1 What Is Fudo ShareAccess?

Fudo ShareAccess is a scalable cloud-native platform that enforces strict security posture across multiple organizations, providing an instant, seamless, and auditable way to grant external access to privileged resources without compromising local security policies and disrupting internal workflows.

1.2 What problem does Fudo ShareAccess solve?

Fudo ShareAccess addresses the challenges in granting quick and smooth access between enterprises and third parties. It aims to simplify the process and reduce the time for granting access by eliminating the need for complex VPN and firewall configurations.

It benefits you with a faster access granting process, unified platform for managing access across organizations, simplified user experience for third parties, improved security and control for enterprises, and easy resource discovery and access requests.

Impact for the Enterprise:

• Faster Onboarding – Reduces vendor access setup time to minutes. 
• Eliminates Manual Configurations – No more VPN, firewall, or PAM setup delays. 
• No Third Party Identity Management – Vendors manage their own users and identities, reducing the administrative burden on the Enterprise side.
• Reduced Credential Sharing Risks – Enforces secure, identity-verified access. 
• Scalability & Operational Efficiency – Effortlessly scales across a large number of vendors.
• Robust Security Framework With Zero Trust – Strict, zero-knowledge security measures with multi-layered authentication, ensuring no sensitive data is stored.

1.3 How does Fudo ShareAccess improve the workflow for third parties?

Fudo ShareAccess significantly improves workflow for third parties by:

– Providing a single login point for accessing resources from multiple organizations.

– Dramatically reducing the time needed to gain access to required resources.

– Enabling seamless internal resource sharing by allowing users to request access to shared assets within their organization.    

– Providing a platform with low maintenance and high scalability – minimal upkeep lets the IT team focus on core tasks.

1.4 How does Fudo ShareAccess work?

Fudo ShareAccess creates a centralized, cloud-based platform where enterprises can share access to resources, and third parties can easily request and receive access. This simplifies the complex web of connections typically found in enterprise-third party collaborations.

Enterprise companies share access to their resources through the Fudo ShareAccess platform. Third parties create accounts on the platform.  When invited by the enterprise administrator, third parties can easily log in and access the shared resources.

1.5 Is Fudo ShareAccess available globally?

Yes, Fudo ShareAccess is designed to be a globally accessible platform. Users can sign up and use the service without needing to request special access.

1.6 Is Fudo ShareAccess a cloud solution?

Yes, Fudo ShareAccess is a cloud-based platform hosted on AWS (Amazon Web Services) by Fudo Security.

1.7 Where is the Cloud located?

Currently, we have two available locations:

• For EU users: Germany (EU-CENTRAL-1-FRANKFURT)
• For US users: California (US-WEST-1-CALIFORNIA)

1.8 How do I start using Fudo ShareAccess?

Visit the Fudo ShareAccess website, sign up with your email and password, activate your account through the email link, and complete the setup wizard to configure your organization.

If you want to share resources using Fudo ShareAccess:

   – Ensure you have Fudo Enterprise installed and updated to 5.5.9 version or a later one

   – Configure the connection between Fudo Enterprise and Fudo ShareAccess

1.9 Can Fudo ShareAccess be used without Fudo Enterprise?

As for now, Fudo ShareAccess is designed to work seamlessly with Fudo Enterprise for Organisation which wants to share access to resources.

But if you’re a third party that was invited to Fudo ShareAccess by another organization which shares resources you can use access to these resources with no need of having Fudo Enterprise.

1.10 Which protocols can I use?

With Fudo ShareAccess you can use SSH and RDP protocols but soon it will be expanded with HTTP, MySQL and VNC.

2 What is the process for delegating user management to vendors or other organizations?

The process of delegating user management to external organizations or contractors in Fudo ShareAccess begins by creating a trusted relationship between your organization and external parties through a federated access model. The administrator defines permissions for external users, specifying what resources they can access. External users are then granted access through secure channels, and their access requests can be verified and approved by the administrator. The entire procedure is monitored and audited to ensure security and compliance with internal security policies.

2.1 Does Fudo ShareAccess require access to internal infrastructure?

No, Fudo ShareAccess doesn’t need direct access to your internal infrastructure. It connects through Fudo Enterprise, which only requires outgoing connections to specific addresses and ports. Fudo Enterprise initiates connection to Fudo ShareAccess creating secure tunnels for further communication with possibility to establish sessions to Fudo Enterprise resources.

2.2 How does the connection work?

First of all, in order to establish connections through Fudo ShareAccess, there needs to be an instance of Fudo Enterprise connected to an Organization. While pairing both solutions, Fudo Enterprise initiates a connection to Fudo ShareAccess and creates a reverse SSH tunnel for communication and connections. This means that Fudo ShareAccess does not require access to the network where Fudo Enterprise is located. Only Fudo Enterprise needs to have the ability to connect to a specific Fudo ShareAccess address and port.

The established tunnel opens three ports on a specific organization address. The organization address is a Fudo ShareAccess address with a prefix that is automatically generated for this Organization. Ports are open on the Fudo ShareAccess side for incoming SSH and RDP connections, as well as API calls. This means that when, for example, a user tries to establish a session, the connection is made to a specific address and port for the chosen resource protocol. The connection is then redirected through the tunnel to Fudo Enterprise, and the session is recorded.

