Integrate PowerBuilder with Active Directory

Integrate with Active Directory - Implement Single Sign-On (SSO)
Centralize Security for several technologies - Comply with regulations (GDPR, SOX, HIPAA...)
Delegate Security Admin to Business Users

Try Visual Guard

Authenticate Users Against Active Directory

Thanks to Visual Guard you can manage a single user list in Active Directory and implement Single Sign-on (SSO) authentication in your PB applications.

The Identity Federation features also provided by Visual Guard allow independent entities to access the same system, while using Windows accounts to authenticate users. Each organization still manages their own Windows accounts, stored in Active Directory.

PowerBuilder with Active Directory

PowerBuilder integration with Active Directory

Integrate with Active Directory

Users will sign in to PowerBuilder applications with their Windows accounts

Single Sign-On (SSO) and PowerBuilder Applications

SSO for PowerBuilder Applications

Implemente Single Sign-On (SSO)

Users don't have to enter their credentials.
They start the application, and get authenticated silently.

Grant permissions to Windows Users

Grant permissions to Windows Users

Grant Access Rights to Windows Users

Define which data they can access, which controls they can use etc.
Users Permissions are automatically enforced after authentication.

Manage permissions at group level

Grant Access Rights to Windows GROUPS

Grant Access Rights to Groups. Then place Users in Windows Groups. No need to manage permissions for individual Users

Easy Implementation

Only 5 Steps to integrate Visual Guard

Easy implementation

Add a library to your application and call Visual Guard: it will take it from there. All the features are ready to use, including an Administration Console.

Centralize Security

Standardize your Applications Security

Same Security for all Technologies

A Single Central Security System for all applications: .NET, Java, PowerBuilder, Oracle, SharePoint, PHP....

Make your application Compliant

Discover Visual Guard

In this video you will see how easy it is to integrate your PowerBuilder Applications with Active Directory and implement Single Sign On.

Going further you will discover all the possibility offered by Visual Guard to modernize your PowerBuilder Application security.

5 Steps to implement SSO in your PowerBuilder application

1 - Reference Visual Guard in the application

i.e. add 2 PBLs provided by Visual Guard to the application library list.

2 - Create the Security Manager
vge_n_cst_vgmanager uo_vgmanager
uo_vgmanager = CREATE vge_n_cst_vgmanager
3 - Connect to the Access Control repository
uo_vgmanager.of_SetTransObject (…)    
4 - Authenticate the user and load their security
uo_vgmanager.of_verifyuser (…)
The same method applies to both Windows accounts and Username/Password accounts. This will authenticate the user and download his access privileges (if any).
5 - Apply User Access Privileges in the application (optional)

You may use this method if you defined restrictions for the user to access data and/or features in the application. One call in the ancestor window is enough to apply access privileges in the entire GUI.


Do not reinvent the wheel

Why spend months or years of complex developments, when you can easily implement a ready-to-use solution, embedding a complete feature set?

Read More

We keep up with security standards and technologies for you, and assist you down the road for designing, installing and configuring your system.

Read More

Visual Guard Features

User Management

Manage users accessing your applications
User Provisioning
Create, store, administer large volumes (up to millions) of user accounts with the Visual Guard Console.
Manage them in a central system, or a deploy them to multiple sites (ISV or distributed systems).

1000 accounts

Depends on your license

Create Login/password accounts

Create and manage login/password accounts within Visual Guard.
Grant them rights to access certain data and features inside your applications.

Reuse Windows accounts from an existing Active Directory
Use Windows Accounts to authenticate users accessing your application.Grant rights to Windows Accounts or Windows Groups, to access specific application data or features.
Edit Windows accounts
You can authorize user administrators to add/edit/remove Windows Accounts with the Visual Guard Console.
Let users self-register
Allow users to create an account for themselves. Grant them automatically default (limited) access rights. You can choose to require administrator validation before they can access the application.
Manage Groups of Users
Define a hierarchy of groups. Replicate the structure of your organization.Place users in groups. Grant access rights to user groups.

User Authentication

Verify user identities with various authentication methods
Login/password authentication
Users must provide a valid login/password combination before accessing your application.
Windows Authentication
Users must provide valid Windows credentials before accessing your application. Optionally, you can let users enter the application without asking for their credentials (see below "Windows SSO").
Strong / Multi-Factor Authentication (MFA)
Highly secured, yet very simple for end-users: they provide their pin code or fingerprint, through an authorized device (mobile or web browser). It supports the most complex security requirements. Read more
Remote Windows Authentication
Users can log in your application with their Windows credentials, although they connect from a remote location (hotel, airport, public wifi, mobile Internet...).
Multiple Authentication Mode
The same application can accept several types of authentication. For instance Windows Accounts for internal users, login/password for external users, strong authentication for critical operations. Read more
Multiple Active Directories - Identity Federation
Reuse Windows accounts located in several Active Directories, no matter they belong to the same network or not. Security is centralized, although users are spread over multiple sites or companies. Read more
Windows SSO (Single Sign-On)
Windows users can access your application without entering their credentials: Visual Guard automatically captures the current Windows account and applies the access rights granted to this account.
Web SSO (Single Sign-On)
Users can log in once, and navigate across several websites without login again. No matter the websites are hosted in the same network or not. They just need to communicate with your VG server. Read more
Offline mode
Users can log in and access a desktop application although they are offline: Visual Guard works locally to authenticate users and enforce apply their permissions. Supports .NET WPF and Winforms applications.
Custom Password Policy
For login/password accounts, you can customize the rules to define, renew, unlock, and expire a password. For Windows accounts, the current Active Directory password policy will appliesy.
User Access Rights

