DRAM - tool for user access control

Login users conveniently and securely

More

For user access control, we offer the DRAM (Dynamic Role Administration Manager) product, which implements the function of an access gateway in your IT environment. It is a product that has been designed to broadly cover the needs of customers from the government and commercial sectors and is suitable for deployment even in demanding operations with a large number of accessing users.

The concept of a single point of access to your applications

You can only really talk about controlling user access to your information systems when they are authenticated at a single point of access. Only then are you able to effectively apply security policies to all user logins. This single access point is implemented by the so-called access gateway - DRAM.

Security access policies

  • Different business applications often have different requirements for password complexity and age, as it is difficult to find a common denominator for such password policies. By deploying an access gateway, uniform rules can be set and a central password policy can be established.
  • Older (legacy) applications, often with discontinued support from the manufacturer, usually support only name and password login. By predeploying an access gateway, you effectively add support for advanced authentication methods to these applications as well, since the access gateway will provide authentication with, for example, a certificate, a one-time OTP code, or authentication against a Windows domain.
  • If Role Based Management (RBM) is implemented, the access gateway supports it. Users are then allowed to access resources according to RBM policies, i.e. by assigning users to appropriate roles and obtaining the rights resulting from such assignments.

User friendliness

  • The access gateway makes logging in much more pleasant for users. There is the possibility to use one password to log in to multiple applications, where the user logs in to multiple systems using identical login credentials.
  • SSO (Single Sign On) technology goes a little further. The access gateway remembers the authenticated user and, when another application is opened, redirects the user directly to the application without logging in again.

Alternative to VPN

Many companies address remote employee access to company applications by setting up a "VPN". For ordinary users however deploying an access gateway may be more convenient. Not only does it provide an encrypted connection to the company but the user does not have to remember the VPN password or install a special VPN application on their computer. Employees then work with company applications in the same way regardless of whether they are at work or at the home office.

Internal Identity Sources

Especially in large companies, the IT environment is very heterogeneous and often contains multiple systems providing user identities. These can be different databases, so-called LDAP directories (e.g. Microsoft Active Directory), or complex Identity Management systems. The access gateway must be able to authenticate accessing users against as many of these enterprise identity sources as possible. DRAM solutions work with identities in on-premise solutions, in a hybrid model, and in pure cloud environments.

Identity Federation

The current trend is to use external identity sources (called Identity Providers). Foreign web services allow you to log in with a Facebook account or via Google. Banking identity is also in vogue in the Czech Republic and is gradually paving its way into Czech eGovernment, where citizens can log in to state services using their internet banking login details. The DRAM access gateway allows the use of bank identity or NIA.

Integration with your applications

In order for your applications to be able to accept authenticated users from the access gateway and not show them a second login screen, they must integrate with the access gateway. The DRAM Access Gateway supports a wide range of integration options with applications via web standards, authentication protocols (e.g. SAML 2) or web services interfaces.

Contact us

We are specialists in IT processes, digitization, data protection and access management.