Combining SSO With MFA and Contextual Restrictions Protects Active Directory Identities

Combining SSO With MFA
and Contextual Restrictions
Protects Active Directory Identities

  • Customer

    SYMTA Pièces

  • Industry


  • Geography


UserLock is affordable, easy to set up, and easy to use.

Vincent Dousset CIO at SYMTA Pièces

  • Challenge: SYMTA Pièces was looking to enable single sign-on (SSO) and multi-factor authentication (MFA) for Office 365 using on-premises Active Directory (AD) credentials. They also wanted to ensure a choice for MFA that didn’t depend on a cell phone. In addition, they needed to secure VPN access with granular contextual restrictions as well as generally manage user activity.

  • Solution: After a successful trial period, SYMTA quickly chose UserLock to seamlessly extend the security of their existing AD infrastructure.

  • Result: Following an easy onboarding process, UserLock now provides SYMTA employees with seamless SSO access to Office 365, allows multiple options for MFA, and has the granular contextual restrictions needed to protect external VPN access and improve overall security.

SYMTA Pièces is a French family enterprise that specializes in adaptable parts for Fiat, Ford, New Holland and Laverda tractors and harvesters.

The Challenge Secure On-Premises AD Credentials for
On-Site and Cloud Access, From Anywhere

Over the past several years, SYMTA’s CIO, Vincent Dousset, has progressively added additional security layers to network access, with the strategy to prevent an attack before it happens. He and his team have worked on employee education, run external security audits, and put in place solutions to protect passwords. They were ready for the next step: to further secure login access and improve visibility of user activity on the network.

There were two things: one being to secure VPN access for third-party consultants, the other being to use SSO to protect access to Office 365.

Vincent Dousset
CIO at SYMTA Pièces

As to the first, some of SYMTA’s third-party consultants use VPN to access the company network. A few of these had recently been pirated, so Dousset’s goal was to prevent external attackers from exploiting the VPN. He needed to protect access to SYMTA’s AD accounts, and to have ready visibility of all activity via VPN.

Second, Dousset was looking for an additional layer of protection for employee access to Office 365. He wanted an MFA solution that went beyond what native AD offered, both for on-site and remote access.

If someone happened to compromise employee credentials, he wanted to know they would be blocked by the second authentication step. He also wanted to improve IT’s visibility of user logins and behavior, while increasing management capabilities with more granular contextual restrictions.

Lastly, he wanted to find a solution that didn’t depend only on a cell phone as a method of MFA, since not all SYMTA employees have a professional telephone.

The Solution An Intuitive, Effective Solution Building on Existing AD Infrastructure

The IT team’s requirements quickly led them to UserLock after an online search.

What interested me in UserLock was not necessarily MFA right away, it was really to secure, to have an additional layer of security on top of Active Directory.

Vincent Dousset
CIO at SYMTA Pièces

His team quickly started the free trail. They liked user-friendly, intuitive interface, and found the installation and onboarding process very easy. It not only responded to their needs, but was affordable.

During the trial period the support team and account manager were very responsive, which certainly didn’t push me to look elsewhere.

Vincent Dousset
CIO at SYMTA Pièces

After two to three weeks with the free trial, SYMTA was ready to move forward.

The Benefits Internal and External Access Secured with Effective SSO, MFA and Contextual Restrictions

Dousset quickly noticed and appreciated the flexibility to choose between different authentication methods. After testing out a few options, he settled on Token2 classic tokens for all employees to use at the office (chosen because easy to use and durable in the warehouse). For remote employees, he opted for an authentication app to use with a cell phone.

I have an intern who helped set up our tokens with UserLock with no trouble. The solution is simple and user-friendly.

Vincent Dousset
CIO at SYMTA Pièces

SSO now streamlines login to various Office 365 apps, and reduces the burden on employees of entering complex passwords multiple times a day. Dousset likes that IT can choose how often to prompt for MFA at a granular level – setting a lower frequency for on-site access, but asking for MFA at each connection for remote access. This granularity falls in line with Dousset’s long-term initiatives to balance access security with employee productivity.

UserLock also allows Dousset to add an additional layer of security to third-party consultants’ VPN access. He now receives email alerts when a third-party consultant connects to the network via VPN, and he’s set up contextual restrictions by machine, IP address and more for all third-party consultants. If anyone tries to connect via VPN outside of the approved machines and IP addresses, for example, that access is now automatically blocked and the IT team receives an alert of suspicious activity from a specific third-party consultant’s AD account.

Dousset is satisfied that SYMTA now has a resilient, non-disruptive additional layer of protection that builds on existing AD infrastructure.


Get your 30-day free trial now and secure your Windows network with UserLock

Download Free Trial Discover UserLock

More Case studies?

Read more reviews from our UserLock customers.