Axidian Access

This product provides multi-factor authentication of employees and creates a single access point to the IT systems of a company

SCHEDULE DEMO
prew-product

Relevance

Any information system relies on access policies for operations with named subjects (users) and objects (data, resources, and services). The two pillars of access and identity management are user identification and user authentication. Authentication bears particular significance, being the last security barrier for malicious users who were able to obtain a legitimate user ID.

Password-based authentication remains the most popular access management technology. However, this technology does have a number of important disadvantages:

  • You need a security incident to actually occur to learn that your password has been compromised. Intruders are less than likely to be willing to openly show their presence in your network. On the contrary, they will do their best to disguise their activity and the fact that authentication data has been compromised, as long as possible.
  • Remote work only increases the risk of having your passwords compromised since it permits access from any devices, including uncontrolled ones.
  • Passwords are highly vulnerable to social engineering techniques when various manipulations are used to coerce the users to directly or indirectly disclose their password to the intruder.
  • Access blocking after a specified number of failed attempts may be disabled for some corporate resources, especially for local sessions. This means that such systems and services may be vulnerable to various password-cracking methods.

Another weak point of password management software lies in the fact that each information system or service may use its own authentication subsystem. This may cause further problems and reduce labor productivity:

  • Users need to remember and enter multiple passwords.
  • System administrators have to address a number of tasks:
    • Keep all users and their authenticators under control.
    • Respond to failures in different user authentication subsystems.
    • Monitor access events across multiple subsystems.
    • Reset forgotten user passwords.

Another factor deserves special attention: foreign media constantly feature news about leaked user account databases (containing logins and passwords) that later become available for sale on private web resources.

All issues and vulnerabilities related to password-based authentication can be solved by introducing a single comprehensive authentication management system. Such systems should be able to perform the following tasks:

  • Support additional types of authentication (that do not share the weak points of password management systems).
  • Enable centralized management of authenticators and access to corporate resources.
  • Offer the same set of authenticators for all corporate resources.
  • Ensure centralized monitoring of all access-related security events.

Axidian Access platform

The Axidian Access (Axidian Access) platform belongs to a specialized class of IT solutions that incorporates the following functional modules:

  • Authentication Management
  • Multi-Factor Authentication Provider (MFA-Provider)
  • Enterprise Single Sign-On
  • Web Single Sign-On
  • Out-of-band (Mobile) Authentication

The Axidian Access platform draws on our company’s long-term expertise of developing information security products, specifically those that have to do with access management.

Axidian Access is a software and hardware system providing centralized identity management policies, a universal authentication technology for all corporate services, and various strong and multi-factor authentication scenarios.

The key advantage of Axidian Access is that it supports various strong authentication scenarios across multiple target resources and authentication protocols (via relevant integration modules). This system was designed to replace password management software with more secure technology for neutralizing the above threats across your entire corporate IT infrastructure. In this case, all authentication data is stored in a secure vault.

Access policies define access rules, specify the technology to be used in specific applications, and establish the scope of permissions for system operators and administrators.

Corporate users can use the web console to view information about their authenticators. In addition, users can issue new authenticators and disable existing ones in the web application.

The Axidian Access Administrator and Operator Console is a convenient web application to customize, manage and audit the centralized authentication system. Administrators can use it to manage the system’s integration with your IT infrastructure and set up role-based access control. The console also serves as a tool for managing user authenticators and granting access to target resources (directly or via authentication protocols).

Client software designed for workstations running Microsoft Windows can be used to enable strong authentication scenarios (Windows Logon) and Enterprise Single Sign-On for corporate applications and web applications on user workstations.

The Axidian Key mobile app ensures secure access to your corporate resources. Users confirm their access via the app on their smartphones, where they can also view their access information and the name of the system they are trying to log into. The system also supports one-time password technology (TOTP protocol).

Special integration modules enable strong authentication scenarios for various categories of target resources as they support both specialized authentication protocols (RADIUS, ADFS, etc.) and specific target systems (Windows-based workstations, Microsoft RDS terminal servers, etc.).

Thanks to the convenient Axidian Access role-based mechanism, you can set up user privileges for employees with various job duties. For example, you can use it to clearly divide the responsibilities of federal and regional security administrators.

Strong authentication

A series of technical and organizational measures is required for replacing password-based authentication with new technology that can ensure a higher security level across your entire IT infrastructure.

One of the key tasks here is to select and introduce optimal strong authentication solutions. This is a relatively easy task when it comes to local access to corporate workstations. In this case, you can use Microsoft Windows built-in authentication tools, such as digital certificates or biometric scanners embedded in modern laptops.

However, this may prove increasingly more challenging if we are talking about strong authentication for remote access to corporate resources, when you need to assign specific authenticator sets to different categories of employees in line with their respective permissions.

The market offers multiple technologies for strong user authentication, including biometric authentication, push authentication, hardware-based authentication, digital certificates, or one-time passwords issued by local generators or sent by SMS or email. Every solution has both strong and weak points. Let’s consider a couple of examples.

