Configuration wizard

Configuration wizard

⏰ Getting started

Introduction

Soffid provides you a 360° perspective of the identities of your organization employees, providers and customers:

Screen overview

IGA

Identity Governance Administration

IGA

Connect Soffid IdaaS to your on-premise network

Description

In order to manage your information system, a component named Sync Server must be installed along with Soffid Console. You must choose one platform as your Sync Server Soffid host and follow the instructions.

Once you have run the corresponding scripts, Soffid will detect the new Sync server. You could check the new Sync server on the Synchronization servers page.

Step-by-step

1. First, you must select the platform and click the Next button

image-1677150674570.png

2. You must follow the instructions depending on the previous selection.

2.1. Debian, Ubuntu, or any other Debian derivatives

image-1677150856900.png

2.2. Redhat, Centos, or Suse

image-1677150880354.png

2.3. Windows

image-1677150906931.png

2.4. Docker 

image-1677150930165.png

3. Finally, Soffid will detect that the Sync Server has been successfully installed and you can click the Finish button.

image-1677151000904.png



IGA

Create identities (manually, CSV file or authoritative source)

Description

You need to register the identities to manage and protect them. This wizard allows you to choose the easiest way to do it.

Step-by-step

1. First, you must select one option to register the identities. Soffid allows you three options.

image-1677151715487.png

2. You must follow the  steps, depending on the selected option:

2.1. Load from a CSV file: this option allows you to load identities from a CSV file.

2.1.1. First of all, you need to pick up the CSV file.

image-1677151980079.png

2.1.2. Second, Soffid will display the file data to check contents

image-1677152756166.png

2.1.3. Then you must select the proper mapping for each CSV file column. And finally, click the Import Button and Soffid will add the identities to the platform.

image-1677152797214.png

2.1.4. Soffid will display the result of the process.

image-1677152920695.png

2.2. Configure an authoritative data source to always have up-to-date information: this option allows you to configure an Active Directory agent, or a Relational database agent to load the identities.

Once the process will finish, you could check the new agent on the agent's page Main Menu > Administration > Configuration > Integration engine > Agents

For more information about the agents, you can visit the Agents page.

image-1677152049535.png

2.2.1. Active Directory

image-1685436631243.png

2.2.2. Relational database (SQL)

image-1685436774882.png

2.3. Register them manually: this option browses to the User page to register the identities manually

image-1677153597024.png


IGA

Add applications

Description

The wizard allows you to add Applications or Information Systems to Soffid as well. The wizard allows you to choose from an application list. Once you choose one of them, you must fill in the required fields to connect to this application. Then the Reconcile process will be launched.

Step-by-step

1. First, you need to select the proper application to add. Soffid provides you a huge application list to configure.

image-1677497120165.png


2. Once you select the application, you must configure the connection parameters.

image-1685437011704.png

3. Then, Soffid allows you to choose the strategy to load accounts.

image-1685437664369.png

4. Then Soffid will run the reconcile process

image-1678090555705.png

5. Finally, the process ends.

image-1685437831278.png

IGA

Design user life cycle workflows

Description

When you select the option "Design user life cycle workflows", Soffid will browse to the BPM Editor page, where you could define new workflows or import existing workflows from a file.

For more information, you can visit the BPM Editor book.

Screen overview

image-1676907389549.png

IRC

Identity Risk & Compliance

IRC

Create SoD matrix

Description

The segregation of duties (SoD) is a fundamental element of internal controls, defined to prevent error and fraud. Segregation of duties ensures that at least two individuals are responsible for the separate parts of any task.

You can find additional information by visiting the Segregation of Duties page.

Step-by-step

1. First, you must select the Create SoD matrix and click the OK button.

image-1676992791359.png

2. Once you click the OK button, Soffid will browse to the Segregation of Duties page in order to add a new  SoD

image-1677072359690.png

3. Finally you must save or Apply changes to save the SoD.

image-1677499985787.png

Standard attributes

IRC

Schedule weekly risk report

Description

The wizard allows you to schedule a new Weekly risk report. It is a document that provides an overview of the potential risks. The information in this document is related to the rules defined in the SoD. 

For more information, you can visit the Scheduled reports page.

Step-by-step

1. First, you must select the Schedule weekly risk report and click the OK button.

image-1676993208396.png

2. Then, Soffid will browse to the configure report page and allows you to configure the Weekly risk report.

image-1676994262683.png

3. Finally you must accept the changes, and the report will be displayed on the Scheduled reports page

image-1677500269887.png

Standard attributes

For each value of month, day, hour, minute, or day of the week:

 
IRC

Design a recertification campaign

Description

The wizard allows you to create a new recertification campaign. To be able to do this, Soffid has created two recertification policies, All permissions and Critical permissions.

