Skip to main content

Implementation Report

This report summarizes how soffidSoffid has been implemented for this project.

Agents

These agents have been defined in Main Menu > Administration > Configuration > Integration engine > Agents:

1. IdP Agent

This agent has been created for the identity providerprovider, for managing and authenticating the identities of users. This agentIt would be linked to the identity provider through its Public ID.

2. Source AD Agent

This agent has been created to connect the Soffid console with the Active Directory, so we can carry out the authoritative load, to retrieve identities, and the reconciliation process, to request the accounts and ensure that all users are aligned with their respective roles and responsibilities.

Identity & Service providers

Only one Entity Group has been defined (Postbank) in Main Menu > Administration > Configuration > Web SSO > Identity & Service providers. The providers defined within this group are:

1. Identity Providers

The identity provider soffid.postbank.lpb.co.ls uses Soffid IdP for identity authentication. Additionally, adaptiveAdaptive authentication is configured, so if the name of the service provider requesting authentication begins with "Tacacs," two-factor authentication (2FA) will be required, as shown below.

Screenshot from 2024-10-08 17-05-04.png


Otherwise multi-factor authentication (MFA) will be required.

Screenshot from 2024-10-08 17-01-01.png

2. Service Providers

Eight out of ten service providersproviders, havewhich beengrant definedaccess to access firewalls, routers,routers switches,and etc.other Thesesystems, serviceare providers beginprefixed with "Tacacs" in the name,, thus 2FA will be required. For the remaining two service providers, which allowsallow usersaccess to access proxies and other systems, MFA  will be required.enforced. These service providers allowsenable users to connect to differentvarious systems directly, without startinginitiating the connection through Soffid.Soffid, while still ensuring identity authentication.

XACML Policy Management

In Main Menu > Administration > Configuration > Security Settings > XACML Policy Management the policy set PAMMFA has been defined, within which the policy OTPApprove has been defined aswell. This policy requests an OTP with a timeout when launching a connection through PAM.