The use of HAN in the industry

The guidelines

  • Secure access to password-protected online accounts (suppliers, CRM systems, ERP systems, bank accounts, etc.)
  • Prevents abuse when employees leave the company taking knowledge of online access information with them
  • Simplified administration of user groups authorized to access online accounts

The realization

In a typical company there are many password-protected online accounts on all kinds of internal and external systems: for example, the purchasing department has accounts on suppliers' systems; the sales department has CRM accounts; the accounting department has electronic access to bank accounts; the production department has ERP accounts. When an employee leaves the company, the accounts he or she used are usually not locked, nor is the login information changed. As a result, there is a danger that the employee who has quit - or even gone over to a competitor - can still access the protected information.

HAN eliminates this danger, because only the system administrator knows the login information for the password-protected online accounts. When users access an online account, HAN performs the authentication checks and then forwards the protected content transparently. The user doesn't see the content provider's login page, nor the login information that HAN submits in the background.

Because all login data is hidden from the users, there is no risk of abuse when a user leaves the company. Furthermore, access rights to specific online accounts can be defined in HAN by Active Directory (AD) group membership, IP addresses, or stations. This means that the group of users authorized to access a given online account can be extended easily and securely. At the same time, when a user leaves the company and is deleted from AD, HAN automatically denies him or her access to all online accounts previously used.

The guidelines

  • E-resource access statistics by user, station or department
  • Statistics over all providers, by user, station or department
  • Accounting by actual use frequency, time, and document type

The realization

A large industrial company operates an internal IT department as a profit center. HAN records uniform data on the use of all centrally managed e-resources from all providers, and displays statistics in the form of "views". The monthly usage data recorded in this way is used to charge individual cost centers based on actual use. Each user receives individual usage data in numeric and graphic form as an accounting statement.

The guidelines

  • Different departments purchase different e-resources, and hence should have different use privileges
  • Exemption from the obligation to purchase site-wide licenses based on the fact that the company is represented by a single public IP address
  • Individual and departmental restrictions on access to e-resources using AD as the primary authentication system

The realization

A given company uses a single public IP address on its Internet gateway. As a result, even though certain e-resources are only needed by individual departments or user groups, the company would ordinarily be obliged to purchase site-wide licenses. But because HAN provides the option of assigning e-resource use rights to individual users, user groups, stations or groups of stations, the use of the e-resources can be very finely controlled behind the Internet gateway in spite of the technical limitation of the single public IP address. Thus the number of licenses required for e-resources is reduced to the actual number of users concerned. HAN communicates with the publishers of the e-resources using a specified IP address, but at the same time ensures that only those users who are authorized by the system administrator have access to the e-resources.