Visual Guard Version Comparison Matrix

Declare Windows Accounts or Windows Groups in the system and give them access to your applications.

Create groups and organize them in a hierarchy. Each group can contain sub-groups, username/password accounts or Windows accounts. You can grant a role to a group. In this case all the users in this group and in its sub-groups will have this role.

Users start a Windows session as usual. When they open an application, Visual Guard uses the current Windows account to authenticate the user against Active Directory. As a result, the user does not have to provide his credentials each time he enters an application.

The same application can support both Login/password accounts and Windows Accounts. For instance, you may authenticate internal users with their Windows Accounts, and external users with username/password accounts.

For better security, you can declare rules that Visual Guard will enforce when the user defines his password.

Federate several websites that may be placed in independent networks or companies. The user logs in once when entering the first website, and jumps to another website without entering his credentials again.

Federate several Active Directory repositories belonging to distinct networks or companies. Administrators declare Windows accounts or Windows groups from these Active Directories in a central Visual Guard Repository. Then, the corresponding users can access the applications secured by the system. As a result, you get one central security system, although users are spread over several independent Windows domains.

If a Windows application (Winform or WPF) is executed from a remote post (for example, a PC connected to the internet that does not belong to the same domain as the user’s Windows account), the user will enter their Windows credentials and Visual Guard will authenticate them.

If using a Winform or WPF application, the user can always enter the application, even if it cannot access the Visual Guard Repository: Visual Guard includes an offline store that contains the user permissions on the client-side and logs the user's operations in the application. When the application regains access to the Server, the offline store is automatically synchronized with the Visual Guard Repository.

Manage permissions to define how a user can access and use each application.
Permissions are grouped into Permission Sets. Permission Sets are granted to Roles. Roles are granted to users or groups.

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With static permissions, these actions are coded into the application: the application calls Visual Guard to receive the user's permissions and then executes the appropriate actions to adapt the application to the user's privileges.

Each permission corresponds to one or several actions that will activate, deactivate or modify the application's functionalities.
With dynamic permissions, these actions are defined and stored in Visual Guard only. At runtime, Visual Guard will dynamically load and apply them. As a result, the application code is completely separated from the security code.

Visual Guard permissions (static or dynamic) may hide or deactivate components of your applications’ user interface. More generally, permissions can modify any property of a .NET or PowerBuilder component. For dynamic permissions, these modifications are dynamically performed by Visual Guard, without any need to modify the application code.

Restrict user access to a subset of the application data.
For example, you can filter a list or table according to the user profile.

Define a role that groups together all a user's permissions for one application

Define a role that groups together all a user's permissions for multiple applications.

Assign a role to a user with either a username/password account or a Windows account.

Assign a role to a Visual Guard group. All the accounts contained in this group and sub-groups will have this role. You can also give a role to a Windows group. In this case, all the Windows accounts in this Active Directory group will have this role.

Visual Guard administrators and auditors can generate reports based on the current security data (users, groups, roles, permissions...)

Save all sensitive operations users have performed in applications secured by Visual Guard. You can then generate reports on these operations (who has done what, when, etc...)

Save all operations Visual Guard administrators have performed (create accounts, give permissions, etc...).
You can then generate reports on these operations (who has done what, when, etc...)