by Rebeca | May 4, 2020 | Definitions
Authentication is basically the problem of taking a real world person who’s sitting in front of a computer and working at who they are, in other words, working at, which particular piece of information that we’ve got in our identity store, relates to that person, so we’ve got to tie these two things together.
In the world of identity, you would probably have some kind of login page, and these applications would send the user to this login page where they authenticate or type in some information that only they know, most of us have used a username and password or something like that to authenticate ourselves, the identity system takes this information and does some magic make sure that it is indeed you and can now tell each one of these applications that user has logged in.
The application is just saying, tell me who this is and so I don’t need to build blogging pages for every single app and all of the applications can take that same log in.
How to authenticate in different ways?
There’s a lot of complexity because everybody wants to determine who the user is in a different way.
We’ve all used banking applications where you’ve got a username and password and some magic pin or there’s other applications where you have to use some kind of secret token that gets emailed to you, so each one of these are different ways of determining who the user is.
Could be the user authentication is based on sorts of different things.
What that means is that behind this it’s not just one single authentication, we want to have the possibility to use a whole range of different kinds of authentication, or, different authentication modules. It is important that the identity system be able to support those different levels, in fact, to be customized, because each customer may want to do additional things when they authenticate a user.
Well I think that gives a good introduction about what authentication is.
by Rebeca | Mar 4, 2020 | Definitions
Date today the computers give us real access to resources on computers let’s say a web app, in order for that web app to work with people it needs to know who you are.
Traditionally, what ends up happening is that they have a big database with all the information about that user, when you log into the app, sure! that you can get your email and you can get all these things that this application knows about you and works with you and we have a happy user out here and that’s really what the identity is there for it so that this digital app can know things about you and deliver content to you.
That’s just one app if I want another app, what do I have to do? In that old world we just do it again.
Now both apps knows about you too so you have Joe developer in app1 developing identity and you have Joe developer in app2. If a third app is needed then, we just do it again.
That solution doesn’t seem to be terribly efficient, because every app may be storing different things about you.
That’s a problem! So, what’s the solution?
The solution is to bring all of those different databases into one place and manage them centrally and they call that an identity, having one big shared database down here in our identity system so that all of these applications can get the information they need about this one single user, and the really cool part is that one single user only has to tell the identity system who they are once, and they can access any of these apps.
by Rebeca | Feb 4, 2020 | Release
Once again!
New Soffid version is available for the end users at http://www.soffid.com/download/
New features:
– Improved compatibility with Oracle SAML Identity provider
– Real-time connector for authoritative sources.
– Moved all hashing algorithms to SHA-256
– Enable sync servers with arbitrary TCP ports
– New remote and gateway types of sync servers.
– Integration with new self-service browser extension
– Impact analysis
– Improved performance of custom fields.
– Do not start console until the database is available.
– Improved performance for complex SCIM queries
Fixed bugs:
– Application menu did not work in secure mode
– Recover from linotp failure.
– Enable OTP for inbox page.
– Fixed compatibility with SSL-only SMTP servers
by Rebeca | Oct 12, 2019 | Uncategorized
What is recertification?
Access recertification is an IT control that involves auditing user access privileges to determine if they are correct and adhere to the organization’s internal policies and compliance regulations.
Access recertification is typically the responsibility of the organization’s Chief Information Security Officer (CISO) or Chief Compliance Officer (CCO) and may also be known as access attestation or entitlements review.
Below are the two most relevant standards related to the information security with worldwide recognition that will help your business to be stronger and more secure. Both have recertification in its specification.
Take your business up to date
Whether your business already have Soffid IAM or implemented the ISO 27001 and PCI-DSS, or you are yet analysing a solution for these potential risks, Soffid IAM with our Recertification process will help you and go along you in this process to ensure the right access of all your users.
Soffid IAM with the Recertification Addon is the best choice to take your business up to date related to the data information security.
Benefits of recertification in Soffid IAM
Soffid IAM manages the complete access Recertification workflow to generate new certificates for certain applications and certain users, all completely integrated in the Soffid IAM core and workflow engines. Therefore, a complicated process has been made simple and fully transparent to the end user.
