User Management

Manage users accessing your applications
Express
Enterprise
User Provisioning
Create, store, administer large volumes (up to millions) of user accounts with the Visual Guard Console.
Manage them in a central system, or a deploy them to multiple sites (ISV or distributed systems).

1000 accounts

Depends on your license

Create Login/password accounts

Create and manage login/password accounts within Visual Guard.
Grant them rights to access certain data and features inside your applications.

Reuse Windows accounts from an existing Active Directory
Use Windows Accounts to authenticate users accessing your application.Grant rights to Windows Accounts or Windows Groups, to access specific application data or features.
Edit Windows accounts
You can authorize user administrators to add/edit/remove Windows Accounts with the Visual Guard Console.
Let users self-register
Allow users to create an account for themselves. Grant them automatically default (limited) access rights. You can choose to require administrator validation before they can access the application.
Manage Groups of Users
Define a hierarchy of groups. Replicate the structure of your organization.Place users in groups. Grant access rights to user groups.
 
User Authentication

User Authentication

Verify user identities with various authentication methods
Express
Enterprise
Login/password authentication
Users must provide a valid login/password combination before accessing your application.
Windows Authentication
Users must provide valid Windows credentials before accessing your application. Optionally, you can let users enter the application without asking for their credentials (see below "Windows SSO").
Strong / Multi-Factor Authentication (MFA)
Highly secured, yet very simple for end-users: they provide their pin code or fingerprint, through an authorized device (mobile or web browser). It supports the most complex security requirements. Read more
 
Remote Windows Authentication
Users can log in your application with their Windows credentials, although they connect from a remote location (hotel, airport, public wifi, mobile Internet...).
 
Multiple Authentication Mode
The same application can accept several types of authentication. For instance Windows Accounts for internal users, login/password for external users, strong authentication for critical operations.
Multiple Active Directories - Identity Federation
Reuse Windows accounts located in several Active Directories, no matter they belong to the same network or not. Security is centralized, although users are spread over multiple sites or companies.
 
Windows SSO (Single Sign-On)
Windows users can access your application without entering their credentials: Visual Guard automatically captures the current Windows account and applies the access rights granted to this account.
Web SSO (Single Sign-On)
Users can log in once, and navigate across several websites without login again. No matter the websites are hosted in the same network or not. They just need to communicate with your VG server.
 
Offline mode
Users can log in and access a desktop application although they are offline: Visual Guard works locally to authenticate users and enforce apply their permissions. Supports .NET WPF and Winforms applications.
Custom Password Policy
For login/password accounts, you can customize the rules to define, renew, unlock, and expire a password. For Windows accounts, the current Active Directory password policy will appliesy.
User Access Rights

User Access Rights

Define and grant permissions. Control access to application data and features
Express
Enterprise
Define Access Rights inside the application
Create fine grain permissions, to control access to specific application data and features (menu, buttons, fields...). Group Permissions into Permission Sets and Roles.
Dynamic Actions
Enforce permissions with "dynamic actions": change dynamically objects properties in your application (e.g., disable a menu item, hide a field...). These actions are completely independent of the application's code. They are defined and stored within VG and applied at run-time by Visual Guard. Learn more
Static Actions
Your code retrieves the user permissions via the Visual Guard API and enables the proper application features. E.g., if the user has the permission "Can_Read_Invoice", then enable the button "View_Invoice".
Grant Access Rights to Users
Grant roles or permissions to users via the Visual Guard Console, or by programming via the VG API.
Grant Access Rights to User Groups
You can grant Roles to Groups. When placing users in groups, they automatically get the roles of their groups. Optionally, you can choose to propagate Group roles to sub-groups.
 
Traceability

Traceability, Monitoring, and Audit

Keep track and review important activities inside your applications
Express
Enterprise
Log important application events
Record important events for traceability reasons: user logon, business operations, administrator operations, system security events...
 
Monitor applications in Real-time
Follow important activities in real time inside your applications such as: access to confidential data, critical transactions, security changes. Detect suspicious events - e.g., critical operations at unusual times.
 
Send email notifications for sensitive events
Automatically alert administrators, controllers or managers of important or suspicious activities.
 
Audit User Operations
Review in details the business operations performed in your applications (who did what, when, from where?). Filter them by application, user, dates, device or event. Pinpoint issues or suspicious events.
 
Analyze past activities with Historical Graphs
Analyze business trends with Graphs. Detect possible issues - for instance, unusual volumes of transactions.
 
Analyze application usage with attendance graphs
See how each application is used. Display the time and number of successful or invalid connections.
 
Audit Administrator Operations
Review administrator activities (create users, grant permissions...). Filter them by application, user, date, device or event. Pinpoint issues or suspicious events.
 
Generate Security Reports
Generate reports about the access control configuration (users, groups, access rights, etc.).
 
Security Tools

Security Tools

User-friendly applications, dedicated to personnel managing and controlling security
Express
Enterprise
Administration Console (Desktop)
Ready-to-use, Windows-based application, designed for developers and master admins setting up the environment and managing application security. Learn more
Administration Console (Web)
Ready-to-use web application, dedicated to administrators managing users and granting them access rights, as well as auditors controlling/reviewing application security. Learn more
 
Deployment Tool
Utility deploying a security database from dev to test, and production environments. Learn more
 
Visual Guard Server
Production server, exposing authentication, access control, and logging web services, and securing any applications capable of https or SOAP requests (Java, PHP, Delphi, C++, etc.).
 
Security Framework

Security Framework

Integrate Visual Guard and call its APIs, to manage security by Program
Express
Enterprise
Call the Visual Guard APIs
VG APIs expose hundreds of methods for securing the application in production (authenticating users, enforcing permissions, logging activities) and administering security (managing users, groups, roles...).
Secure multiple Applications
Centralize the security of all your applications. Get a global overview of all users and their access rights across the entire IT system. Comprehensive and uniform Control and Audit across all the applications.
1 App
Secure .Net Applications
Add a VG .Net run-time in your applications to secure them. Supports Winform, WPF, ASP.NET, WCF, MVC, as well as SharePoint Applications.
Secure PowerBuilder Applications
Add a VG PowerBuilder run-time in your PowerBuilder Applications to secure them.
 
Secure Java, PHP, AngularJS and other languages
Call the Web services exposed by the Visual Guard Server to Authenticate users, enforce permissions and log activities. Works with any language capable of calling Web Services.
 
Customize the Administration Console
Get the full source code of the Web Administration Console, and adapt it for your business needs. Implement your business logic and corporate presentation standards, and call the Visual Guard API to manage and audit security. Our support team will assist you every step of the way.
 
Support additional types of authentications and identities
Develop a module that will integrate with a 3rd party authentication provider. Our support team will guide you every step of the way.
 
Add custom security rules
Implement custom security rules for application security. For example, enforce segregation of duties by defining which roles or user group should be mutually exclusive (can't be granted to the same user). Our support team will guide you every step of the way.
 

Resources