Search Results

Step-by-step To enable the kerberos authentication method, the identity provider must have a keytab file that enables it to authenticate users. The steps to get it are described below: 1. First of all, you need to create a net user. You can use the old-fashi...

Description A profile is a protocol or subset of protocols implemented by the Identity Provider. There are some accepted protocols, those allows a custom config dependent on the selected profile. The accepted protocols are the following: 1. OpenIDProfile 2...

Description After defining the attributes to publish, it’s required to write a policy that defines which attributes will be allowed to share with each service provider. Soffid allows you to define security rules that apply to any attribute that should be del...

Description The attribute definition page displays all the auto-generated user attributes. Those attributes will be the attributes to deliver from the identity providers to the service providers depending on the defined rules. Soffid has a default implementa...

What is XACML? XACML "eXtensible Access Control Markup Language" is an open standard XML based language. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to...

Description The Delegation Roles Process type is used to allow the users to delegate temporary their own permissions.  That process is defined by default with 3 steps, but you can add new, delete and update steps to customize your business process.  Start...

Description The Permission Request Process type is used to define business processes to request permissions. That process is defined by default with 4 steps, but you can add new, delete and update steps to customize your business process.  Start Approve ...

Description The Account Reservation Process type is used to configure the use of privileges accounts. That type of process will be launched when the end-users want to connect to a system using a privileged account through the password vault. Soffid allows yo...

Definition Here is an explanation about how to configure the ESSO profile by using Soffid as Identity Provider. Please note that the profile parameters will be automatically updated on the PCs. Screen overview Standard attributes Class: class name (...

Introduction Adaptive authentication is designed to improve the security of online accounts by adding an additional layer of protection against unauthorized access. When the authentication is being defined, Soffid allows you to add some adaptive authenticati...

Description An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed networ...

Description The User Management Process type is used to define business processes to create and update identities and their attributes. You can use the default template included on Soffid BPM Editor and customize it with your business needs. Also, you can im...

Description The Permissions Management Process type is used to define processes used to grant or remove permissions to an identity. You can use the default template  Permissions management included on Soffid BPM Editor and customize it with your business nee...

Introduction The administration addon includes two very useful features for Soffid administrators. On the one hand, we have the ability to generate custom scripts and launch them using different mechanisms. On the other hand, the export and import of Soffid...

Introduction In addition to all the features that Soffid offers by default when installing the Console and Syncserver, it also allows you to add new features in addon format. Soffid provides a collection of addons that can be installed to add functionalities...