Visual Guard Application Security Features

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Professional Edition Enterprise Edition
User Management
Create and Manage username/password accounts
Use Windows accounts to identify users

Declare Windows Accounts or Windows Groups in the system and give them access to your applications.

Manage User Groups

Create groups and organize them in a hierarchy. Each group can contain sub-groups, username/password accounts or Windows accounts. You can grant a role to a group. In this case all the users in this group and in its sub-groups will have this role.

User Authentication
Form-based authentication (username/password combination)
Single Sign-On (SSO) based on Windows Accounts

Users start a Windows session as usual. When they open an application, Visual Guard uses the current Windows account to authenticate the user against Active Directory. As a result, the user does not have to provide his credentials each time he enters an application.

Mixed Mode Authentication

The same application can support both Login/password accounts and Windows Accounts. For instance, you may authenticate internal users with their Windows Accounts, and external users with username/password accounts.

Define a Password Policy

For better security, you can declare rules that Visual Guard will enforce when the user defines his password.

Web Single Sign-On (Web Portal)

Federate several websites that may be placed in independent networks or companies. The user logs in once when entering the first website, and jumps to another website without entering his credentials again.

Identity Federation

Federate several Active Directory repositories belonging to distinct networks or companies. Administrators declare Windows accounts or Windows groups from these Active Directories in a central Visual Guard Repository. Then, the corresponding users can access the applications secured by the system. As a result, you get one central security system, although users are spread over several independent Windows domains.

Remote Windows Authentication

If a Windows application (Winform or WPF) is executed from a remote post (for example, a PC connected to the internet that does not belong to the same domain as the user’s Windows account), the user will enter their Windows credentials and Visual Guard will authenticate them.

Off-line mode (remote users)

If using a Winform or WPF application, the user can always enter the application, even if it cannot access the Visual Guard Repository: Visual Guard includes an offline store that contains the user permissions on the client-side and logs the user's operations in the application. When the application regains access to the Server, the offline store is automatically synchronized with the Visual Guard Repository.

Permissions and Roles
Application-level permissions

Manage permissions to define how a user can access and use each application.
Permissions are grouped into Permission Sets. Permission Sets are granted to Roles. Roles are granted to users or groups.

Support for Static Permissions

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With static permissions, these actions are coded into the application: the application calls Visual Guard to receive the user's permissions and then executes the appropriate actions to adapt the application to the user's privileges.

Support for Dynamic Permissions

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With dynamic permissions, these actions are defined and stored in Visual Guard only. At runtime, Visual Guard will dynamically load and apply them. As a result, the application code is completely separated from the security code.

Hide/disable controls of the User Interface

Visual Guard permissions (static or dynamic) may hide or deactivate components of your applications’ user interface. More generally, permissions can modify any property of a .NET or PowerBuilder component. For dynamic permissions, these modifications are dynamically performed by Visual Guard, without any need to modify the application code.

Filter data according to user permissions

Restrict user access to a subset of the application data.
For example, you can filter a list or table according to the user profile.

Support for Application Roles

Define a role that groups together all a user's permissions for one application

Support for Shared Roles

Define a role that groups together all a user's permissions for multiple applications.

Grant Roles to User Accounts

Assign a role to a user with either a username/password account or a Windows account.

Grant Roles to User Groups

Assign a role to a Visual Guard group. All the accounts contained in this group and sub-groups will have this role. You can also give a role to a Windows group. In this case, all the Windows accounts in this Active Directory group will have this role.

Reporting & Auditing
Generate Access Control Reports

Visual Guard administrators and auditors can generate reports based on the current security data (users, groups, roles, permissions...)

Logging and Auditing of End-user

Save all sensitive operations users have performed in applications secured by Visual Guard. You can then generate reports on these operations (who has done what, when, etc...)

Logging and Auditing of Administrator operations

Save all operations Visual Guard administrators have performed (create accounts, give permissions, etc...).
You can then generate reports on these operations (who has done what, when, etc...)

Visual Guard Applications
Windows Administration Console screenshots
Web Administration Console screenshots
Visual Guard Server screenshots  
Deployment utility for security data read more
VG Federation Client  
Development technologies supported
.NET 2.0 and above, C#,,, Winforms, WCF, WPF, Silverlight, MVC3, MVC4
Windows Azure
PowerBuilder 8 and above  
Microsoft Sharepoint read more
Any technologies Supporting HTTP Requests (Java, C++...)  
Architecture supported
2 tiers (Front-end + Database) read more
n-tiers (Front-end + webservices + database) read more
Multiple sites with distinct networks  
SaaS applications
DBMS hosting the VG Repository:
SQL Server
Proprietary File System
Identity Stores
Active Directory
Product Customization
Custom Identity Module (Support of identities & users accounts)  
Customization of the VG WebConsole (VG WebConsole Module)
  Try it Try it
  Buy it Buy it