Matrix Communications AppID Enterprise Features
Advanced SSO and Dynamic Password Management
With support for all major browsers—including Internet Explorer®, ChromeTM, Firefox® and Safari®—as well as apps for both iOS and AndroidTM, Matrix Communications AppID® Enterprise gives users the freedom to work anytime, anywhere and from virtually any device without requiring multiple login credentials.
Matrix Communications AppID Enterprise provides advanced single sign-on (SSO) to any web application – regardless of where it is hosted and whether it supports standards (such as SAML). Users access their applications by logging into the AppID portal. That’s it – one dashboard and just one password to remember.
Dynamic Password Management
Dynamic Password Management automates password changes and immediately replaces weak user-created values with passwords that are long, strong and unique across every account.
Matrix Communications AppID Enterprise supports the full range of strong two-factor authentication solutions with a choice of methods including SMS and push notification to protect access to sensitive applications for all or a subset of users.
New applications can be added to AppID Enterprise in less than a minute with the easy-to-use Application Admin wizard.
Using the comprehensive built-in enrollment features makes it possible to easily deploy multiple applications across thousands of users in a matter of hours.
Context-based authentication balances trust against risk by letting you implement simple policies that allow (or deny) access to web applications based on contextual information – such as user role, group membership, device usage, location (IP address) and geographical location.
Context-based authentication dynamically adapts to context changes to:
→ Restrict access to high-risk applications that contain sensitive data to known office locations or to specific IP addresses (in the case of remote users)
→ Limit access to applications to approved or trusted devices
→ Require users to authenticate using 2-factor authentication (2FA) to access certain applications
AppID Enterprise automatically detects network changes and updates application availability in real-time. If a user tries to access an application and they don’t meet the contextual pre-requisites, you can decide how they are notified, including:
→ A 2FA pop-up that lets them “step-up” their level of authentication
→ Graying out applications on the portal if they are unavailable from a particular network or location
→ A message pop-up that tells them: “This application is only available from corporate headquarters”
Matrix Communications AppID® Enterprise features patented Application Shaping technology that enables you to manage web application features and functions. With a few clicks, you can set powerful policies to determine exactly which pages and elements within an app a user can access and/or see, such as menu options, buttons, links, tabs, etc. For instance, you can:
→ Remove or gray out functionality such as Export, Download, Attach File, Share and Copy
→ Hide or redact sensitive data
→ Define user access to features based on the user’s role
→ Monitor and log specific user actions with the option to capture screenshots
→ Restrict access to any element within the application
By controlling not only application functionality but also browser activity, you can minimize the ability to misuse and abuse applications.
Masking Sensitive Data
With AppID Enterprise, you can mask or redact sensitive or regulated data—including personally identifiable information—that would ordinarily be visible in the browser. This action can be decided based on the user’s role, group membership, device being used, etc.
Standards, such as PCI DSS, which require access to cardholder data (and the primary account number or PAN in particular), can be restricted on a need-to-know basis.
Audit and Compliance Visibility
Matrix Communications AppID® Enterprise gives you a detailed audit trail of all user interaction with applications—from login to logout and everything in between. You can configure auditing levels for both individual users and applications as well as groups of users.
Uniquely placed within the browser between the user and the applications they access, Matrix Communications AppID Enterprise provides total visibility of all user activity within any web application. This includes Single Page Interface (SPI) applications, where user interaction may not result in a change in URL or communication with the application server. Proxy or gateway-based solutions are often unaware of everything users do and see within applications written in this way.
You can monitor the use of specific features within applications with the option to capture screen shots of particular actions. This provides you with visual evidence of exactly what the user sees or doesn’t see.
→ View activity through a “single pane of glass” across all devices used
→ Demonstrate and achieve compliance
→ Provide visibility of all web applications used (or not used)
Matrix Communications AppID Enterprise has an intuitive analytics dashboard and can audit detailed user activity down to every click of the mouse with optional screenshots attached for specific events.
→ The dashboard provides audit intelligence to monitor:
→ File downloads
→ Attachments to email
→ Application use
→ And more
Are you in a regulated industry? The reporting capabilities in Matrix Communications AppID Enterprise can help enterprises meet the controls within ISO27001, including:
→ Removal of Access Rights (A.8.3.3)
→ Monitoring (A.10.10)
→ Access Control (A.11)
→ User Access Management (A.11.2)
→ Application and information access control (A.11.6.1)
→ Mobile Computing (A.11.7)
AppID Enterprise also enables compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and numerous requirements within the Payment Card Industry Data Security Standard (PCI DSS) (including Requirements 3, 7, 8 and 10).
Active Directory Integration
For the majority of companies, Active Directory® (AD) is the primary identity store that defines which users have access to critical business applications. But most web applications require their own logins, so users end up having to remember multiple usernames and passwords.
Matrix Communications AppID® Enterprise seamlessly integrates with AD (and other Lightweight Directory Access Protocol directories)(LDAP), so you can leverage your existing IAM investments and extend them to any web application, internal or external.
Users get a central web portal with one login (their AD login) that they can use to access all their web applications. AppID Enterprise will remember all their logins for their web applications so they’ll only need to remember their primary login credentials.
This is very convenient for users, and it also provides extra security and control to IT admins.
Just-in-Time User Provisioning
Just-in-Time provisioning automatically creates a user account in Matrix Communications AppID Enterprise the first time a valid AD user attempts to authenticate, negating the need for manual steps by IT teams.
If a user is disabled or removed from AD, then the user is no longer able to access any web applications that are managed by Matrix Communications AppID Enterprise, whether internal or in the cloud.
Simple Policy Management
By linking AD group memberships to Matrix Communications AppID Enterprise policies, you can ensure that users are automatically given the correct permissions, without needing to perform any additional steps.
Office 365 Integration
It provides more than just SSO for Office 365. Use the app shaping, dynamic password management, context-based authentication and comprehensive reporting capabilities to increase security and access management for Office 365.
The Matrix Communications Cloud can either be deployed off-premises with a secure connection to AD or on-premises alongside the directory servers, which are inside the firewall.
The Matrix Communications Secure Bridge can be used to create a trusted connection between the Matrix Communications Cloud and AD. To ensure that no directory information is exposed or accessible externally, the Secure Bridge uses a combination of strong FIPS 140-2 compliant encryption and public/private keys.
Matrix Communications AppID Enterprise protects Salesforce assets including Accounts, Leads, Contacts, Documents and more, without the need for expensive custom development. For applications built on the Force.com platform, Matrix Communications AppID Enterprise provides Single Sign-On (SSO) and granular application access control to any feature or function, as well as a comprehensive audit trail of all user activity.
Mobile Device Support
As users adopt more web applications and take advantage of Bring Your Own Device (BYOD) policies, the risk of enterprise data being compromised goes up.
It supports both iOS and AndroidTM platforms, extending the SSO, application feature control and detailed audit functions to iPhones®, iPads®, and Android smartphones and tablets.
→ Users have a consistent experience regardless of the device, whether company owned or not
→ Approved web applications are accessed via a single portal or landing page
→ Available through the Apple® App Store or Google PlayTM store