  • Biometric authentication relies on the inherent and unique physiological and behavioral characteristics of users. However, such technology requires specialized scanners and can hardly be used for remote access from a potentially unlimited number of user devices.
  • User authentication relying on local one-time password generators (tokens or smartphone apps) supports scenarios for almost any type of target resource, both for local and remote sessions. It also does not require connection with corporate services. Yet, if a smartphone is used, there is always a risk that it may get hacked and taken over. On top of that, tokens must be purchased separately and may break down.

When choosing the right authenticator (or authenticators), one should consider a range of factors, such as:

  • Access scenario (local or remote access)
  • Device used (computer or smartphone)
  • Target resource (corporate application or public web service)
  • Users’ privileges and permissions

The Axidian Access platform is a universal tool that helps you select the optimal strong authentication types for your specific conditions.

Technological integration

During the migration to centralized access management, the main challenge lies in the fact that corporate services and applications may rely on several subsystems for user identification and authentication, and these subsystems are rarely interconnected. In some cases, a user may need more than one user account (login and password) to gain access to various services.

The following IT components can serve as target resources:

  • Workstations running Microsoft Windows
  • Application servers (Microsoft Windows Remote Desktop Server or Citrix XenServer)
  • Virtual desktop infrastructure (VDI)
  • VPN gateways for remote access
  • Public web services
  • Corporate local apps on user workstations

If we want to completely replace password-based authentication with other solutions, we may discover during implementation that password protection is the only type of authentication supported by some services.

The Axidian Access platform includes specialized modules offering extensive integration options.

Integration with authentication protocols:

  • SAML Identity Provider
  • ADFS Extension
  • NPS RADIUS Extension
  • OIDC Identity Provider

Integration with specialized servers:

  • RDP Windows Logon (Microsoft Windows Remote Desktop Server)
  • IIS Extension (Microsoft Internet Information Services)

Integration with local resources:

  • Windows Logon (workstations running Windows)
  • Enterprise Single Sign-On (desktop and web applications)

The platform also supports integration with the following types of access and identity management solutions:

  • Identity & Access Governance (IAG, IAM)
  • Physical Access Monitoring and Control System (AMCS)
  • Endpoint Security Suite (ESS)

Thus, you can use the Axidian Access platform to create a single authentication system encompassing all your corporate services.

Centralized authentication management and monitoring

As noted above, the main challenge of migration to centralized access management has to do with multiple subsystems used at the same time. More often than not, your IT infrastructure includes services, systems, and even devices with their own user directories, which means that all of them require separate user identification and authentication. This issue can be addressed by using relevant Identity Governance & Administration (IGA) software. However, IGA deployment is not an easy task. Building a unified access management model that correctly assigns user privileges will require extensive and resource-intensive R&D efforts.

In addition, each service has its own event log. In some cases, logins in different systems may even have distinct notation. When a security incident occurs, you may find it hard to quickly reconstruct the sequence of events since you will need to analyze multiple records from different logs. This problem can be solved by purchasing and deploying a Security Information & Event Management (SIEM) solution, but some companies may find that they are lacking the necessary resources.

If we take a closer look at the problems mentioned above, we may be tempted to conclude that only big companies possessing sufficient resources can hope to solve them, and the only way to do this is to buy expensive systems.

However, IGA and SIEM products may be redundant if centralized access management is your only task for today.

On the other hand, the Axidian Access platform does not offer centralized customization and management of user permissions in specific target systems, and neither can it collect and analyze data related to information security events.

What Axidian Access can do is help you address a set of tasks related to centralized access management that is best suited for your needs, keeping the required efforts and financial investments at a minimum. The Axidian Access platform can help you achieve the following results.

  • Have a single log of all access events with personalized connection data that can be used for investigating security incidents. You will only need to review one event log that contains all required information.
  • Apply universal policies for managing user authentication and access to target systems. All you need to do is set up integration with target systems and assign access rights for specific user groups in relation to specific resources once and for all.
  • Introduce a single set of user authenticators. For each user group, you can set up a comprehensive set of authenticators required for access to all corporate resources for both remote and local sessions.

It is important to point out that the Axidian Access platform is not at variance with SIEM and IGA solutions and cannot replace them. Even if your company plans to purchase and deploy SIEM or IGA software in the future, having Axidian Access is still highly desirable since it can help you address the most burning issue in the field of information security. After that, you can start working on centralized permission management, as well as end-to-end monitoring and analysis of all security events, including access events.

