the available APIs to extend the WAM features.

Auto-administration of WAM main functions secures user behaviors and limits the need for help desk calls. The autonomous user does not need to contact a third party and provide sensitive information to get assistance. This function includes the following:

• Change password
• Reset password, by Q&A, OTP,…
• Self-enrollment in WAM
• Deprovisioning of users
• Administrators can be given roles allowing a fine-grained right management system on possible operations

Logging and Audits

Evidian WAM with Evidian Analytics & Intelligence provide a comprehensive auditing infrastructure, with reports and predefined dashboards on events pertaining to administration, authentication, application access and SSO key quality indicators. Security audit events are also generated for each user action, thus enabling to track risky behaviors or just display information regarding the usage of the solution.

All requests (GET, POST,…) are traced in log files. A rotation mechanism can also be configured for the size and length of these files. You can also push this data towards a Syslog infrastructure.

Detecting and blocking dangerous behaviors

WAM can apply a common password policy to all WAM portals (and to all possible user populations). This policy enables to define the following elements:

• Frequency of primary password change by the user: at any time or with a configurable delay between two modifications.
• Frequency of primary password change forced by Web Access Manager: the password never expires or the periodicity configurable in days of forced password modification.
• Delay in seconds the user will have to wait for in case of bad login before being able to reauthenticate.
• Maximum number of bad logins before the user account is blocked (WAM level).
• How this account will be unblocked: by the WAM administrator or automatically after a configured period of time (in minutes, hours or days).

WAM also enables users to reset their primary password through a classic Q&A mechanism. If he has forgotten his password, the user will be able to reset it after being identified and having answered correctly the questions he has chosen beforehand.