SafeAccess is the Namirial platform for passwordless authentication, designed to guarantee secure access to workstations and applications based on FIDO2 standards and PKI (Public Key Infrastructure).
It’s the simplest solution for cybersecurity, that helps businesses to reduce management costs with a secure, easy and ready-to-use authentication web platform.
| CUSTOMER | WORKFORCE |
|---|---|
| Ensure ease of adoption and implementation of SafeAccess solutions for all your customers | Protect your organization by adopting protection mechanisms on the systems used by your users, from single machines to applications |
| Full Cloud so that the customer does not have to worry about server management | Possibility of installation on Premises for full and seamless integration with MS Active Directory Also available for cloud versions such as Azure AD |
| Simple integration thanks to the use of APIs | Protection of the workstations thanks to the Credential Provider |
| Broad portfolio of multifactor authentication methods | Secure application access with Enterprise SSO for web, desktop and legacy applications without application developments |
The ideal solution for a management system accessible via the web.
SafeAccess is the Namirial platform for passwordless authentication, designed to guarantee secure access to workstations and applications based on FIDO2 standards and PKI (Public Key Infrastructure).
It is a simple and effective cybersecurity solution that helps organizations reduce management costs by providing a secure, easy-to-use, and ready-to-deploy web authentication platform.
The SafeAccess solution is composed of different components, which can be deployed individually or combined, depending on the customer’s needs.
The SafeAccess Credential Provider is a module that enables secure access to Windows workstations, replacing traditional credentials with passwordless technologies and multi-factor authentication (MFA). It integrates with Microsoft infrastructure, allowing authentication even on environments such as Microsoft Edge, RDP and Active Directory.
The Credential Provider supports:
- Device authentication: via USB token, smartcard or badge.
- Smartphone authentication: using the SafeAccess app and biometrics (FaceID, fingerprint).
- RDP access: remote authentication is performed using the same method as local login.
- Edge and protected profiles: when Windows requests credentials for protected sections, the Credential Provider allows access using the method configured for Windows login.
The SafeAccess Credential Provider integrates with:
- Microsoft CA for managing certificates and custom templates.
- Active Directory for managing groups and access policies.
The Credential Management System (CMS) is SafeAccess's central module for managing the credential lifecycle.
It allows system administrators to:
- Issue certificates
- Suspend, revoke or renew credentials
- Associate physical or virtual devices with users
- Create temporary tokens/smartcards to be used as a fallback method for users who have lost/forgotten their token.
- Initiate the PIN reset procedure
- Activate recovery mode
- Erase and initialise the token/smartcard so that it can be used to enrol new certificates.
- Change the configuration of the domain to which it points
The CMS can be installed in the following modes:
- Centralised: managed by IT administrators
- Self-Enrolment: managed directly by users via a dedicated app
SafeAccess is an authentication suite that allows you to implement passwordless and MFA authentication mechanisms to protect access to workstations, applications and corporate resources.
MFA requires at least two verification factors from among:
- Knowledge: something the user knows (e.g. password or PIN)
- Possession: something the user possesses (e.g. smartphone, token, smartcard)
- Inherence: something the user is (e.g. fingerprint, facial recognition)
SafeAccess supports various devices for MFA:
- Mobile app with biometrics
- USB and FIDO2 tokens
- Smartcards and MIFARE badges
- OTP codes via SMS or email
- QR codes for quick authentication
These methods can be integrated via SDK and API, allowing for centralised and scalable management of digital identities.
SSO reduces the number of credentials to manage, simplifies the user experience and improves overall security. The SafeAccess Enterprise SSO module allows users to access multiple applications (web, desktop, legacy) with a single authentication, without the need for changes to existing applications.
Key features:
- Seamless access to all corporate resources
- Workstation protection via Credential Provider
- Native integration with Active Directory
- Support for local and smart working environments
Passwordless authentication is based on the use of a credential that is not a password.
The verification mechanism on the server is different and relies on a challenge–response signature, which changes at every authentication attempt and cannot be reused or replicated.
To enable passwordless authentication, it is sufficient to use asymmetric encryption devices, which are the only technologies capable of guaranteeing the highest level of security.
A portable physical device used to securely store cryptographic information. It is compact and easy for the user to carry at all times.
A device with the size of a credit card, equipped with a microchip that stores and processes cryptographic data securely.
A MIFARE card already used by employees to access company infrastructures, enabled also for access to workstations.
A solution that allows users to authenticate using their smartphone, leveraging built-in biometric features such as fingerprint or facial recognition.
A FIDO-certified device that the user may already own for personal use or that can be provided by the IT administrator.