Technical parameters

User directories

  • Active Directory
  • DBMS (SQL)

Target resources

  • Workstations running Microsoft Windows
  • Microsoft Remote Desktop Server
  • Microsoft Internet Information Services
  • Windows desktop applications
  • Web applications
  • VPN servers
  • Application servers
  • Virtual desktop infrastructure (VDI)

Integration mechanisms for target applications

  • RADIUS
  • ADFS
  • SAML
  • OpenID Connect
  • OAuth 2.0
  • Kerberos
  • Enterprise Single Sign-On

Authentication technology

  • Biometrics: fingerprints, palm vein pattern, and face geometry (2D and 3D)
  • Hardware devices: contactless cards, USB tokens, iButtons, and RFID cards
  • One-time passwords: TOTP/HOTP applications, OTP tokens, one-time password delivery via SMS, Telegram and email
  • Push authentication app

Removable hardware tokens

  • eToken, ID Prime, and iKey (Thales Group, the former SafeNet and Gemalto)

Third-party security solution integration

  • Workstation security solutions: Secret Net Studio
  • Permission and user account management tools: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
  • Public key infrastructure management tools: Axidian CertiFlow
  • Tools for information security event monitoring and correlation: SIEM solutions
  • Access monitoring and control tools: Bastion, Orion, and Seven Seals
SCHEDULE DEMO

Unlock the power of Access Management

Journey into Access: Get the Axidian Access Presentation for an In-Depth Adventure. Investigate the Specifics of an Access Management Engineered for Resilient IT Infrastructure. Unearth How Operational Efficiency and Flexibility Reshape Access and Authentication.

GET PRESENTATION
prew-product-work

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.

prod-1.png

Axidian Key mobile app

Axidian Key mobile application transforms a smartphone into an easy-to-use security tool for authentication. It can be used for access to all enterprise resources: email, VPN, web-applications, PC, etc. With the use of the application, a user confirms login operations into information systems. The login details are displayed on the smartphone screen where the user can check which system he/she logs into. Besides, Axidian Key supports the generation of one-time passwords with TOTP algorithm.
Order
prod-2

Fingerprint Scanner Futronic FS80

Futronic’s FS80 USB2.0 Fingerprint Scanner uses advanced CMOS sensor technology and precise optical system to deliver high quality fingerprint image. It can capture an almost un-distorted raw fingerprint image into PC in 100ms and is good for any fingerprint recognition application.
Order
prod-3

Creative Intel RealSense™ camera

Creative Intel RealSense™ camera is used for authentication with 2D and 3D face recognition. This allows for obtaining of highly accurate face image (in IR band as well) and thus for higher authentication accuracy. The technology is contactless, and therefore it can be used at publicly available device.
Order
prod-4

Fujitsu PalmSecure

Fujitsu PalmSecure technology is a palm vein based authentication solution that utilizes industry-leading vascular pattern biometric technology. The Fujitsu PalmSecure sensor uses near-infrared light to capture a person’s palm vein pattern, generating a unique biometric template that is matched against pre-registered user palm vein biometric templates.
Order
prod-5

Gemalto eToken PASS

eToken PASS is a compact and portable one-time password (OTP) strong authentication device that allows organizations to conveniently and effectively establish OTP-based secure access to network resources, cloud-based applications (SaaS) web portals, and other enterprise resources. eToken PASS is a versatile OTP generator keyfob designed to meet the diverse needs of users whose requirements may vary significantly across the organization.
Order
prod-6

HID® OMNIKEY® 5427 CK

The OMNIKEY® 5427CK is available in two product variants. The OMNIKEY® 5427 CK standard reader is the ultimate choice to support a broad variety of low and high frequency credentials such as iCLASS Seos®, iCLASS SE®, iCLASS®, MIFARE®, Indala Prox, and HID Prox. Supporting low and high frequency credentials as well as HID Mobile Access Solutions via Bluetooth and NFC within a single product, the OMNIKEY 5427CK reader enables seamless migration in mixed technology environments.
Order
prod-7

HID® OMNIKEY® 6121 Mobile USB

HID Global’s OMNIKEY® product brand, one of the world’s leading manufacturers of innovative smart card readers, has developed a portable USB smart card reader. The OMNIKEY 6121 is a fully functional smart card reader for SIM-sized smart cards and is especially well-suited for use with mobile devices.
Order
prod-8

Gemalto IDBridge CT30

The IDBridge CT30 (formerly the GemPC Twin/TR) USB desktop reader from Gemalto integrates high quality and functionality with a contemporary design. This reader is fully PC/SC and EMV Level 1 compliant and supports all ISO 7816 microprocessor-based smartcards as well as many popular memory cards.
Order
prod-9

HID® OMNIKEY® 5025 CL

Designed for ease-of-use, the OMNIKEY® 5025CL reader works with existing low frequency physical access control cards such as HID Prox®, enabling smooth implementation of logical access applications using ID cards. The reader’s pocket size and modern, stylish color options allow for seamless integration into different corporate environments.
Order
prod-10

Indoor KIOSK for biometric authentication

This model can be manufactured in stainless steel or painted steel (available in all RAL colours) using steel plate of 1,5 mm to 2,5 mm which ensures the stability and rigidity of the structure.
Order