by Rebeca | Aug 23, 2018 | Release
We have great news, Soffid Version 2.3 is here.
We are very excited to announce that version 2.3 of the Soffid Console and Soffid Sync server have been released.
This version includes many improvements, the greatest enhancement is its performance and stability, which is of upmost importance in the production environment, for which we highly recommend this new version.
There are many user interface improvements but the most outstanding feature is a new distributed memory cache, that will dramatically improve multi node deployments.
The team of Engineers at Soffid has been working very hard to improve on earlier releases, the new version has been extensively tried and tested. Now the 2.3 version is out there, and it is time for our clients and our community to take advantage of it. We hope you enjoy it.
Please, find this new version here.
What are the new features in this version?
The list of new features is:
1) LinOTP supported
Soffid now supports LinOTP. LinOTP is a Linux based solution to manage multi factor authentication with one time password devices. LinOTP supports different authentication protocols, token types and user repositories. This feature increases log on security.
2) User experience
This version of Soffid presents several User Experience improvements. Soffid offers an improved mechanism to rename accounts and target systems, an asynchronous search for users, groups, roles and accounts. It allows users to remove networks with deleted hosts and to execute schedulable tasks regardless of whether they are scheduled or not.
3) Distributed memory cache
Soffid’s version 2.3 presents a new distributed memory cache. This distribution of cache memory will be very useful for large deployments. Furthermore it supports large quantities of information, providing more scalability than version 2.0.
4) User interface improvements
In the 2.3 version we can also find many small user interface improvements that will enhance the user’s experience. A cleaner and clearer version of the user interface which will ease user navigation. In version 2.3 the user interface also allows to remove users.
5) Global parameter to set system in read-only, manual or automatic task creation
This feature will prevent accidental modifications of target systems during configuration and test phases, improving overall security.
6) Console password is by default encrypted in configuration files
Until version 2.3 the password to access databases from the first console was in clear text, from now on it will be obfuscated to prevent misuse.
7) Some minor bugs are also fixed within this version
We are always eager to listen to what users think of our improvements. We are also looking forward to hearing your suggestions for future Soffid versions.
Your valuable feedback is always appreciated.
The Soffid team
by Rebeca | Jan 16, 2018 | Release
As we announced when we released our 2.3 version, Soffid now supports LinOTP. As we briefly explained in our 2.3 version release announcement, LinOTP is a Linux based solution to manage multi factor authentication with one time password devices. But what does this mean for Soffid’s users?
LinOTP is an open source authentication server, as you know we are all about OS.
Over the years, and even more so in recent years, it has become apparent that protecting our employees and customers details from possible hacker attacks it’s crucial. Attacks have become more regular and across all sectors. In order to protect our customers and company’s data the industry has had to get creative, a password it’s just not enough any more and that’s where OTP comes in, as the name suggests (One Time Password) these are passwords that can only be used once, they may be a PIN sent via SMS or a series of numbers on a security token, etc. Once upon a time this type of security level was only used in banks or organisations where security was a top priority, however nowadays we see all kinds of companies interested and wanting to use extra layers of security. We realised this was a pressing need for our current and prospective customers, so we had to do something about it.
We looked at different alternatives, what could we offer our customers and prospective customers? And we found LinOTP, an OS Linux based OTP with modular architecture that matched our needs, our customer’s needs and our OS philosophy perfectly. So when we developed our version 2.3 including LinOTP among the new features was a must.
Soffid’s users can now configure Soffid’s console to request the user to authenticate using a second factor authentication. Our users can now have that extra level of protection and be reassured of the added security.
A user will still authenticate using user name and password, however when trying to perform some specific tasks, a new level of authentication will be requested, this authentication will be active for a set time, once the set time has expired, a new authentication will need to be requested to perform the task. The administrator will decide which pages or services need to be protected by this OTP.
by Rebeca | Jan 2, 2018 | Uncategorized
GDPR in Soffid
Soffid IAM (Soffid Identity and Access Management) software suite covers certain parts of the European General Data Protection Regulation (GDPR). This regulation mentions that best practices should be implemented in regard to Information Systems security. Best practices in this topic are covered by ISO 27001. Therefore, this document also presents Soffid’s coverage of the ISO 27001 (Information technology — Security techniques — Information security management systems — Requirements).
Out of a total of 11 Chapters with a total of 99 Articles in the GDPR, Soffid has substantial contribution in 3 Chapter and 16 Articles. Regarding the ISO 27001, Soffid has nearly full coverage of section A.9 Access control. On top of this, Soffid contributes with coverage of control in sections A.6 (Organisation and Information Security), A.7 (Human resources security), A.8 (Asset management), A.11 (Physical and environment security), A.12 (Operations security), A.15 (Supplier relationships) and A.17 (Information security aspects of business continuity management).
Summary of the regulation
New regulation
On April 14, 2016, the European Parliament approved the General Regulation on Data Protection, with direct application in Member States.
Regulation enforcing date
The new legal framework for data protection will apply as of May 25, 2018.
Impact on processes
This normative change has a clear and important impact for the organizations, since it implies new obligations for the same that will affect not only the traditional fulfillment but also, and in a very important way, to the processes, as well as the way of analyzing the risks of privacy.
Main points of impact of the regulation:
1. The territorial scope is al EU states.
2. Data protection principles are expanded and reinforced: Limitation of purpose, data minimization, accuracy, limitation of preservation, integrity and confidentiality; and proactive responsibility.
3. Recognition of new rights to data subjects: Right to portability of data; right to oblivion; right not to be subject to decisions based solely on automated data processing – profiling; right to claim and appeal to the supervisory authority or to the person in charge.
4. Legal basis on which treatments are developed. Obtaining unequivocal consent. Specify and document legitimate interest.
