Visual Guard Architecture – Identity Federation
How to combine Identity Federation and Permission Based Access Control
The Visual Guard Identity Federation functions allow independent organizations to access the same system, while using Windows accounts to authenticate users:
- Each organization manages their own Windows accounts, stored in Active Directory
- In each organization, an administrator selects the Windows accounts that will have access to the system secured by Visual Guard
- The users provide their Windows credentials to access the system
Normally, the concept of identity federation is limited to user authentication. However, with Visual Guard, identity federation also includes management of user roles and permissions, and audit of actions performed by users and administrators:
- When a distant user is authenticated, Visual Guard applies their permissions, controlling access to the application’s functionalities.
- All operations performed by the users are logged in the Visual Guard repository.
- In addition, all operations performed by administrators, such as the declaration of user accounts or assignment of roles and permissions, are logged in the Visual Guard repository.
- Auditors can then review all these operations.
Authenticate users with Windows Accounts defined in an independent Active Directory
Authenticate users with Windows Accounts defined in an independant Active Directory