Implementation Report
This report summarizes how soffid has been implemented for this project.
Agents
These agents have been defined in Main Menu > Administration > Configuration > Integration engine > Agents:
1. IdP Agent
This agent has been created for the identity provider for managing and authenticating the identities of users. This agent would be linked to the identity provider through its Public ID.
2. Source AD Agent
This agent has been created to connect the Soffid console with the Active Directory, so we can carry out the authoritative load, to retrieve identities, and the reconciliation process, to request the accounts and ensure that all users are aligned with their respective roles and responsibilities.
Identity & Service providers
Only one Entity Group has been defined (Postbank) in Main Menu > Administration > Configuration > Web SSO > Identity & Service providers. The providers defined within this group are:
1. Identity Providers
The identity provider soffid.postbank.lpb.co.ls uses Soffid IdP for identity authentication. Additionally, adaptive authentication is configured, so if the name of the service provider requesting authentication begins with "Tacacs," two-factor authentication (2FA) will be required, as shown below.
Otherwise multi-factor authentication (MFA) will be required.
2. Service Providers
SeveralEight out of ten service providers have been defined.defined to access firewalls, routers, switches, etc. These service providers begin with "Tacacs" in the name, thus 2FA will be required. For the remaining service providers, which allows users to access proxies and other systems, MFA will be required. These service providers allows users to connect to different systems without starting the connection through Soffid.
XACML Policy Management