
Accessing the ALIS BNP Paribas portal from a location not connected to the group’s internal network raises a specific technical question: what authentication mechanisms and network tools are used to authorize this external connection?
The answer varies depending on the employee’s profile, the equipment used, and the rights assigned by the IT administration. This article details the parameters that condition remote access to ALIS, the differences between internal connection and off-network connection, and the most common bottlenecks.
Related reading : The Secrets to Finding a Cheap Cruise
Internal or external ALIS connection: comparison of technical parameters
The difference between access from a workstation connected to the BNP Paribas network and remote access is not limited to the physical location of the employee. Several additional layers of security are activated as soon as the request comes from an IP address outside the group.
| Parameter | Internal access (BNP network) | External access (off-network) |
|---|---|---|
| Authentication | SSO via group IDP | Group IDP + mandatory MFA |
| Required network | BNP Paribas internal network | Group VPN or dedicated secure URL |
| Recommended browsers | Chrome, Edge, others | Chrome or Edge (most stable compatibility) |
| Prior authorization | Contract-related rights | Validation by the security administrator |
| Risk in case of non-compliance | Low (controlled environment) | Access suspension, automatic reporting |
This table highlights a often underestimated point: external access requires explicit authorization from the security administrator, whereas internal access relies on already provisioned rights. An employee attempting to connect without this validation will have their ID blocked, with no possibility of self-service unlocking.
You may also like : How to Choose the Right Sewing Machine?
To better understand how to access Alis BNP Paribas under these conditions, one must first distinguish between the two available technical paths: the group VPN and the secure URL.

Group VPN or secure URL: two remote access paths to ALIS
Not all BNP Paribas employees use the same channel to reach ALIS off-site. The choice depends on the equipment and the level of authorization.
Access via the group VPN
The group VPN creates an encrypted tunnel between the employee’s workstation and the internal network. Once the VPN connection is established, the ALIS portal behaves as if the user were physically on-site. This mode is generally reserved for professional workstations provided by the group, on which the VPN client is pre-installed.
The VPN only works on a professional workstation validated by the IT department. Attempting to install it on a personal computer will not succeed, as the machine certificate is part of the authentication process.
Access via the dedicated secure URL
For employees who do not have a VPN (some agency profiles, interns, trainees), a secure URL allows direct access to the ALIS portal from a browser. The portal address (alis.hr.bnpparibas) redirects to the group IDP, which then triggers multi-factor authentication.
However, this URL is not accessible from just any browser under optimal conditions. Chrome and Edge offer the most stable compatibility with the portal. Less common browsers may cause display errors or block MFA validation.
Multi-factor authentication MFA: the main lockout outside the network
Multi-factor authentication is the security brick that fundamentally differentiates external access from internal access. The principle relies on the combination of two distinct elements: the professional ID (what the employee knows) and a second factor (what they possess or what they are).
The second factor usually takes the form of a temporary code sent to a registered device, or validation via a mobile application linked to the professional account. Without this second factor, the connection is systematically denied, even if the ID and password are correct.
Three situations generate the majority of MFA-related blockages:
- The device associated with the MFA has changed (new phone, reset) without the employee updating their profile with the IT department.
- The time difference between the device and the authentication server exceeds the tolerance threshold, invalidating the temporary code.
- The employee is using a public Wi-Fi network whose port restrictions block communication with the MFA server.
In these cases, the dedicated channel [email protected] allows reporting an ALIS internet access issue. This address, mentioned in internal union documents, remains the most direct contact point for issues related to external authentication.

ALIS off-network and remote work: an evolving use
Remote access to ALIS is not limited to viewing a payslip from home. The portal is also used to declare remote workdays, a use that has developed with recent regulatory changes around remote work.
This function places ALIS in a particular position: the employee working remotely must access the portal off-network to declare that they are working off-site. The loop requires that remote access be reliable and smooth, or it risks creating a discrepancy between the actual situation and the administrative declaration.
Furthermore, a gradual convergence between ALIS and other digital bricks of the group (notably Workday and time and activity tracking tools) is changing the portal’s place in the HR ecosystem. ALIS is no longer an isolated portal but a connected interface to the overall HR architecture of BNP Paribas. This integration makes external access all the more strategic for mobile employees or those regularly working remotely.
The initial configuration remains key. An employee whose MFA profile is correctly recorded, who uses Chrome or Edge, and who has the group VPN or the secure URL can access ALIS off-network without particular difficulty. Blockages almost always stem from a missing link in this technical chain.