The verification of connection capability is done twice. First, the user must log into the Fudo ShareAccess panel where they can see available resources. If a resource is visible, it means the user is authorized to use it, and verification of this authorization was completed during the resource retrieval from Fudo Enterprise through the tunnel using the API and our authentication module. Then, the user can use either the web client or a native client to connect. To do this, we generate a one-time password that is used for authentication against Fudo when the session is established.

The connection works on a tunnel principle. Fudo Enterprise connects to Fudo ShareAccess, not the other way around. Thanks to this, Fudo Enterprise is not exposed to the network, and only Fudo ShareAccess has access to it.

2.3 How does the pairing process work between Fudo Enterprise and Fudo ShareAccess?

The process involves copying a pairing key from Fudo Enterprise to Fudo ShareAccess, then getting a second key from FudoShareAccess to enter back into Fudo Enterprise. This sets up the necessary connections and tunnels.

2.4 Is the connection from Fudo Enterprise to Fudo ShareAccess is done by certificate or secrets?

To set up tunnels it is an SSH connection where authentication is made using ssh keys. 

3 Do I need to purchase additional licenses for Fudo ShareAccess if I already have Fudo Enterprise?

Fudo ShareAccess licenses are separate from Fudo Enterprise and are required to enable federated access and secure communication with external organizations.

3.1 Is there a trial version available?

Yes, there’s a two-week trial period available for Fudo Enterprise users who connect to Fudo ShareAccess. The trial has limits of 10 members and one other organization.

3.2 Is the product based on a subscription?

Yes, the product is subscription-based. We offer a free plan for users who access resources from other organizations. If you have your own resources, you need to purchase a license, which includes:

• The number of members that can be active in your organization.
• The number of other organizations you can share access with.

The pricing is per active user/month and per organization/month. Currently, licenses can only be purchased on an annual basis, paid upfront for a specified number of years. Organizations can manage user activation status to optimize licensing costs. However, we plan to introduce monthly billing in the future. 

The paid option is for Organizations that have their own resources and want to share them with members of the same Organization or other Organizations. Third parties can use resources from other organizations under the free plan, treating Fudo ShareAccess as a free tool to provide their services.

3.3 Does Fudo ShareAccess create double charging for similar functionalities that Fudo Enterprise already provides?

Fudo ShareAccess and Fudo Enterprise are complementary solutions that serve different purposes. While Fudo Enterprise provides privileged access management within an organization, Fudo ShareAccess adds security layers for inter-organizational access rather than duplicating existing features, so the separate pricing structure allows for tailored solutions based on the unique needs of each organization. 

3.4 Does Fudo ShareAccess really add value compared to the already-owned Fudo Enterprise?

Fudo Enterprise provides secure on-premise management of privileged access, but Fudo ShareAccess extends this capability by enabling secure, federated access and seamless collaboration across multiple organizations and external entities such as vendors, contractors, and partners, without exposing internal systems. You can read more in point 1.2 in the FAQ.

4 How complex is it to implement Fudo ShareAccess, especially regarding port configurations and firewall settings?

Fudo ShareAccess is designed for simple and fast deployment, with configuration guides and support for common network setups. While custom port configurations and firewall rules may be required depending on your network infrastructure, the platform provides detailed documentation and support to assist with these configurations.

4.1 Does Fudo ShareAccess modify Fudo Enterprise configurations?

Fudo ShareAccess operates as an extension of Fudo Enterprise, designed to enhance access control and collaboration capabilities. While it provides centralized access control, it does not modify core Fudo Enterprise configurations. Instead, it integrates securely with Fudo Enterprise to offer additional features like federated access, seamless third-party collaboration, and remote access management.

 4.2 Where is the configuration of resources and access managed?

In the first version of Fudo ShareAccess, the configuration of resources, access, recording, and processing is managed within Fudo Enterprise, which is deployed on-premises in the client’s infrastructure. Future versions plan to move more of this functionality to Fudo ShareAccess.

4.3 How does Fudo ShareAccess handle session recording and monitoring?

Session recordings are stored on Fudo Enterprise, which is connected to Fudo ShareAccess and shares its resources. If a session is established through Fudo ShareAccess, all traffic goes to Fudo Enterprise, which is responsible for session recording.

4.4 How does the custom port generation process impact Firewall configurations?

Fudo ShareAccess has two ports that are used to connect Fudo Enterprise to it. One is for API communication and one for tunnel setup. These ports have to be configured on the firewall for outgoing traffic from Fudo Enterprise.

Additionally when the tunnel is set up, Fudo Enterprise generates random ports for RDP, SSH, Webclient and API. These ports are used for session establishment by users which have access to resources and API to get resources information by users. It is up to the user to allow connection to specific organization randomized domain address and specific randomized port to be able to connect to SSH, RDP or Webclient.

