Skip to main content

Implementation Report

This report summarizes how soffid has been implemented for this project.

Agents

These agents have been defined in Main Menu > Administration > Configuration > Integration engine > Agents:

1. IdP Agent

This agent has been created for the identity provider for managing and authenticating the identities of users. This agent would be linked to the identity provider through its Public ID.

2. Source AD Agent

This agent has been created to connect the Soffid console with the Active Directory, so we can carry out the authoritative load, to retrieve identities, and the reconciliation process, to request the accounts and ensure that all users are aligned with their respective roles and responsibilities.

Identity & Service providers

Only one Entity Group has been defined (Postbank) in Main Menu > Administration > Configuration > Web SSO > Identity & Service providers. The providers defined within this group are:

1. Identity Providers

The identity provider soffid.postbank.lpb.co.ls uses Soffid IdP for identity authentication. Additionally, adaptive authentication is configured, so if the name of the service provider requesting authentication begins with "Tacacs," two-factor authentication (2FA) will be required, as shown below.

Screenshot from 2024-10-08 17-05-04.png


Otherwise multi-factor authentication (MFA) will be required.

Screenshot from 2024-10-08 17-01-01.png

2. Service Providers

SeveralEight out of ten service providers have been defined.defined to access firewalls, routers, switches, etc. These service providers begin with "Tacacs" in the name, thus 2FA will be required. For the remaining service providers, which allows users to access proxies and other systems, MFA will be required. These service providers allows users to connect to different systems without starting the connection through Soffid.

XACML Policy Management

2.1.In sssMain Menu > Administration > Configuration > Security Settings > XACML Policy Management the policy set PAMMFA has been defined, within which the policy OTPApprove has been defined aswell. This policy requests an OTP with a timeout when launching a connection through PAM.