For more information, you can visit the Recertification book.

 

Step-by-step

1. First, you must select the Design a recertification campaign and click the OK button.

image-1676994032726.png

2. Then Soffid will browse the New recertification campaign

image-1677073016957.png

3. In this step you must write a campaign name and select a template.

3.1. Complete access review

3.1.1. Write a name, select the Complete access review, and click the Next button

image-1677501842688.png

3.1.2. Select the group or groups to apply the campaign and click the Next button

image-1677502241149.png

3.1.3. Select the Information systems  to apply the campaign and click the Finish button

image-1677502349343.png

Standard attributes



IRC

Create advanced authorization rules

Description

This wizard allows you to browse the XACML Policy Management page to create new policies to add more complex and restricted rules to the authorizations.

For more information, you can visit the XACML page.

 

Screen overview

image-1676994068147.png


Screen overview

PAM

Privileged Access Management

PAM

Discover your assets

Description

Soffid allows you to configure the network discovery tool in a way to run the process to identify any asset present in your network.

For more information, you can visit the Network discovery page.

Step-by-step

1. Once you select the Discover you assets option, Soffid will display the form to fill in.

2. You need to register your network data and click the Next button.

image-1677074814027.png

3. You need to register an account. You can choose to register a new one or to use an existing account.

3.1. If you select the Register a new account option, you must fill in the Login name and the password and click the Apply changes button

image-1677075386016.png

3.2. If you select Use an existing account, you must select an existing account in the system and click the Apply changes button.

image-1677663289187.png


4. Soffid display this message to indicate the network discovery is in process

image-1678181171257.png

5. If you click the Finish button, Soffid will display the Network discovery monitoring.

image-1678181285472.png

PAM

Publish accounts in the password vault

Description

This wizard allows you to publish some accounts in the password vault in order to save and manage these accounts and their password.

For more information, you can visit the Password vault page.

Step-by-step

1. Once you select the Public accounts in the password vault option, Soffid will display the following wizard 

2. You must select the accounts you want to publish and click the Next button.

image-1677665161084.png

3. Then, Soffid will configure the password vault.

image-1677665252320.png

4. When you click the Finish button, Soffid will browse to the Password vault page. On this page, you could check and update the permissions.

image-1677665399042.png

image-1677665440094.png

PAM

Create monitoring and recording policies

Description

PAM policy is a subset of cybersecurity policies that deal with privileged access. This determines which users can have privileged access to specific systems, when, and for how long.

You can check the policies in the following menu option: Main Menu > Administration > Configuration > Security settings > PAM policies

For more information, you can visit the PAM policies page.

Step-by-step

1. Once you click the Create monitoring and recording policies option, Soffid will create a default policy.

image-1678104384200.png

2. When you click the Ok button, Soffid will browse to the created policy and allows you to update the default configuration.

image-1678106829891.png

PAM

Create MFA policies

Description

This wizard allows you to configure the access control rules for Soffid Console. By default, an OTP will be required to access to the Password vault or application menu.

You can check the configuration in the following menu option: Main Menu > Administration > Configuration > Security settings > Authentication

For more information, you can visit the Two-factor authentication (2FA) book and the Second Factor Authentication configuration

Step-by-step

1. Once you select the Create monitoring and reporting policies option, Soffid will launch the following wizard

image-1677142847903.png

2. If you click the Apply now button, Soffid will browse to the Authentication page, allowing you to configure the Second Factor Authentication.

image-1677146097093.png

3. To confirm the changes, you must click the Confirm changes button.

AM

Access Management & SSO

AM

Create identities (manually, CSV file, or authoritative source)

Description

You need to register the identities to manage and protect them. This wizard allows you to choose the easiest way to do it.

Step-by-step

1. First, you must select one option to register the identities. Soffid allows you three options.

image-1677151715487.png

2. You must follow the  steps, depending on the selected option:

2.1. Load from a CSV file: this option allows you to load identities from a CSV file.

2.1.1. First of all, you need to pick up the CSV file.

image-1677151980079.png

2.1.2. Second, Soffid will display the file data to check contents

image-1677152756166.png

2.1.3. Then you must select the proper mapping for each CSV file column. And finally, click the Import Button and Soffid will add the identities to the platform.

image-1677152797214.png

2.1.4. Soffid will display the result of the process.

image-1677152920695.png

2.2. Configure an authoritative data source to always have up-to-date information: this option allows you to configure an Active Directory agent, or a Relational database agent to load the identities.

