Search Results

Step-by-step 1. To create a new PAM Policy, you must access the PAM Rules page in the following path: Main Menu > Administration > Configure Soffid > Security settings > PAM policies 2. To create a new PAM policy, you must click the add button (+) and Soff...

Assign PAM policy 1. To assign the PAM policy to a Password Vault folder, you must access the Password vault page in the following path: Main Menu > Administration > Resources > Password vault 2. Then you must select the folder by clicking on the record. S...

Step-by-step 1. To define and configure an approval workflow, you can use the Soffid BPM editor. You must access the BPM editor page in the following path: Main Menu > Administration > Configure Soffid > Workflow settings > BPM editor 2. To add a new workfl...

Step-by-step 1. To define policies, you must access the XACML Policy Management page in the following path: Main Menu > Administration > Configure Soffid > Security settings > XACML Policy Management 2. Once you have accessed the XACML Policy Management pag...

Step-by-step 1. To configure the XACML PEP  You must access the "XACML PEP configuration" page in the following path: Main Menu > Administration > Configure Soffid > Security settings > XACML PEP configuration 2. At the "XACML PEP configuration page you mus...

Introduction The password rotation reduces the vulnerability to password-based attacks. Soffid allows you to limit the password lifespan and force you to change it. Soffid defines a procedure for Password rotation to keep safe the critical accounts. It allow...

To request the accounts you must launch the reconciliation process. The main purpose of reconciling process is to provide a mechanism to ensure that all users are aligned on the specific roles and responsibilities. Step-by-step 1. First of all, you need to...

Step-by-step 1. To deploy the identity provider is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to Soffid database. Instead, it will connect to main sync servers to get users and f...

Introduction SAML is the most complete, secure, and mature solution to get identity federation. SAML defines three main kinds of servers: Federation metadata server. Publishes information about the federation members, its protocols, and capabilities. Any f...

Introduction OpenID is based on the well known protocol. It is easier to implement and deploy, as it does not require digital signature or  encryption. The drawback is that it is significantly less secure. For example, the single logout protocol is not finish...

Introduction Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. It is an identity federation protocol, born in 2...

Introduction OpenID is an open standard and decentralized authentication protocol.  It allows users to be authenticated by cooperating sites (known as relying parties, or RP) using a third-party service, eliminating the need for webmasters to provide their ...

Description The attribute definition page displays all the auto-generated user attributes. Those attributes will be the attributes to deliver from the identity providers to the service providers depending on the defined rules. Soffid has a default implementa...

Description After defining the attributes to publish, it’s required to write a policy that defines which attributes will be allowed to share with each service provider. Soffid allows you to define security rules that apply to any attribute that should be del...

Description Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also...

Description An entity group is just like a folder that allows you to manage different kinds of federation members. One of the most common ways to group federation members is by trust level. When you create an entity group, the Identity Providers and the Serv...

Description An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed networ...

Definition A single identity provider usually offers different profiles or service levels to diffeferent service provider. To be able to define this behavior, any Identity Provider can be split into many virtual identity providers. Those identity providers wi...

Definition The Service Providers are standard applications that rely on Identity Providers to let the users log in. Join federation To join the federation, the service provider management team must deliver its "Metadata". The service provider Metadata descr...

Definition The Identity Provider will serve the OpenID-Connect protocol. It is possible to accept the default endpoints or modify them. You can check the server features visiting https://<YOUR-IdP>/.well-known/openid-configuration. That JSON gives you inform...