Definitely, the advantages of applying Recertification to your company gives you multiple advantages, as we can see below:
- Allow to the CISO to manage together with the manager of the resources and the users that every person has the correct permissions during the correct period of time.
- Comply with legal requirements and to certificate the ISO 27000 and PCI-DSS. Every time there are more laws, regulations and contractual requirements that must be met.
- Improving the organization. Defining processes, procedures and policies improves the organization’s base and helps you to achieve sustainable and controlled growth.
- Get lower costs due to avoiding security incidents. The costs of prevention are lower than the cost of the problems and their solutions once they have been produced.
- Provides a competitive advantage. Customers are confident that their data will be secure and therefore will rely more on your company.
Simple install and configure
With our Recertification Addon you could make possible that your organization to be reviewed and validated easily, and make sure that all users have the correct permissions.
Once you have Soffid IAM in your company, you could add the recertification process functionality in a easy way. You only have to do the next steps:
Step 1. Upload the addon
In order to install it is needed to upload the Recertification Addon.
You can download it from hour Download Page.
Step 2. Upload the workflows
Now you have to upload the following workflows:
Recertification process (The starter workflow)
Recertification group process (Authorized users review)
Recertification user process (Users permissions review)
You can download them from your Download Page.
Step 3. Configure the managers
Configure correctly the user managers and the role owners and finally the users with the authority to start a Recertification process.
Step 4. Enjoy
And that’s all! Now you could execute or schedule Recertification processes in your company.
How it works in Soffid IAM
Access recertification can be carried out manually or programmatically.
The first step in a recertification process is to extract and collate the information from the organization’s IT and business systems and distribute it in a format that will allow each manager to easily see what privileges each of his or her employees has been granted.
Managers are then given a deadline for reviewing the information to flag inappropriate access and verify appropriate access.
In large organizations, access governance software (Soffid IAM) can be used to automate the recertification process (Recertification Addon) and ensure that audits occur on a regular basis.
Once the information has been extracted and normalized, the software uses a message template to issue recertification requests.
If the recipient of the recertification request fails to respond within a specified time period, the software can handle the situation in different ways: it could delegate the review to another manager or to his boss or it could freeze all the entitlements not reviewed for a long time.
During all this process, authorized users can look up the recertification process status and its information in Soffid IAM.
About ISO 27000
ISO 27001 is an international standard that describes how to manage information security in a company. Its main mission is to protect the confidentiality, integrity and availability of information in a company.
Recertification is described in the ISO 27002 (annex of the ISO 27001) in the Activity 11.2.4: «Review of user access rights. Management should review users’ access rights at regular intervals using a formal process.».
http://bcc.portal.gov.bd/sites/default/files/files/bcc.portal.gov.bd/page/adeaf3e5_cc55_4222_8767_f26bcaec3f70/ISO_IEC_27002.pdf
About PCI-DSS
PCI-DSS is a standard of data security for the credit card industry, and applies only to companies that process, store, or transmit credit card data. For these companies, compliance with the standard is obligatory, though depending on the volume of cards processed, different requirements or obligations may apply.
Recertification is described in Requirement 7.2: «Establish an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.».
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1538124502716
by Rebeca | Jul 15, 2019 | Single Sign On
Password Sync:
Is the simplest solution implemented by Soffid to succeed with the SSO, connecting the different identity databases via sync servers and assuring via manual or automated reconciliations that, all the ID’s are in full sync.
Standard protocols:
Soffid supports the most common SSO protocols as Openid Connect or SAML 2.0.
Open ID Connect, allows for clients of all types including browser-based, mobile, and javascript clients, to request and receive information about identities and currently authenticated sessions and SAML 2.0 protocol, where soffid, supports the Web Single log out and the session management.
Web Single Sign On:
This is the «bridge» solution implemented by Soffid for the Apps that do not support the Identity Providers as SAML or Open ID and for all smart or remote devices such as pc’s, tablets or smartphones.
Enterprise Single Sign On:
Installed at workstations, simplifies the user log in to all the company apps due to sync servers and injecting the credentials every time is needed reducing inefficiency, IT incidents and clearly increasing productivity.
Three simple ways to succeed with Soffid on Identity & Access Management.
