Support Center
  • English
  • Japanese
  • French
  • Spanish
  • Deutsch
Business Application Security
  1. Home 
  2. Visual Guard 
  3. Technical Features 

Visual Guard Features

User Management

Manage users accessing your applications
User Provisioning

Create, store, and administer large volumes of user accounts — up to millions. Manage them from a central repository or deploy them across multiple sites. Users can also be automatically provisioned based on their Windows / Active Directory group membership, reducing manual account creation and ensuring alignment with your enterprise directory structure.

Create Login / Password Accounts

Create and manage login/password accounts within Visual Guard. Grant them rights to access specific data and features inside your applications.

Reuse Windows Accounts from an Existing Active Directory

Use Windows accounts to authenticate users accessing your application. Grant rights to Windows accounts or Windows groups to access specific application data or features.

Edit Windows Accounts

You can authorize user administrators to add, edit, and remove Windows accounts with the Visual Guard Console.

Let Users Self-Register

Allow users to create an account for themselves. Grant them automatically default, limited access rights. You can choose to require administrator validation before they can access the application.

Manage Groups of Users

Define a hierarchy of groups that replicates the structure of your organization. Place users in groups and grant access rights at the group level.

User Authentication

Verify user identities with various authentication methods
Login / Password Authentication

Users must provide a valid login/password combination before accessing your application.

Windows Authentication

Users must provide valid Windows credentials before accessing your application. Optionally, you can let users enter the application without asking for their credentials (see Windows SSO below).

Strong / Multi-Factor Authentication (MFA)

Highly secured, yet very simple for end-users: they authenticate via pin code or fingerprint on an authorized device (mobile or web browser). Administrators define MFA enforcement policies at the group level — specifying which Active Directory or Azure AD groups require MFA and which can be excluded. Developers can also trigger MFA validation programmatically, enabling integration into custom workflows and automated processes. Read more

Remote Windows Authentication

Users can log in to your application with their Windows credentials, even when connecting from a remote location (hotel, airport, public Wi-Fi, mobile Internet).

Multiple Authentication Modes

The same application can accept several types of authentication simultaneously — for example, Windows accounts for internal users, login/password for external users, and strong authentication for critical operations. Read more

Multiple Active Directories — Identity Federation

Reuse Windows accounts located in several Active Directories, whether or not they belong to the same network. Security is centralized while users are distributed across multiple sites or organizations. Read more

Windows SSO (Single Sign-On)

Windows users can access your application without entering their credentials. Visual Guard automatically captures the current Windows session and applies the access rights granted to that account.

Web SSO (Single Sign-On)

Users can log in once and navigate across several websites without authenticating again, regardless of whether the sites share the same network. Read more

Offline Mode

Users can log in and access a desktop application without a network connection. Visual Guard operates locally to authenticate users and enforce their permissions. Supports .NET WPF and WinForms applications.

Custom Password Policy

For login/password accounts, customize the rules for defining, renewing, unlocking, and expiring a password. For Windows accounts, the current Active Directory password policy applies.

User Access Rights

Define and grant permissions — control access to application features and data
Define Fine-Grain Permissions Inside the Application

Create precise permissions to control access to specific data and features inside your applications — menus, buttons, fields. Group permissions into permission sets and roles.

Dynamic Actions

Enforce permissions with dynamic actions: change object properties at runtime in your application (e.g. disable a menu item, hide a field). These actions are defined and stored in Visual Guard, independent of the application code, and applied at runtime.

Static Actions

Your code retrieves user permissions via the Visual Guard API and enables the appropriate application features. For example: if the user has the permission "Can_Read_Invoice", enable the button "View_Invoice".

Grant Access Rights to Users

Grant roles or permissions to users via the Visual Guard Console, or programmatically via the VG API.

Grant Access Rights to User Groups

Grant roles to groups. When placing users in groups, they automatically inherit the roles of their group. Optionally, you can choose to propagate group roles to sub-groups.

Workflow

Automate approval processes and security responses for user access and permissions
Custom Approval Workflows

Define workflows to automate approval processes for access requests, role assignments, and permission changes. Each workflow enforces a structured validation sequence before any change is applied, ensuring governance policies are respected and reducing the risk of unauthorized access.

Notifications on User Actions

Trigger automated email notifications in response to specific user events — account creation, role assignment, access requests — keeping administrators and approvers informed at each step of the process.

React to Security Events

Workflows can be triggered to automatically lock accounts, revoke or reassign roles, force a password change at next logon, and alert administrators in response to suspicious activity or policy violations.

