Search Results

Introduction Access Reject: The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account. Access Challenge: Requests additional infor...

Introduction There are three basic OpenID flows, depending whether the service name must be authenticated using its client secret or not: OpenID flow Implicit flow The Service Provider sends the user to the IdP. The IdP authenticates the user. The ...

Introduction To connect a SAML service provider, the service provider must offer you its SAML metadata. The SAML metadata contains information about its public id, the services that implement and the service endpoints. Register a SAML service provider 1. Op...

Introduction Soffid console has a built-in SAML client, so it can act as a service provider in the Soffid federation. It is interesting to use this configuration, as it allows you to enforce the use of two factors authentication to log into the Soffid console...

Introduction SAML 2.0 is a complex and not easy to implement standard. There are some libraries that can help somewhat, but a correct implementation needs a deep knowledge of SAML protocol, and is always hard to test and debug. To make it easier, Soffid prov...

Introduction Openid-connect allows a service provider registers dynamically other service providers. Dynamic Register To dynamically register a client, acquire an initial access token, and then register the new application by using the registration API. You...

Introduction The CAS protocol is a simple and powerful ticket-based protocol. It involves one or many clients and one server. Clients are embedded in CASified applications (called “CAS services”) whereas the CAS server is a standalone component. Register CAS...

Introduction TACACS (Terminal Access Controller Access Control System) is a security protocol that provides centralized validation of users who are attempting to gain access to a router or NAS TACACS+ is a protocol for AAA services: Authentication Author...

Introduction The Radius protocol (Remote Authentication Dial-In User Service) is a networking protocol that authorizes and authenticates users who access a remote network. Register a Radius client 1. Open the Identity & Service Provider page. Main Menu > A...

Installation Download & Install Depending on your device, you can download & install Soffid Authenticator Application from the Google Play Store or Apple Store.

Global functions can be used in an action element: debug text: string Sends a message to the debug console. sleep millis: int Stops script execution for the specified milliseconds. Never stops the execution of the applicat...

The fourth step, to add a database, is an optional step. You only need to configure when there is any database (SQL Server or Oracle) in some of the discovered hosts and you want to manage its accounts as privileged or shared accounts. Step-by-step The net...

Description Throughout the Soffid you will be able to perform searches on the different objects that make up the application. You will be able to search in the system by applying different ways of searching.  Quick This option allows a quick search by fiel...

Definition That is the first step of the workflow. At that step, you could define the fields you want to show when the end users will go to make a request. Steps Tabs Task details This process type does not have task details for the start step. Fields In...

Definition That is the first step of the workflow. At that step, you could define the fields you want to show when the end users will go to make a request. Steps Tabs Task details In this tab you could configure next parameters: Task name: identified na...

Definition That is the first step of the workflow. At that step, you could define the fields you want to show when the end users. In that case, the request will be launched automatically when the end users request to use a privileged account to connect to a p...

Definition That is the first step of the workflow. At that step, you could define the fields you want to show when the end users. In that case, the request will be launched automatically when the end users request to use a privileged account to connect to a p...

Description Soffid provides the functionality that allows searching for information about the PAM recording sessions. That option is located on Main Menu > Administration > Monitoring and reporting > Search in PAM recordings First of all, to query the PAM r...

Introduction The password rotation reduces the vulnerability to password-based attacks. Soffid allows you to limit the password lifespan and force you to change it. Soffid defines a procedure for Password rotation to keep safe the critical accounts. It allow...

The purpose of this tutorial is to show how to initialize a database required for Soffid IAM installation. Prerequisites First of all, you sould install a database required in the Soffid IAM installation. The supported databases are: MySQL MariaDB Post...