Advanced Search
Search Results
517 total results found
Step 6.2. Create Password policy
How to define a new password policy for the previous user type created. Step-by-step 1. First of all, you must access the Password policies page, the path to access is the following: Main Menu > Administration > Configure Soffid > Security settings > Pass...
Step 6.4. Enable Task
To rotate the password it will be necessary to enable the task Expire untrusted passwords. The Expire untrusted passwords task is in charge to create a new password for the accounts: Critical accounts with the password type "Automatically generated", in ...
Step 7.2. Define XACML policy set to use a workflow
Step-by-step 1. To define policies, you must access the XACML Policy Management page in the following path: Main Menu > Administration > Configure Soffid > Security settings > XACML Policy Management 2. Once you have accessed the XACML Policy Management pag...
Step 8.3. Assign PAM policy
Assign PAM policy 1. To assign the PAM policy to a Password Vault folder, you must access the Password vault page in the following path: Main Menu > Administration > Resources > Password vault 2. Then you must select the folder by clicking on the record. S...
Step 8.2. PAM Policies
Step-by-step 1. To create a new PAM Policy, you must access the PAM Rules page in the following path: Main Menu > Administration > Configure Soffid > Security settings > PAM policies 2. To create a new PAM policy, you must click the add button (+) and Soff...
Step 1. Create network
The first step of the PAM implementation will be to create the network we want to scan to discover the hosts Step-by-step 1. First of all, you must access the networks page, the path to access is the following: Main Menu > Administration > Resources > Net...
Step 2. Configure network discovery
The second step will be to configure the network with the proper parameter to allow you to run the discovery process. Step-by-step 1. First of all, you must access the network discovery page in the following path: Main Menu > Administration > Configuratio...
Introduction to Identity Federation
What is Identity Federation? A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. The federation is a system of trust between two par...
Radius architecture
Introduction Access Reject: The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account. Access Challenge: Requests additional infor...
TACACS+ architecture
Introduction
Connecting an OpenID Connect service
Introduction There are three basic OpenID flows, depending whether the service name must be authenticated using its client secret or not: OpenID flow Implicit flow The Service Provider sends the user to the IdP. The IdP authenticates the user. The ...
Connecting a SAML service
Introduction To connect a SAML service provider, the service provider must offer you its SAML metadata. The SAML metadata contains information about its public id, the services that implement and the service endpoints. Register a SAML service provider 1. Op...
Connecting Soffid console
Introduction Soffid console has a built-in SAML client, so it can act as a service provider in the Soffid federation. It is interesting to use this configuration, as it allows you to enforce the use of two factors authentication to log into the Soffid console...
Connecting your custom applications
Introduction SAML 2.0 is a complex and not easy to implement standard. There are some libraries that can help somewhat, but a correct implementation needs a deep knowledge of SAML protocol, and is always hard to test and debug. To make it easier, Soffid prov...
Openid-connect Dynamic Register
Introduction Openid-connect allows a service provider registers dynamically other service providers. Dynamic Register To dynamically register a client, acquire an initial access token, and then register the new application by using the registration API. You...
Connecting CAS client
Introduction The CAS protocol is a simple and powerful ticket-based protocol. It involves one or many clients and one server. Clients are embedded in CASified applications (called “CAS services”) whereas the CAS server is a standalone component. Register CAS...
Connecting Tacacs+
Introduction TACACS (Terminal Access Controller Access Control System) is a security protocol that provides centralized validation of users who are attempting to gain access to a router or NAS TACACS+ is a protocol for AAA services: Authentication Author...
Connecting Radius client
Introduction The Radius protocol (Remote Authentication Dial-In User Service) is a networking protocol that authorizes and authenticates users who access a remote network. Register a Radius client 1. Open the Identity & Service Provider page. Main Menu > A...
How to install Soffid Authenticator?
Installation Download & Install Depending on your device, you can download & install Soffid Authenticator Application from the Google Play Store or Apple Store.
1. Global functions
Global functions can be used in an action element: debug text: string Sends a message to the debug console. sleep millis: int Stops script execution for the specified milliseconds. Never stops the execution of the applicat...