Skip to main content

Authorizations

Definition

PasswordSoffid policiesconsole provides a granular access control system. That granular control system allows youto administrator user to defineassign customgranular rules that passwords must comply withpermissions to enhance system security. For each password domain, Soffid allows you to create different password policies related to user type. It is only possible to define a single password policy for one password domain and one user type. 

There are two kinds of password policies.

  • The first one is for user selected passwords. That is the default behavior.
  • The second one are system generated passwords. These policies are useful for shared accounts when using Enterprise Single Sign-on.

A password policy will also define how often the password needs to be changed and how many days are allowed to change it.

Regarding password complexity, you can specify the minimum and the maximum number of lowercase letters, uppercase letters, numbers, and symbols, as well as password length.roles.

The administratorroles users can define a regular expression that must match each password. This can be used, for example, to ensure that the first password is not numeric.

It is allowed to create a list of forbidden words that cannot be used as passwords.

Password domain

Is a logical way of grouping managed systems that are sharing the same password for each user. If administrator chooses to have the same password for every system, only one password domain should exist. If administrator chooses to assign different password for each system, then a password domain shouldmay be created forinto eachSoffid managedapplication system, but could also be included in any other application system.

Screen overview

&&TODO&&

  1. Password domain
  2. User TypeRoles

Standard attributes

Domain

  • CodeScope: passwordscope domainof identifierapplication.
    • code.
  • Name: name of the granular permission.
  • Description: a brief description of the passwordgranular domain.permission.

Password policies

  • PasswordRoles: domainrole list assigned to that granular permission.
  • DB: information storage system from a technical point of view.
  • Information system: asset or application, from a functional point of view.
  • Domain: the passwordrole policyis belongslimited to that password domain.
  • User type: specific user type for which the password policy is created.
  • Description: a brief description of the password policy.
  • Password type: the king of policies password:
    • Entered by the user: that is the default behavior.
    • Automatically generated: these policies are useful for shared accounts when using Enterprise Single Sign-on.
  • Change allowed: if it is checked, the user could change automatically generated passwords.
  • Query allowed: if is checked, the user could view the current password.
  • Valid period (days): the change of the password will be asked in that number of days.
  • Grace period (days): additional days allowed to the valid period, for changing the password.
  • Length (min & max): added number of days to change the password.
  • Regular expression: the password must comply with a that regular expression.
  • Uppercase letters (min & max): min and max number of uppercase letters that be included on the password.
  • Lowercase letters (min & max): min and max number of lowercase letters that be included on the password.
  • Numbers (min & max): min and max number of numbers that be included on the password.
  • Symbols (min & max): min and max number of symbols that be included on the password.
  • Complexity: Similar operation to the same option in Active Directory. It is mandatory to use three diffentes type of characters (uppercase, lowercase, numbers and symbols), it is not allowed to use the user code, name or surname.
  • Passwords remembered: number of passwords the system will remember.
  • Forbidden words: list of forbidden word that may not be used to create a password.scope.

Actions

Password policiesAuthorization query action

Import

Allows you to upload a CSV file with the authorization data to add or to update the granular control system. &&TODO&& si trato de importar para eliminar un role de una authorization no me funciona, me deja el rol que había

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the contents. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV fileAllows you to download a CSV file with the authorization data.

Authorization detail actions

Add new domainAllows to create a new password domain
Add new password policyAllows to create a new password policy on a specific password domain.

Password domain detail actions

Apply changes Allows you to updateadd a new role to the passwordauthorization. domainIt changes.is mandatory to apply changes to save the roles added.
Delete Allows you to delete a passwordrole domain.from a authorization. It is mandatory apply changes to save the roles deleted.
Apply changesAllows you to update the changes made on the authorization.
Undo Allows you to quit without applying any changes.

Password policies detail actions

Apply changesAllows you to create or to update the password policy changes.
DeleteAllows you to delete a password policy.
UndoAllows you to quit without applying any changes.
Add wordAllows you to create a new forbidden words.

 

Back to top