Can we use the user's windows login without having the VG login screen appear at all?In case of AD accounts and SSO: When the user starts his computer and opens a windows session, each application opens without displaying VG login window. In case of UN/PW account: A login window has to be opened to ask the user his credentials. You can use either Visual Guard login window or a login window you have developed on your own. Visual Guard .NET - Version 2.7.806.18

We are using Active Directory, and our managers can enter the system from an other machine than their own at the office. In this case, should they have a second account out of Active Directory, for the connections from other machines. Will we need two accounts? The manager will have to close the current Windows session and start a new session with his Windows account. Other option: As you mentioned, the manager could have two accounts, one Active Directory, one username/password account. They would...

I would like to authenticate with the domain controller. Can I do this with Visual Guard? The Domain Controller is using Active Directory to authenticate a user. For Visual Guard user management process, it is considered as Active Directory, and there is no particular restriction. Visual Guard

How to grant a role to a Windows Group? * Create a Windows Group for each application's role * Create a single VG Account for each Windows Group * Grant a single VG role to each VG account * Bottom line, you manage a 1-to-1 relationship between Windows Groups and VG Role and you do not manage a long list of user accounts Please note that the property "VGSecurityManager.IncludeWindowsGroups" should be true (you define this property when you generate VG configuration files) If so, when a user logs in t...

Hello guys, here is the situation: We have a configuration with AD several forests (let's say Forest ID n°1 and Forest ID n°2). We have a set of users accessing the Internet on a server connected to Forest ID n°1 and a set of users accessing the Internet on a server connected to Forest ID n°2. We want to know if a forest ID n°1 user can connect to the second app even if he is not in the forest N°2. Yes it's possible to authenticate users belonging to several AD forests in using Visual Guard. Fed...

You can map Windows Groups with VG accounts, then grant both Application and Shared Roles to these accounts. Open the Console, right-click on the "user" icon and select "Add Windows User or Group" Search for a Windows Group and declare it as a VG Account: you can then grant him Application and/or Shared Roles. As a result, the daily user management is done in Active Directory, not in VG anymore. Visual Guard

If we start a user out on File based authentication and they want to migrate to AD based authentication at a later date, is there a mechanism for this? There is no mechanism in Visual Guard to create accounts in Active Directory. What we have is a mechanism to declare several AD accounts in one time in Visual Guard repository. You can declare a Visual Guard account for an Active Directory group, which gathers automatically several AD accounts. Visual Guard

When using Windows authentication, is it possible to get it to prompt for the users password? What I've seen is it will auto fill the users network user id, but all they have to do is click OK. To me, that means anyone can walk up to a admin's workstation, open the app, click OK, and then can do whatever. Prompting for password would add a little bit more. In Visual Guard .Net we offer the possibility to use Windows accounts stored in Active Directory to give the user the opportunity to have single si...

How to retrieve users from the Active directory? The Visual Guard console provides a dialogue box that enables to search for a user or a group in the Active directory (add windows accounts or groups). When the user is found Visual Guard stores his security identifier (SID) in the repository. You will then be able to assign VG roles to this user. In your application, you just need to retrieve the common Windows identity and provide it to VG which will allow VG to apply the corresponding permissions. ...

How does Visual Guard .Net manage the use of its password policy if we have Active Directory password policy? The Visual Guard .Net password policy is applied for Visual Guard .Net users/ accounts. If you work with Active Directory/ Windows accounts or groups, Visual Guard .Net will not change your Active Directory password policy. In that case the passwords and the password policy are stored and administrated in Active Directory. This enables to use the single sing on. Windows users will log on t...

If we change something in Active Directory, how this change will be reflected in Visual Guard .Net? Visual Guard .Net does not change the Active Directory accounts. Actually, Visual Guard does not use the Active Directory accounts directly? Visual Guards saves the SID of each AD user account. If you edit the information in AD (name of the account, password, address or any other information) it does not have consequences on Visual Guard. If you suppress a user account in Active Directory, the name wil...

When Active Directory is used, does Visual Guard .Net modify Active Directory or simply access it and use data base tables for permission data? Actually, Visual Guard .Net does not "use" Active Directory at runtime. It gets the security Id of the current Windows account and it checks the permission in the repository (database). Visual Guard .Net stores only the Security Id of Windows Accounts in the repository. Visual Guard .NET

Does Visual Guard .Net copy the Active Directory's users in its repository? Visual Guard .Net stores the SID of the Active Directory's users. When Visual Guard .Net checks the authorizations of the user, Visual Guard .Net gets back the SID of the current Windows User, and check the authorization for this account. Visual Guard .Net stores as well the name of the account (MyDomainMyAccount) but only accessible in read only. Visual Guard

If a user is using one of our programs and then opens another one of our EXEs can we pass the credentials without having them login again? In the case of username/password accounts: Two applications secured with Visual Guard can communicate to transfer the identifier of the user account to the application you need to open. This application calls Visual Guard providing the credentials of the user. VG then loads the permissions of the user and secures the application without displaying the login window...

If we use a Single Sign-On system, do you need a logging window pop-up before entering the application? Not by default, you can use one if a password is required for user authentication. Visual Guard

Can Visual Guard .Net be used to connect to web applications residing at different domains, using single sign on? Yes it's possible to authenticate users belonging to several AD (even if they are not in the same forests) in using Visual Guard. With ADFS you federate several Active Directory repositories belonging to distinct networks or companies. Administrators declare Windows accounts or Windows groups from these Active Directories in a central Visual Guard Repository. Then, the corresponding use...