5. New obligations: Registration of processing activities; Notification of security breaches; Data Protection Officer. Processes for attention to the exercise of rights
6. New paradigm in data protection: responsibility of accountability; privacy from design and default; impact assessments on data protection.
7. Self-regulation and certification: adherence to codes of conduct; establishment of certification mechanisms, seals and trademarks.
8. New sanctioning regime: penalties up to 4% of total annual global turnover.
Soffid contribution
Soffid, being an integral solution of access control and identity management, provides the following solutions (within the framework of this new regulation):
1. Organization of data by identity, unification and quality of data. Unique location of data, conservation, integrity and confidentiality of data.
2. Obtaining data, portability of data, right to forget and obtaining consents with the integration of Soffid business process manager.
3. Management of all the processes and treatments that are done to the data. Audits and reports of all operations carried out on the data, solving the obligation to have a Register on the treatment activities.
4. Notification and detection of security breaches
5. Certification process managed by Soffid.
by Rebeca | Apr 22, 2017 | Uncategorized
Gartner published the report: Options for Open Source Identity and Access Management: 2017 Update, on the 8th of March 2017.
In this report, Gartner analyses the technological state of the different open source products, it provides a comparison between them, and issues a series of recommendations for the end users.
General key findings
– Open-source software identity and access management components can provide more flexibility and adaptability than proprietary vendor components and at a lower cost.
– The majority of components come with varying levels of functionality and maturity. The end user needs to carry out extensive research to confirm adequacy of maturity and functionality for their use case.
– Support plans are available for most of their components from primary developers or their supporting partners. In some cases, there are two versions of a product: a free version and a version with more features that is only available in conjunction with a support plan.
Soffid Analysis
“Soffid is a vendor that develops and offers support for a comprehensive IAM solution that was custom-developed for the government of the Balearic Islands in Spain. With the permission of the government, the source code of the product has been released as open source. Soffid IAM consists of a provisioning system, a PAM module that includes a password vault, an ESSO component that uses access server-side credential injection, web SSO and federation functionality based on Shibboleth that supports SAML, OAuth, OpenID Connect and authorization enforcement based on XACML. The software runs on Windows and Linux; the ESSO module is supported on Windows and Ubuntu Linux. It includes a synchronization engine that also supports reconciliation and comes with several connectors, including SAP. Role management and recertification is also supported. The product has recently been extended to include rapid configuration capabilities and integrated with Jasper Reports.
Functionality: (Medium to High). Soffid has one of the most comprehensive list of IAM features of products reviewed in this report. It is also the only product set from one vendor that includes ESSO and PAM functionality.”
For more information please read the full report here.
by Rebeca | Jan 10, 2017 | Release
This is big news, Soffid Version 2.0 is here.
We are pleased to announce that version 2.0 of the Soffid Console and Soffid Sync server have been released.
This version includes a lot of improvements with respect to previous versions, and it is indeed a lot more than an incremental improvement of the software. This version includes functionality, as well as User Experiency improvements together with enhancements in performance. The team of Engineers at Soffid has been working hard to get this version out there, and now it is time for our clients and our community to take advantage of it. We hope you enjoy it.
Please, find this new version here.
The list of the new features that we are including in this version 2.0 are:
1) Multi-tenant functionality
Now Soffid has multi-tenant functionality. One individual instance of Soffid can manage more than one tenant, thus from a single Cloud instance Soffid can handle Identity and Access management for different clients or different companies. This feature will enhance operations for multiple of our clients.
2) User Experience improvements
This version of Soffid presents several User Experience improvements. For instance, Soffid now offers autocompletion in role and application searches, dynamic filters are now substituting the old static filters, and we have added multiscreen configuration pages for custom object definitions.
3) Great performance improvement
An extra layer of reconciliation intelligence has been added into Soffid to produce an initial grouping of tasks related to the same object before commiting changes to the database. This allows for faster speed in tasks completion and a huge increase of performance in bulk processes.
4) SCIM server
Soffid now offers a SCIM server RESTful API service. Full control of actions in Soffid can be done through this new RESTful service to enhance integration with other services or other third party applications. Everything is following the SCIM standard.
5) Custom objects
This version of Soffid introduces for the first time Custom Objects as part of the Soffid data model. With these new type of objects, the administrator may define new multidimensional attributes to every user such as Tablet (with all their identification data) or mobile phones (including their SIM and serial numbers) all encapsulated in the same object. There is also a specific pane to define the characteristics of the custom objects. This gives a big amount of flexibility to the tool. We hope our customers enjoy it.
6) Soffid is now enabled to work as Software as a Service
Version 2.0 is cloud ready! For the very first time, Soffid is now ready to be installed fully as Software as a Service. Current and future users of Soffid can now decide if they want to still host the Soffid instance on premise or if they want to migrate to a cloud installation. This will mean a big smoothing out of operations and maintenance costs.
7) TomEE is now the JEE platform (substitution from JBoss)
Soffid has migrated from JBoss to TomEE as the current JEE platform. TomEE offers better memory handling, it is faster and it is more reliable.
8) Control measures to avoid accidental mass changes
Soffid has incorporated in this version also a control measure to avoid accidental massive changes in the repository. This has been added to Soffid to avoid that massive changes in a certain target system propagate to the central system of Soffid even if they were due to a malfunction or an accident on the target system. To avoid these circumstances, a threshold of maximum allowable actions can be defined in Soffid. If this maximum is reached, Soffid will mark all such tasks as pending, and will prompt the administrator for confirmation. Just an extra step of control that prevents possible operational crisis.
9) Some minor bugs are also fixed within this version
We are always eager to listen what users think of these improvements and we are also looking forward to hearing for more suggestions for our future Soffid versions.
We always appreciate your valuable feedback.