User Access Rights

Define and grant permissions. Control access to application data and features
Define Access Rights inside the application
Create fine grain permissions, to control access to specific application data and features (menu, buttons, fields...). Group Permissions into Permission Sets and Roles.
Dynamic Actions
Enforce permissions with "dynamic actions": change dynamically objects properties in your application (e.g., disable a menu item, hide a field...). These actions are completely independent of the application's code. They are defined and stored within VG and applied at run-time by Visual Guard. Learn more
Static Actions
Your code retrieves the user permissions via the Visual Guard API and enables the proper application features. E.g., if the user has the permission "Can_Read_Invoice", then enable the button "View_Invoice".
Grant Access Rights to Users
Grant roles or permissions to users via the Visual Guard Console, or by programming via the VG API.
Grant Access Rights to User Groups
You can grant Roles to Groups. When placing users in groups, they automatically get the roles of their groups. Optionally, you can choose to propagate Group roles to sub-groups.

Traceability, Monitoring, and Audit

Keep track and review important activities inside your applications
Log important application events
Record important events for traceability reasons: user logon, business operations, administrator operations, system security events...
Monitor applications in Real-time
Follow important activities in real time inside your applications such as: access to confidential data, critical transactions, security changes. Detect suspicious events - e.g., critical operations at unusual times.
Send email notifications for sensitive events
Automatically alert administrators, controllers or managers of important or suspicious activities.
Audit User Operations
Review in details the business operations performed in your applications (who did what, when, from where?). Filter them by application, user, dates, device or event. Pinpoint issues or suspicious events.
Analyze past activities with Historical Graphs
Analyze business trends with Graphs. Detect possible issues - for instance, unusual volumes of transactions.
Analyze application usage with attendance graphs
See how each application is used. Display the time and number of successful or invalid connections.
Audit Administrator Operations
Review administrator activities (create users, grant permissions...). Filter them by application, user, date, device or event. Pinpoint issues or suspicious events.
Generate Security Reports
Generate reports about the access control configuration (users, groups, access rights, etc.).

Security Tools

User-friendly applications, dedicated to personnel managing and controlling security
Administration Console (Desktop)
Ready-to-use, Windows-based application, designed for developers and master admins setting up the environment and managing application security. Learn more
Administration Console (Web)
Ready-to-use web application, dedicated to administrators managing users and granting them access rights, as well as auditors controlling/reviewing application security. Learn more
Deployment Tool
Utility deploying a security database from dev to test, and production environments. Learn more
Visual Guard Server
Production server, exposing authentication, access control, and logging web services, and securing any applications capable of https or SOAP requests (Java, PHP, Delphi, C++, etc.). Read more

Security Framework

Integrate Visual Guard and call its APIs, to manage security by Program
Call the Visual Guard APIs
VG APIs expose hundreds of methods for securing the application in production (authenticating users, enforcing permissions, logging activities) and administering security (managing users, groups, roles...).
Secure multiple Applications
Centralize the security of all your applications. Get a global overview of all users and their access rights across the entire IT system. Comprehensive and uniform Control and Audit across all the applications.
1 App
Secure .Net Applications
Add a VG .Net run-time in your applications to secure them. Supports Winform, WPF, ASP.NET, WCF, MVC, as well as SharePoint Applications.
Secure PowerBuilder Applications
Add a VG PowerBuilder run-time in your PowerBuilder Applications to secure them.
Secure Java, PHP, AngularJS and other languages
Call the Web services exposed by the Visual Guard Server to Authenticate users, enforce permissions and log activities. Works with any language capable of calling Web Services.
Customize the Administration Console
Get the full source code of the Web Administration Console, and adapt it for your business needs. Implement your business logic and corporate presentation standards, and call the Visual Guard API to manage and audit security. Our support team will assist you every step of the way.
Support additional types of authentications and identities
Develop a module that will integrate with a 3rd party authentication provider. Our support team will guide you every step of the way.
Add custom security rules
Implement custom security rules for application security. For example, enforce segregation of duties by defining which roles or user group should be mutually exclusive (can't be granted to the same user). Our support team will guide you every step of the way.

Try Visual Guard Now

Try Visual Guard

Visual Guard Dynamic Permissions

See how to define permissions without touching the code of your application.

Consulting - Assistance - Support

Novalys can help you put your application security in place. Our team offers the following services.

Functional and technical specifications

Analysis of existing applications, Interviewing users on security management rules, Definition and attribution of permissions and user roles, Definition and repartition of administration privileges, Proposition of global or local organization of application security.


Integration of Visual Guard in your applications, Securing complex objects (Web services, classes…), Development of specific components or adaptation of Visual Guard components to respond to complex functional or technical specifications.


Installation and configuration of VG with ADFS, Installation and configuration of Web SSO with Visual Guard, Creation of a deployment procedure for security in production.


Benefit from a consistent and seamless experience from implementation to production thanks to the Visual Guard Professional Support Team.


Pre-sales and post-sales can be two very different things... I had a very uniform experience thanks to Anne

New Century Health Director of Systems Development

The support provided by Novalys has been excellent and very quick

Head of Securty of an international insurance company

Feedback from our clients