Workflow Operations

Build workflows from a library of configurable operations: conditional logic (if/else), user retrieval, role assignment, user approval or locking, password policy enforcement, URI calls for external integrations, and automatic generation of documentation or permission matrices.

Impersonation Management

Designate a Master Admin as the impersonated user for workflow or Identity Server operations. Reassignment is required before deletion, ensuring consistent integrity across user mappings.

Monitoring and Traceability

Track workflow execution in real time. Every request, approval, and automated action is logged, providing a complete audit trail for compliance and operational review.

Traceability, Monitoring, and Audit

Track and review important activities across your applications
Log Important Application Events

Record important events for traceability: user logon, business operations, administrator actions, system security events.

Monitor Applications in Real Time

Follow critical activities in real time — access to confidential data, sensitive transactions, security changes. Detect suspicious events such as critical operations at unusual times.

Send Email Notifications for Sensitive Events

Automatically alert administrators, controllers, or managers of important or suspicious activities.

Audit User Operations

Review business operations in detail: who did what, when, and from where. Filter by application, user, date, device, or event type. Pinpoint issues or suspicious events.

Audit Identity Server and Workflow Impersonation

Validate and audit user permissions for Identity Server and workflow impersonation operations. Visual Guard verifies role-based access rights, logs insufficient privileges for traceability, and alerts administrators when required rights are missing.

Analyze Past Activities with Historical Graphs

Analyze activity trends with graphs. Detect potential issues such as unusual transaction volumes.

Analyze Application Usage with Attendance Graphs

See how each application is used. Display the time and number of successful or failed connections.

Audit Administrator Operations

Review administrator activities — user creation, permission grants. Filter by application, user, date, device, or event. Pinpoint issues or suspicious events.

Generate Security Reports

Generate reports on the access control configuration: users, groups, access rights, and more.

Security Tools

User-friendly applications dedicated to managing and controlling security
Administration Console (Desktop)

Ready-to-use, Windows-based application designed for developers and master administrators setting up the environment and managing application security.

Administration Console (Web)

Ready-to-use web application dedicated to administrators managing users and granting access rights, and to auditors reviewing application security. Configuration is automatically backed up, protecting critical settings against accidental changes or system failures.

Deployment Tool

Deploys a security database from development to test and production environments. Supports batched deployment for large repositories, ensuring stable and efficient processing when managing high volumes of users.

Visual Guard Identity Server

Production server managing user identities, authentication, and access control for Visual Guard-secured applications. Verifies credentials, enforces security policies, and exposes services consumed by connected applications. Supports Single Sign-On, identity federation, OAuth 2.0, and OpenID Connect. Read more

Security Framework

Integrate Visual Guard and manage security by program
Call the Visual Guard APIs

VG APIs expose hundreds of methods for securing applications in production — authenticating users, enforcing permissions, logging activities — and administering security: managing users, groups, roles, and permissions.

Secure Multiple Applications

Centralize the security of all your applications. Get a global overview of all users and their access rights across the entire IT system, with comprehensive and uniform control and audit across all applications.

Secure .NET Applications

Add a VG .NET runtime to your applications to secure them. Supports WinForms, WPF, ASP.NET, WCF, MVC, as well as SharePoint applications.

Secure PowerBuilder Applications

Add a VG PowerBuilder runtime to your PowerBuilder applications to secure them.

Secure Java, PHP, and Other Languages

Call the web services exposed by the Visual Guard Identity Server to authenticate users, enforce permissions, and log activities from any language capable of web service calls.

Customize the Administration Console

Get the full source code of the web administration console and adapt it to your business needs. Implement your business logic and call the VG API to manage and audit security. Our support team will assist you every step of the way.

Support Additional Authentication Providers

Develop a module to integrate with a third-party authentication provider. Our support team will guide you every step of the way.

Add Custom Security Rules

Implement custom security rules for your application — for example, enforce segregation of duties by defining which roles or user groups must be mutually exclusive. Our support team will guide you every step of the way.

Resources

Authentication & Identity
Mixed-Mode Authentication Identity Federation Web Single Sign-On (Web Portal) Active Directory and Visual Guard Visual Guard Identity Server
Administration & Deployment
Windows Administration Console Web Administration Console Visual Guard Deployment Utility Visual Guard Architecture
Security & Access Control
SaaS and Multi-tenant Applications Access Control for SaaS Applications Protection against Security Breaches Role Based Access Control (RBAC) — White Paper

Entrust your Application Security to Professionals

Entrust Visual Guard

Try