Advanced Search
Search Results
514 total results found
Soffid Authenticator App
Password Manager Getting started
Password Manager Getting started
Break Glass
SQL Connector
Windows Connector
Zarafa Connector
Process types
Templates definition of process types
SCIM full examples
Resource data model & schema
The data model of the Soffid objects is mapped to JSON objects to enable the data transport between client and server.
ESSO Manuals
Documentation about Windows user access, Linux user access and Admin access
ESSO Configuring Rules for Single Sign On
ESSO Scripting Language
Soffid BPM Editor
Soffid BPM Editor
User management steps
Define the user management steps
Permissions management steps
Define the Process management steps
Account reservation steps
Define the account reservation steps
Connectors Examples
Configuration
Examples
Self service portal examples
Step 4. Register additional resources (Optional)
Step 5. Account management
The account management step shows you how to manage the accounts to change the type, how to locate the accounts on the password vault and how to assign a password. To comply this step the discovery process must be completed.
Step 6. Passwords rotation
The passwords rotation reduces the vulnerability to password-based attacks. Soffid allows you to limit the password lifespan and force you to change it.
Step 7. Just in time privileges
Attribute definition
Description The attribute definition page displays all the auto-generated user attributes. Those attributes will be the attributes to deliver from the identity providers to the service providers depending on the defined rules. Soffid has a default implementa...
Attribute sharing policies
Description After defining the attributes to publish, it’s required to write a policy that defines which attributes will be allowed to share with each service provider. Soffid allows you to define security rules that apply to any attribute that should be del...
Identity & Service providers
Description Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also...
OpenIDProfile
Definition The Identity Provider will serve the OpenID-Connect protocol. It is possible to accept the default endpoints or modify them. You can check the server features visiting https://<YOUR-IdP>/.well-known/openid-configuration. That JSON gives you inform...
SAML1ArtifactResolutionProfile
Definition Based on SAML version 1 standard. This profile is used when the Service Provider wants to resolve or check a received assertion. Screen overview Standard attributes Class: class name (readOnly field). Enabled: if it is checked (selected opt...
Openid-connect to SAML interoperability
Introduction OpenID-Connect has a clear design suitable for both frontend and backend. SAML has a clear design for the frontend, but the backend usage is harder as the security in SAML cannot be placed at transport layer. Instead, in must be placed at docume...
validate-domain
Definition This operation allows to validate the user domain and return the IDP ower of the user. URL <console-domain>/webservice/federation/rest/validate-domain Method POST Headers Accept = “application/json” Content-Type = “application/...
validate-credentials
Definition This operation allows to validate the credentials of the user against Soffid. URL <console-domain>/webservice/federation/rest/validate-credentials Method POST Headers Accept = “application/json” Content-Type =...
expire-session
Definition This operation allows to close a session created by either validate-credentials or parse-saml-response. If you want to get real global logout, this method invocation is not enough. You should also use the generate-saml-logout-request method. ...
generate-saml-request
Definition This operation allows to generate a SAML request to an external IDP. URL <console-domain>/webservice/federation/rest/generate-saml-request Method POST Headers Accept = “application/json” Content-Type = “applic...
parse-saml-response
Definition This operation allows to validate a SAML response generated by another external IDP that support SAML protocol. URL <console-domain>/webservice/federation/rest/parse-saml-response Method POST Headers Accept = “appl...
generate-saml-logout-request
Definition This operation allows to generate a SAML logout request to be sent to a IdP supporting SAML Global Logout, including Soffid IdP. URL <console-domain>/webservice/federation/rest/generate-saml-logout-request Method ...
Server certificate management
There are two options for certificate management 1. The easiest, fast and cheap one: Do not create any public or private key, nor enter any certificate chain. At first start up, Soffid Identity Provider will generate a new public/private key pair. Using thi...
Soffid IdP as an identity broker
Introduction An Identity Broker is often part of a a Single Sign-On Architecture as an an intermediary service that connects multiple Service Providers with different Identity Provider (IDP)s. Soffid IdP can act as an identity broker. This means that So...
External oAuth / OpenID Identity Providers
Introduction Soffid federation can be composed by a mix of SAML and oAuth / OpenID-connect servers. In such a scenario, Soffid IdP is able to let users be identified by oAuth servers like Linked-in, Google or Facebook, perform all the provision tasks requir...
Customizable CSV file (CSV Connector type)
Introduction Description The CSV connector type allows users to load a collection of data stored into a plain CSV file. In the following page, the process to complete the CSV connector setup will be explained. To begin with, address to the quick start sec...
Invoker interface
Any agent, trigger or mapping can use the invoker method for the ActiveDirectory agent. The invoker method is available in the dispatcherService class as well as the in the serverService. The invoker method is not specific of the Shell agent. Many other conne...
HOWTO SSL access to Active Directory
Table of Contents Introduction. Installing the Certificate Services. Configuring Automatic Certificate Request for Domain Controllers. Check for Issued Certificate. Import certificate. Introduction This howto will show you how to install the Certifi...
Invoker interface for Active Directory
Any agent, trigger or mapping can use the invoker method for the ActiveDirectory agent. The invoker method is available in the dispatcherService class. The invoker method is not specific of the Active Directory agent. Many other connectors support this method...
Introduction to BPM Editor
What is BPM? Business Process Management is a discipline for executing of management methodology to improve an organization’s business processes. That uses a combination of modeling, automation, execution, control, measurement and optimization of business act...