Once the process will finish, you could check the new agent on the agent's page Main Menu > Administration > Configuration > Integration engine > Agents

For more information about the agents, you can visit the Agents page.

image-1677152049535.png

2.2.1. Active Directory

image-1685436631243.png

2.2.2. Relational database (SQL)

image-1685436774882.png

2.3. Register them manually: this option browses to the User page to register the identities manually

image-1677153597024.png


AM

Add applications

Description

This wizard allows you to add a new Service Provider, that is, to configure an application that relies on an Identity Provider (IdP) to authenticate users and provide access to its services.

To be able to add new applications (SP), you must install the Federation Addon.

Step-by-step

1. If you have not previously installed the Federation Addon, the first time you select the Add application option, Soffid will require to install the Federation Addon.

image.png

When you click the OK button, Soffid will browse to the Soffid Download Area where you can find the Federation Addon. To install Federation Addon you can follow the steps How to install Federation in Soffid?

2. Once you select the Add application option, Soffid will display the wizard to register the Identity Provider, if it does not exist previously.

image-1706615738719.png

3. You must select the application you want to add.

image-1678779815350.png

3.1. Soffid app:

3.1.1. The Finish step will be displayed.

image-1678779871340.png

3.1.1. If you click the Finish button, Soffid will display the Service Provider page.

image-1677671303079.png

3.2. AWS app:

3.2.1 Soffid will download the proper certificate.

image-1677672235598.png

3.2.2 Once, you download the certificate, Soffid will display the Configure application step. You must follow the indicated steps at this point and click the Next button.

image-1677672319865.png

3.2.2 Then, you must upload the metadata of your service provider and click the Finish button.

image-1677672438056.png

3.3. Google workplace app:

3.3.1 Soffid will download the proper certificate.

image-1677672235598.png

3.3.2 Once, you download the certificate, Soffid will display the Configure application step. You must follow the indicated steps at this point, fill in the Domain, and click the Next button.

image-1677682975815.png


3.3.3 Then, you must click the Finish button.

image-1677683080657.png

3.3.4 Finally, Soffid will browse to the Service Provider page where you can finish the Service provider configuration.

image-1677683851230.png

3.4. Microsoft 365 app:

3.4.1.  When you select this option, Soffid will display the Configure application step. You must follow the indicated steps at this point, and click the Next button.

image-1677683934770.png

3.4.2 Then, you must click the Finish button.

image-1677683080657.png

3.4.3 Finally, Soffid will browse to the Service Provider page where you can finish the Service provider configuration.

image-1677684047850.png

3.5. OpenID app:

3.5.1.  When you select this option, Soffid will display the Configure application step. You must configure your Service Provider, and click the Next button.

image-1677684651700.png

3.5.2.  Then Soffid will return you the Client id and Client secret

image-1677684676985.png

3.5.3 Then, you must click the Finish button.

image-1677683080657.png

3.5.4 Finally, Soffid will browse to the Service Provider page where you can finish the Service provider configuration.

image-1677684869231.png

3.6. SAML 2.0 app: 

3.6.1 Soffid will download the metadata XML file.

image-1677686059860.png

3.5.2 Once, you download the metadata file, Soffid will display the steps to follow.

image-1677686120040.png

3.5.3 Then, you have to upload the metadata file generated by the Service Provider 

image-1677686216222.png


AM

Create MFA policies

Description

This wizard will help you to configure multi-factor authentication in order to expand security. This process requires users to provide two or more forms of identification before being granted access to a system or application.

For more information, you can visit the Two-factor authentication (2FA) book.

Step-by-step

1. If you have not previously installed the Federation Addon, the first time you select the Create MFA policies option, Soffid will require to install the Federation and the OTP Addons.

image.png

2. Frist, you must select the authentication factor to use

image-1677146953516.png

3. Second, you must select the delivery method to use. If you select the second option, you have to select the users to whom the instructions will be sent.

image-1677147051712.png

4. Next, you must select which users will have the second authentication factor activated.

image-1677147755823.png

5. Finally, the changes will be applied and the process will be finished.

image-1677147905326.png

AM

Create adaptive authentication rules

Description

Adaptive authentication rules are a set of security policies and mechanisms that adjust authentication requirements. These rules determine the strength of authentication required for each user, based on factors such as their location, device, past login behavior, and other risk indicators.

For more information, you can visit the Condition for Adaptive authentication page.

Step-by-step

1. If you have not previously installed the Federation Addon, the first time you select the Create MFA policies option, Soffid will require to install the Federation and the OTP Addons.

image.png

2. You must select the Create adaptive authentication rules and then click the Ok button.

image-1678097740662.png

3. Then, Soffid will browse to the Adaptive authentication window, where you could configure it

image-1678098184254.png