Visual Guard
Combine Authentication and Permissions

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Technical FeaturesBusiness FeaturesBusiness FeaturesBusiness FeaturesHow it works


User Management    
Create and Manage username/password accounts
Use Windows accounts to identify users [read more]

Declare Windows Accounts or Windows Groups in the system and give them access to your applications.

Manage User Groups [read more]

Create groups and organize them in a hierarchy. Each group can contain sub-groups, username/password accounts or Windows accounts. You can grant a role to a group. In this case all the users in this group and in its sub-groups will have this role.

User Authentication    
Form-based authentication (username/password combination)
Single Sign-On (SSO) based on Windows Accounts [read more]

Users start a Windows session as usual. When they open an application, Visual Guard uses the current Windows account to authenticate the user against Active Directory. As a result, the user does not have to provide his credentials each time he enters an application.

Mixed Mode Authentication [read more]

The same application can support both Login/password accounts and Windows Accounts. For instance, you may authenticate internal users with their Windows Accounts, and external users with username/password accounts.

Define a Password Policy [read more]

For better security, you can declare rules that Visual Guard will enforce when the user defines his password.

Web Single Sign-On (Web Portal) [read more]

Federate several websites that may be placed in independent networks or companies. The user logs in once when entering the first website, and jumps to another website without entering his credentials again.

Identity Federation [read more]

Federate several Active Directory repositories belonging to distinct networks or companies. Administrators declare Windows accounts or Windows groups from these Active Directories in a central Visual Guard Repository. Then, the corresponding users can access the applications secured by the system. As a result, you get one central security system, although users are spread over several independent Windows domains.

Remote Windows Authentication [read more]

If a Windows application (Winform or WPF) is executed from a remote post (for example, a PC connected to the internet that does not belong to the same domain as the user’s Windows account), the user will enter their Windows credentials and Visual Guard will authenticate them.

Off-line mode (remote users) [read more]

If using a Winform or WPF application, the user can always enter the application, even if it cannot access the Visual Guard Repository: Visual Guard includes an offline store that contains the user permissions on the client-side and logs the user's operations in the application. When the application regains access to the Server, the offline store is automatically synchronized with the Visual Guard Repository.

Permissions and Roles    
Application-level permissions [read more]

Manage permissions to define how a user can access and use each application.
Permissions are grouped into Permission Sets. Permission Sets are granted to Roles. Roles are granted to users or groups.

Support for Static Permissions [read more]

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With static permissions, these actions are coded into the application: the application calls Visual Guard to receive the user's permissions and then executes the appropriate actions to adapt the application to the user's privileges.

Support for Dynamic Permissions [read more]

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With dynamic permissions, these actions are defined and stored in Visual Guard only. At runtime, Visual Guard will dynamically load and apply them. As a result, the application code is completely separated from the security code.

Hide/disable controls of the User Interface [read more]

Visual Guard permissions (static or dynamic) may hide or deactivate components of your applications’ user interface. More generally, permissions can modify any property of a .NET or PowerBuilder component. For dynamic permissions, these modifications are dynamically performed by Visual Guard, without any need to modify the application code.

Filter data according to user permissions [read more]

Restrict user access to a subset of the application data.
For example, you can filter a list or table according to the user profile.

Support for Application Roles [read more]

Define a role that groups together all a user's permissions for one application

Support for Shared Roles [read more]

Define a role that groups together all a user's permissions for multiple applications.

Grant Roles to User Accounts [read more]

Assign a role to a user with either a username/password account or a Windows account.

Grant Roles to User Groups [read more]

Assign a role to a Visual Guard group. All the accounts contained in this group and sub-groups will have this role. You can also give a role to a Windows group. In this case, all the Windows accounts in this Active Directory group will have this role.

Reporting & Auditing    
Generate Access Control Reports [read more]

Visual Guard administrators and auditors can generate reports based on the current security data (users, groups, roles, permissions...)

Logging and Auditing of End-user operations [read more]

Save all sensitive operations users have performed in applications secured by Visual Guard. You can then generate reports on these operations (who has done what, when, etc...)

Logging and Auditing of Administrator operations [read more]

Save all operations Visual Guard administrators have performed (create accounts, give permissions, etc...).
You can then generate reports on these operations (who has done what, when, etc...)

Visual Guard Applications    
Windows Administration Console [screenshots]
Web Administration Console [screenshots]
Visual Guard Server [screenshots]  
Deployment utility for security data [read more]
VG Federation Client  
Development technologies supported    
.NET 2.0 and above, C#,,, Winforms, WCF, WPF, Silverlight, MVC3, MVC4
Windows Azure
PowerBuilder 8 and above  
Microsoft Sharepoint [read more]
Any technologies Supporting HTTP Requests (Java, C++...)  
Architecture supported    
2 tiers (Front-end + Database) [read more]
n-tiers (Front-end + webservices + database) [read more]
Multiple sites with distinct networks  
SaaS applications
DBMS hosting the VG Repository:    
SQL Server
Proprietary File System
Identity Stores    
Active Directory
Product Customization    
Custom Identity Module (Support of identities & users accounts)  
Customization of the VG WebConsole (VG WebConsole Module)
  Try VG Pro for .NET Try VG Enterprise
  Buy VG Pro for .NET Buy VG Enterprise