You are at home, on the move, or in a coworking space, and the Alis portal refuses to open. The screen displays an unusual authentication page, or worse, a complete block without an explicit message. For BNP Paribas employees, accessing HR services from outside the internal network follows very different rules than connecting from the office. This guide details the mechanisms at play and the concrete steps to regain access to your employee space.
Zero Trust Authentication: What Changes When You Leave the BNP Paribas Network
At the office, your workstation is recognized by the internal network. Accessing Alis is almost seamless, often with a single click via SSO (Single Sign-On). Off-site, this convenience disappears.
Further reading : Practical guide to replacing the ink cartridge on a Canon TS3151 printer
BNP Paribas applies a so-called Zero Trust model for every remote connection. In practice, the system trusts neither your device, nor your Wi-Fi network, nor your location. Each connection attempt is evaluated based on several criteria: the device used, the geographical area, the time, and the reputation of the IP address.
Specifically, even if you enter the correct username and password, an additional verification step may arise. A code sent via SMS, a validation on an authentication app, or even a temporary denial if the context is deemed suspicious. This is not a bug; it is the normal operation of the security system.
See also : Practical Guide to Obtaining an Online Tax Access Number
The authentication page you see off-network is not the same as the one at the office. The portal redirects to the domain login.extidp.bnpparibas, the group’s digital identity platform. This interface centralizes access to all sensitive applications, not just Alis. If you land on this page, you are in the right place.
Before attempting anything, it may be helpful to consult a comprehensive guide on how to connect to the BNP Paribas Alis extranet from outside.
VPN, Managed Workstation, or VDI: Which Remote Access Channel to Use for Alis
Not all employees take the same path to reach Alis off-network. The channel depends on your status and what your IT department has authorized.
The VPN Provided by BNP Paribas
The most common case for employees on permanent or fixed-term contracts with a work computer. The VPN creates a secure tunnel between your workstation and the internal network. Once connected, Alis behaves as if you were in the office. The VPN must be activated before opening Alis, not after. Launching the browser first and then the VPN often causes a session conflict.
The Virtualized Workstation (VDI)
BNP Paribas has strengthened the requirement in recent years to use a virtualized session, especially for contractors, temporary workers, and consultants. The principle: you connect to a virtual desktop hosted by the bank, and it is from this desktop that you access Alis. Your personal computer never directly touches HR data.
Direct Access via the Browser
In some cases, employees can access Alis via the URL alis.hr.bnpparibas from a standard browser, without a VPN. Authentication then goes through the extidp.bnpparibas portal with enhanced verification. This option is not available to all profiles.
Here are the points to check before choosing your channel:
- Has your IT department enabled remote access on your account? Without explicit authorization from the security administrator, no channel will work.
- Are you using a work computer provided by BNP Paribas or a personal computer? Contractors on personal computers are increasingly redirected to VDI.
- Is your authentication badge or token up to date? An expired certificate blocks the connection without a clear error message.
Common Blocks Off-Network and Reflexes to Adopt
The majority of connection failures to Alis from outside do not stem from a technical issue on the BNP Paribas side. They result from a configuration detail on the user side.
Public or hotel Wi-Fi often filters VPN ports. If your VPN refuses to connect in a café or hotel, the local network is likely blocking the protocol used. Switching to tethering from your phone resolves this issue in most cases.
A browser with too many active extensions (ad blockers, third-party password managers) can interfere with the extidp.bnpparibas authentication page. Test in private browsing: if the connection works, an extension is the culprit.
Your computer’s clock also counts. Authentication protocols check the system time. A discrepancy of a few minutes between your workstation and the server can cause a silent rejection. Enable automatic time synchronization in your operating system settings.
Phishing Targeting HR Access: Why Vigilance Remains the First Filter
Phishing campaigns targeting the HR and payroll portals of major banking groups have recently increased. BNP Paribas has also strengthened its internal communication on this subject.
The classic scenario: an email mimicking an Alis notification invites you to “check your payslip” or “update your bank details.” The link points to a copy of the login page. The entered credentials are captured immediately.
Three concrete reflexes help avoid the trap:
- Always check that the URL in the address bar ends with .bnpparibas and not with a similar variant (.bnp-paribas.com, .bnpparibas-rh.fr, etc.).
- Never click on a link received by email to access Alis. Type the address manually or use a saved bookmark.
- If in doubt after clicking, change your password from a secure workstation and inform your IT department without delay.
A compromised Alis access exposes your payroll data, your bank account details, and your personal information. The speed of response makes all the difference between a contained incident and a personal data leak.
Remote access to Alis is not mysterious, but it requires adherence to every link in the security chain. The right channel, the right equipment, a verified URL: these three points resolve the vast majority of blocking situations.