Subscribe
By Nik Pot in Product

Zero Trust Network Access

Replace legacy VPN with modern zero trust solution to access on-premises applications, SSH servers, RDP desktops, databases - all without passwords.

Zero Trust Network Access

Introduction

How many times you had to enter your password to access your company application or infrastructure from home? Do you use VPN for that? What if I told you to forget about it? You can use idemeum secure remote access to connect to your applications and infrastructure from anywhere with no passwords, additional software, or IT involvement.

What does idemeum ZTNA offer ?

  • Privileged access - on-premises applications, SSH servers, RDP desktops, databases

  • Simple deployment - no ports to open, firewall rules to change, or client agents to install

  • Full control - secure authentication, fine-grained access control, robust audit capabilities, session recordings, per-session MFA combined

  • Modern technology - replace legacy VPN with identity-aware, multiple- protocol access proxy built on zero trust concepts and principles

  • True passwordless - replace passwords and static credentials with biometrics and short-lived certificates

How does it work ?

Which zero trust principles are put in place ?

  • Never trust, always verify using passwordless multiple factors - verify and authenticate with phishing-resistant idemeum Passwordless MFA before granting access on a per-session basis to enterprise applications and infrastructure

  • Access to resources is determined by fine-grained dynamic policy - leverage granular dynamic access control to enforce least privilege principle and grant users the minimum access required to do their work

  • Leverage micro-segmentation to limit lateral movement - segmented resource access through secure network proxy service and reverse tunnels

  • Single-click secure access - secure and seamless single-click access to the applications and infrastructure

Supported use cases

On-premise applications

idemeum can provide remote access to legacy / on-premise application in multiple ways :

  • JWT Header-based authentication
    idemeum can pass user information in a JWT token as part of HTTP exchange to achieve the single sign-on. This provides a true SSO where user does not need to enter username and password and relies on JWT to verify the user identity. The downstream on-premise application will have to be modified to integrate JWT verification.
    SRA-JWT-applications

  • Form-based authentication - Password Vault
    idemeum will leverage the password vault to achieve the form-based single sign-on. Password vault safely stores, manages, auto captures and auto-fills credentials. It also can detect password change and suggest strong one.
    SRA-Vault-applications

  • LDAP Proxy
    Applications that use LDAP authentication can integrate with idemeum LDAP Proxy. idemeum LDAP Proxy works with any directory that supports LDAP protocol for authentication.
    SRA-LDAP-Proxy-applications

SSH server

idemeum offers seamless way to connect to Linux servers over SSH. Instead of using static passwords and SSH keys, users are authenticated with short-lived certificates instead. The terminal session is established in the browser offering one-click access to any server. Each session is recorded and can be replayed later on for security and compliance purposes.

Remote Desktop server (RDP)

idemeum offers seamless way to connect to Windows servers over RDP protocol. Once users access company portal with Passwordless MFA, then can access any server with RDP. No password is required as user will be authenticated with smart cards.

Databases

idemeum offers seamless way to connect to cloud-based or self-hosted databases. Instead of using passwords to login into the database, users are authenticated using IAM for cloud-based databases hosted in AWS, GCP... or certificate-based for self-hosted database.

Takeaway

idemeum Secure Remote Access uniquely offers connectivity to your on-premises resources as well as passwordless authentication and fine-grained access control, so that users truly have one-click seamless access from anywhere in the world.

So, if you wish to leverage the benefits of idemeum secure remote access for your organization— check out our idemeum platform page.

Book a demo today to learn more.