4.5 Can Fudo ShareAccess replace the need for a VPN solution?

While ShareAccess provides secure access to resources using encrypted protocols (such as SSH, RDP over TLS, and HTTPS), its primary function is to manage and secure privileged access, particularly in a multi-organizational environment. That means Fudo ShareAccess can offer secure access without the need for a traditional VPN allowing external users (vendors, contractors, etc.) to access resources without exposing internal systems and additional and complex VPN configurations.

Fudo ShareAccess can complement or reduce the reliance on a VPN for specific scenarios, but it does not fully replace the broader functionalities of traditional VPN solutions regarding all their features or scenarios.

4.6 How Fudo ShareAccess maintains performance for users in remote locations?

Fudo ShareAccess is designed to handle secure, low-latency communications between organizations. While the system’s performance can be affected by network latency in remote locations, the platform is optimized for high availability and can support users in geographically dispersed environments. For the best performance, it is recommended to maintain a well-configured network infrastructure with appropriate bandwidth and latency management.

4.7 Is there a mobile app for Fudo ShareAccess?

Yes, requests can be accepted, rejected or revoked via Fudo Officer app (iOS, Android).

5 How Fudo ShareAccess handles compliance with legal regulations in different geographic regions, especially USA and EU?

Fudo ShareAccess is designed to help organizations comply with a range of legal and regulatory requirements, such as HIPAA, GDPR, and others. The platform implements robust security architecture, including its FreeBSD foundation, zero-knowledge approach, secure encryption methods, auditing capabilities, and different deployment models suitable for specific security requirements in the USA, EU, etc. to ensure that sensitive data is handled and stored in compliance across different industry and jurisdiction standards.

Speaking of product certifications, Fudo ShareAccess is in the process of obtaining SOC 2 and ISO 27001 certifications and was originally designed to comply with the security principles of key industry standards and to provide companies with advanced mechanisms to achieve them.

5.1 Does Fudo Enterprise’s direct exposure to the internet create security issues?

Exposing Fudo Enterprise directly to the internet can pose security risks if not properly configured. It is recommended to deploy Fudo Enterprise behind a secure gateway, with proper firewall configurations and multi-factor authentication (MFA) enabled to protect sensitive resources. Fudo ShareAccess provides an additional layer of security by offering encrypted communication between Fudo Enterprise instances and external entities over secure protocols like HTTPS, RDP over TLS, and SSH.

5.2 How Fudo ShareAccess maintains security for accounts and password management?

Fudo ShareAccess ensures robust password management, including enforcing password complexity policies. User authentication data, including passwords, is securely processed temporarily during authentication and never stored in a readable form. For additional security, user credentials are managed through AES-GCM encryption with PBKDF2 key derivation.

5.3 How secure Fudo ShareAccess is?

The security of communication with Fudo is based on asymmetric cryptography (ECDSA signatures). The administrator must trust the key (e.g., by verifying the key hash through another channel) of the invited user. Without this, the user cannot perform any actions in Fudo (e.g., generate an OTP).

No one with access to Fudo ShareAccess infrastructure (such as an attacker) can generate signatures—signing is done on the user’s browser side. Only the user has access to their private keys.

6 What kind of support and documentation is available for implementation and ongoing management?

Fudo Security provides comprehensive documentation and multiple support channels to assist with implementation and ongoing management. The available resources include:

• Official Documentation – A detailed knowledge base covering installation, configuration, capabilities, etc.
• Technical Support –  Individual instructions available through email and ticketing systems for licensed customers.

If you have additional questions please write to support@shareaccess.com.

6.1 Is support available 24/7?

Yes, Fudo ShareAccess is a critical part of resource access, which requires us to maintain High Availability and constant support in critical cases.

6.2 Can I delete my account or whole organisation

Yes, please write to support@shareaccess.com

6.3 Does Fudo ShareAccess supports Fudo One?

Currently Fudo ShareAccess is not supported by Fudo One, but the integration will come soon.

7 What is the roadmap for Fudo ShareAccess future features and improvements?

We have outlined the way to enhance Fudo ShareAccess, introducing key new functionalities and platform improvements over the next few years.

Q3 2025 – Fudo ShareAccess 1.1

• OpenID Connect
• WebClient improvements
• HTTPS, VNC, database protocol support
• Notifications across Fudo Enterprise and Fudo ShareAccess
• Better management features, such as user groups, role-based access control, and more.
• Introduction of enhanced policy management features, allowing administrators to define independent granular access policies for different users and organizations.
• Advanced permission settings to increase security and flexibility in access control.

Q1 2026 – ShareAccess 2.0

• Transition into an independent platform for managing all resources, extending beyond Fudo Enterprise.
• Full-scale resource management, enabling users to control and monitor access across multiple platforms without requiring Fudo Enterprise as a prerequisite.
• Expanded integrations with third-party authentication providers, cloud-based IAM solutions, and enterprise security platforms.

Q3 2026 – ShareAccess 2.1

• Implementation of AI-powered breach prevention mechanisms.
• Machine learning models for detecting anomalous access patterns and potential security threats.
• Automated risk assessments and proactive security alerts to help organizations mitigate access-related risks in real time.