SFA: Nexus’s authentication software lets us stop using VPN

The French company SFA Group is using the authentication software Nexus Hybrid Access Gateway to give its employees secure and smooth access to internal applications – wherever the employees are, and on whatever device. “Hybrid Access Gateway offers single sign-on, and doesn’t require installations on the clients. It’s a much better solution than VPN, for both the user and the IT department,” says Frédéric Carricaburu, CIO of SFA.

SFA is active in two very different areas: journalism and bathroom appliances.

“We publish several news magazines, well-known in France, and we manufacture toilets, bath tubs, showers, shower doors and other similar products”, says Carricaburu.

The headquarters and the three manufacturing plants are all in France, but the company has 25 sales offices around the globe.

Access from all devices

“We have more than 1,000 employees, who need to be able to access a range of internal applications. Earlier, we used VPN (virtual private network), but it was not a good-enough solution. Firstly, we had to install a VPN client on the user’s device and configure it. The problems with this were that there were no clients for mobile devices or Macs, and in addition, many of our employees are using their private devices to access our applications,” says Carricaburu.

With Hybrid Access Gateway, it is possible to securely access SFA’s internal applications from all devices, without any client installation.

“Another problem with the VPN solution was that it was too complicated for some users – it was not possible to get the journalists to use VPN. To now have them happily using Hybrid Access Gateway is very satisfying,” says Carricaburu.

Easier for the IT department

A third problem with the VPN solution is that it was complicated and time-consuming for the IT department to manage, says Carricaburu.

“We are securing 15 internal applications with Hybrid Access Gateway, including the email server, business intelligence server, dedicated applications for the press industry, file server, document management system and internal IT applications. But we didn’t secure all of them with the VPN solution, since it was too complicated. And even though we now have secure remote access to more applications, we save time, since we don’t have to install and configure clients on the users’ devices,” says Carricaburu.

Opting for Hybrid Access Gateway was not a hard decision, says Carricaburu.

Users only have to log in once

“It was the only solution that could do what we wanted and needed. That it provides single sign-on is important, since it means that the user only has to login once to reach all our internal applications. Hybrid Access Gateway is very easy and straight forward to use,” says Carricaburu.

SFA has now been using Hybrid Access Gateway for six months, and in another six months, the VPN solution will be phased out.

“We began using Hybrid Access Gateway in France, and then Turkey, China and Japan. We take one country at a time – we can’t migrate from VPN to Hybrid Access Gateway simultaneously all over the world,” says Carricaburu.

Wide range of authentication methods

Hybrid Access Gateway provides off-the-shelf support for a wide range of two-factor authentication (2FA) methods, such as mobile apps, one-time passwords (OTPs), smart cards and software tokens.

“We have started out very basic, and are only using a so-called challenge via Active Directory. This means that the user logs in with a static password. We have also implemented OTP, and we will probably start using it, since it will make it easy for us to give suppliers secure access to our network via Hybrid Access Gateway,” says Carricaburu.

Going forward, it is possible that SFA will start using other authentication methods too.

New documentation online

“Generally, we will go deeper into the product. We are only using 10 percent of it today. It was a bit complicated for us to get started, because the documentation was too complicated and hard to understand. But now there is brand new documentation in the online portal Nexus Docs, which is much more easily comprehendible,” says Carricaburu.

Except for the previous documentation being too complicated, SFA has not experienced any problems with Hybrid Access Gateway, says Carricaburu.

“It’s a very good solution, which helps us a lot. I really believe in Hybrid Access Gateway”, says Carricaburu.

Choose another case