Create a single access
point to the corporate
applications

The solution based on Indeed AM creates single access point for passthrough authentication of employees in the corporate IT systems

schedule demo
prew-product

Task

Companies from all industries and sectors largely rely on a wide spectrum of desktop and web applications, including both general-purpose and specialized software.

General-purpose software is widely used in the Electronic Document Management Systems (EDMS), Enterprise Resource Planning (ERP) Systems, and accounting systems. On the other hand, specialized applications often serve as software components for Automated Process Control Systems (APCS), Customer Relationship Management (CRM) and Warehouse Management Systems (WMS). That said, specialized applications are often custom-made.

All these services can be used for addressing a variety of corporate tasks — offering government services, ensuring legal compliance, or engaging in revenue-generating activities. Most of such systems require authorization.

It is important to keep in mind that some software solutions cannot be easily integrated with a domain directory service such as Active Directory. Many services also maintain internal user databases, and therefore require separate authentication. Sadly enough, applications that support sign-on options other than password-based authentication are still uncommon.

That said, password-based authentication has several widely known disadvantages:

  • You need a security incident to actually occur to learn that your password has been compromised, while intruders will do their best to disguise their presence in your IT infrastructure.
  • The risk of theft and illegal use of passwords for malicious activity intensifies in the case of remote work.
  • Passwords are highly vulnerable to social engineering techniques when users are coerced to directly or indirectly disclose their password to the intruder.
  • Regular users may find it hard to meet all password security requirements, especially when they have to use separate user accounts for different services.

Given the prevalence of broadband Internet access and the growing popularity of remote connections, these disadvantages may become a critical vulnerability for both your corporate applications and the entire company. After all, if the credentials of one of your accountants were to fall into the hands of intruders, this may have quite serious implications for your company, including total shutdown of its operations.

The choice of desktop and web applications may be enormous, even if we talk about one single industry, which makes the development of individual connectors (special modules enabling pass-through authentication) for each target app extremely challenging. This is not an easy task even when it comes to most popular services. Likewise, the development of connectors for your custom applications may prove quite expensive; not many companies can afford this.

Different kinds of software implementing Single Sign-On technology are widely used for ensuring secure unified authentication across all corporate desktop and web applications. Products of this class are also designed to build centralized authentication and password management systems (its functionality being similar to Password Manager software).

Solution

You can build a reliable unified authentication system by using a Single Sign-On product that supports a variety of target desktop and web applications.

Indeed Access Manager features a specialized module, Enterprise Single Sign-On, that supports all types of applications. This module enables SSO login by intercepting GUI login and password entry forms and inserting relevant credentials.

A special utility helps to create an ESSO template for each target application. The template contains application-specific instructions for the ESSO agent: where to enter the credentials and which button (s) to click in order to log in. This means that the system can support almost all types of desktop and web applications with their own authentication systems. The ESSO agent is a client component that can be installed both on a workstation running Microsoft Windows or a Microsoft Remote Desktop Server.

The scenarios that can be deployed with the Enterprise Single Sign-On software are discussed below.

  • Secure remote connection to a single point of entry: MS RDS with a pre-installed ESSO module enables pass-through authentication across all terminal applications.
  • Password management for pass-through (transparent) authentication: the module will store your logins and passwords and automatically insert them into relevant fields whenever a desktop or web application is launched.
  • Passwords hidden from the user: passwords can be assigned by an administrator or by using an Identity Governance & Administration (IGA) solution.
  • Extension of the above scenario: the ESSO module can intercept the GUI password entry forms, automatically insert the old password, generate a new one, insert it into relevant fields, and «click» the OK button. This way, the users will not be able to bypass Indeed AM when logging into an application.
  • Strong authentication factors: you can enable various strong authentication methods (from one-time passwords to biometrics) across all scenarios. The hidden password scenario combined with strong authentication for all corporate applications ensures top-level security across your entire IT infrastructure.

All ESSO parameters can be customized via access policies. A relevant policy can be applied to a specific unit in your organizational structure (for example, an OU in Active Directory), and the settings for all users located in this unit or its child objects will be aligned with this policy. The scope of a given policy can be fine-tuned by filtering it with user groups.

Technical parameters

User directories

  • Active Directory

Target resources

  • Microsoft Windows
  • Microsoft Remote Desktop Server

Desktop and web application security settings

  • Hierarchy: policies applied at the level of all applications, at the level of individual apps, and at the level of user groups
  • Password management: password storage only or hidden passwords with password renewal (via the application’s password renewal form)
  • Authentication: strong authentication for all applications or pass-through authentication (without using additional authentication factors)

Authentication technology

  • Biometrics: fingerprints, palm vein pattern, and face geometry (2D and 3D)
  • Hardware devices: contactless cards, USB tokens, iButtons, and RFID cards
  • One-time passwords: TOTP/HOTP applications, OTP tokens, one-time password delivery via SMS, Telegram and email
  • Other methods: push authentication app (Indeed Key)

Third-party tool integrationn

  • Workstation security solutions: Secret Net Studio
  • Permission and user account management tools: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
  • Public key infrastructure management tools: Indeed Certificate Manager
  • Tools for information security event monitoring and correlation: SIEM solutions

Get the budget estimation of your project

get questionnaire
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Indeed Identity. With Indeed Identity, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Indeed Identity’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Indeed Certificate Manager provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Indeed Identity quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Indeed Identity software as a Distributor for the EU and beyond. Often I met Indeed Identities CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Indeed Identity, like Indeed Access Manager, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Indeed Identity and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Indeed Identity products should certainly be on the Turkish market. Thanks to our partnership with Indeed Identity, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Indeed Identity products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Indeed Identity for more than 2 years already. I can confidently say that Indeed CM is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Indeed AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Indeed CM brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Indeed Access Manager is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.