Support Center
  • English
  • Japanese
  • French
  • Spanish
  • Deutsch
Business Application Security
  1. Home 
  2. Visual Guard 
  3. SSO Implementation 

SSO Authentication for Business Applications

Implement Single Sign-On with Visual Guard for .NET, PowerBuilder, and Windows applications. Bridge legacy Active Directory and modern OpenID Connect authentication.

Why SSO Matters for Business Applications

In modern enterprises, users typically interact with multiple applications throughout their workday—from desktop tools to web portals, APIs, and mobile apps. Managing separate credentials for each system creates friction, reduces productivity, and increases security risks.

Single Sign-On (SSO) solves this challenge by enabling users to authenticate once and gain seamless access to all authorized applications. This eliminates password fatigue, reduces help desk costs, and strengthens security through centralized authentication and policy enforcement.

Key Benefits

  • One login, multiple apps
  • Reduced password fatigue
  • Lower help desk costs
  • Enhanced security
  • Centralized audit trails

Visual Guard provides comprehensive SSO capabilities that bridge legacy and modern authentication requirements. Whether your organization relies on Active Directory for desktop applications, modern cloud identity providers for web apps, or a hybrid of both, Visual Guard delivers flexible authentication strategies without compromising security or user experience.

Two Complementary SSO Approaches

Visual Guard supports both legacy and modern authentication methods

Desktop SSO

Windows & Active Directory authentication for thick-client applications

  • Seamless Windows session authentication
  • Kerberos/NTLM protocols
  • Multi-forest AD support
  • Perfect for PowerBuilder, WinForms

Web SSO

OpenID Connect & OAuth 2.0 for modern web and mobile applications

  • Standards-based token authentication
  • Azure AD (now Entra ID), Google, Okta (via OpenID Connect)
  • JWT token management
  • Perfect for ASP.NET Core, Blazor, SPAs

Visual Guard SSO Architecture

Visual Guard Identity Server (VGIS) serves as the central authentication hub for your entire application ecosystem. It connects your applications—whether desktop, web, or API-based—with identity providers ranging from traditional Active Directory to modern cloud services like Azure AD and Google Workspace.

The architecture provides a unified security layer that handles authentication, enriches identity claims with application-specific permissions, and enforces centralized access policies.

Visual Guard Identity Server Architecture

Unified Security

One platform for all authentication methods

Desktop SSO: Windows & Active Directory Authentication

Seamless Windows Authentication

Desktop SSO leverages the user's existing Windows session for authentication. When a user logs into Windows, that authentication automatically extends to all Visual Guard-secured applications. There's no separate login prompt, no additional password to remember, and no interruption to the user's workflow.

This transparent authentication works through industry-standard protocols like Kerberos and NTLM, ensuring compatibility with existing Windows infrastructure while maintaining enterprise-grade security.

Active Directory Federation

Visual Guard supports complex AD scenarios:

  • Multi-forest environments
  • Cross-domain authentication
  • AD FS integration
  • Distributed deployments
Desktop SSO Authentication Flow

Use Cases & Benefits

PowerBuilder Apps

Modernize security without rewriting your PowerBuilder codebase

.NET Thick Clients

WinForms and WPF benefit from transparent authentication

Legacy Windows Apps

Add enterprise SSO to applications never designed with it

Mixed Portfolios

Consistent authentication across different technologies

Modern Web SSO: OpenID Connect & OAuth 2.0

For web applications, APIs, and cloud-native architectures, Visual Guard Identity Server implements industry-standard OpenID Connect (OIDC) and OAuth 2.0 protocols. This enables secure, token-based authentication that works seamlessly across distributed systems and cloud environments.

VG Identity Server as Authentication Hub

VG Identity Server acts as an OpenID Connect provider and OAuth 2.0 authorization server. It handles the complete authentication flow, issues secure JSON Web Tokens (JWT), and enriches external identity claims with Visual Guard-specific permissions and roles.

  • Standards compliance - OIDC and OAuth 2.0 support
  • Token-based authentication - Stateless JWT tokens
  • Claims enrichment - External claims + VG permissions
  • Centralized policies - Consistent security rules

External IdP Integration

Azure AD / Microsoft Entra ID
Native integration with Microsoft's cloud identity platform

Google Workspace
Authenticate via Google accounts

Okta, Auth0 & Custom OIDC
Compatible with any compliant provider

Web SSO with OpenID Connect Flow

Modern Application Support

ASP.NET Core and Blazor

Native middleware integration makes authentication configuration straightforward. Visual Guard provides claim-based authorization that integrates naturally with .NET's security model.

Single Page Applications (SPAs)

JavaScript frameworks like Angular, React, and Vue.js can use OAuth2 authorization code flow with PKCE for secure browser-based authentication.

REST APIs and Microservices

JWT bearer token authentication enables stateless API security. Microservices can validate tokens independently if configured with the appropriate public keys from the Identity Server.

Mobile Applications

Native mobile apps can leverage OAuth2 flows using Visual Guard's Identity Server, while relying on platform-specific tools for secure credential storage and token refresh.

Hybrid SSO: Bridging Legacy and Modern Applications

Many organizations face the challenge of supporting both traditional desktop applications and modern web systems simultaneously. Visual Guard's hybrid SSO capabilities enable consistent authentication and authorization across this heterogeneous environment.

Phase 1: Desktop SSO

Implement Windows authentication for existing applications. Users gain immediate SSO benefits without application rewrites.

Phase 2: Web SSO

Deploy new web applications using modern OIDC authentication. Coexist with desktop apps, sharing the same user repository.

Phase 3: Migration

Gradually migrate desktop applications to web or cloud-native architectures, transitioning to OIDC as appropriate.

Real-World Scenario: PowerBuilder and Web Applications

Consider a manufacturing company with core business logic in PowerBuilder desktop applications and a new ASP.NET Core web portal for customer access:

  • Internal staff use PowerBuilder applications with transparent Windows authentication via Active Directory
  • Customers and partners access the web portal using Azure AD B2C or social identity providers
  • Both systems connect to Visual Guard Identity Server for authorization, ensuring consistent permission enforcement
  • Administrators manage all users, roles, and permissions through a single interface
  • Audit logs provide unified visibility into access patterns across both systems

Complex SSO Configurations

Enterprise environments often present authentication challenges that go beyond basic SSO. Visual Guard is designed to handle these complex scenarios without compromising security or usability.

Multi-Site Deployments

Organizations with operations across multiple geographic locations need SSO that works across network boundaries.

  • Users distributed across locations
  • Applications in different data centers
  • Performance across high-latency connections
  • Centralized security repository

Cross-Domain Web SSO

Web applications hosted on different internet domains can share authentication through token-based federation.

  • Token-based authentication across domains
  • No cross-domain cookie dependencies
  • Session continuity through token refresh
  • Partner portals and acquired domains

Multi-Tenant Applications

SaaS providers need SSO within multi-tenant architectures where each customer has their own identity provider.

  • Strict tenant isolation
  • Tenant-specific identity providers
  • Flexible IdP routing
  • Unified management console

Heterogeneous Stacks

Visual Guard enables SSO across applications built with different technologies over multiple decades.

  • .NET Framework through .NET 8
  • PowerBuilder and PowerServer
  • Java applications and services
  • Any JWT-capable system

Implementation & Integration

Visual Guard is designed for straightforward integration that minimizes development effort while providing flexibility for complex requirements.

Supported Platforms

.NET Framework and .NET Core
Native assemblies for deep integration. Support from .NET Framework 4.x through modern .NET 8.

PowerBuilder
Specialized integration for PowerBuilder 2019+ including PowerServer deployments.

Java and JVM languages
REST API integration enables authentication and permission retrieval.

Any platform via REST APIs
Comprehensive APIs for authentication, authorization, and user management.

Integration Approaches

SDK Integration
Native SDK for .NET and PowerBuilder provides deepest integration and best developer experience.

REST API Integration
Full functionality through standard HTTP endpoints for any technology stack.

Middleware Integration
Web applications leverage middleware that handles authentication automatically.

API Gateway Integration
Centralized authentication and authorization for all backend services.

Optional Access Control: Minimal Code Impact

One of Visual Guard's key differentiators is Optional Access Control—the ability to add comprehensive security to applications with minimal code changes. This is particularly valuable when modernizing legacy applications or adding security to existing codebases.

Security logic is externalized from application code through configuration in the Visual Guard Console. Permissions are defined, roles are assigned, and access policies are configured—all without modifying business logic. This approach enables progressive security integration: start with basic authentication, then add UI-level permissions, then business logic authorization, and finally API-level security—all without major refactoring at each step.

Beyond Authentication: Complementary Capabilities

Authorization

Centralized role-based and claims-based authorization. Permission updates take effect immediately.

Multi-Factor Authentication

MFA through email, SMS, or authenticator apps. Policies applied based on risk context.

Audit & Compliance

Complete audit trails supporting GDPR, SOX, HIPAA, and ISO 27001 compliance.

Administration

Intuitive consoles for managing users, roles, permissions, and policies across applications.

Learn more about Visual Guard's complete feature set →

Get Started with Visual Guard SSO

Visual Guard delivers comprehensive Single Sign-On capabilities that bridge legacy Windows applications and modern cloud architectures. The platform's standards-based architecture ensures compatibility with your existing identity infrastructure, while its centralized management reduces administrative overhead and improves security posture.

Try Visual Guard

Download a free trial and explore SSO capabilities in your environment

Start Free Trial

Request a Demo

See Visual Guard SSO in action with a personalized demonstration

Schedule Demo

Learn More

Explore technical documentation and integration guides

View Documentation

Related Resources

Entrust your Application Security to Professionals

Entrust Visual Guard

Try