Advanced Search
Search Results
250 total results found
Example Web PEP
Web Policy Enforcement Point Use case example We want to define a policy to restrict access to some pages of the Soffid console. The users who are assigned to the SOFFID_RRHH role (from this point forward: end-users) will have limitations to access to some ...
SAML architecture
Introduction SAML is the most complete, secure, and mature solution to get identity federation. SAML defines three main kinds of servers: Federation metadata server. Publishes information about the federation members, its protocols, and capabilities. Any f...
Entity Group
Description An entity group is just like a folder that allows you to manage different kinds of federation members. One of the most common ways to group federation members is by trust level. When you create an entity group, the Identity Providers and the Serv...
Identity & Service providers
Description Soffid Identity Federation addon helps administrators to manage an Identity Federation. With Soffid you can manage the whole federation security configuration, increasing the security while reducing the federation management costs. Soffid can also...
Attribute sharing policies
Description After defining the attributes to publish, it’s required to write a policy that defines which attributes will be allowed to share with each service provider. Soffid allows you to define security rules that apply to any attribute that should be del...
Attribute definition
Description The attribute definition page displays all the auto-generated user attributes. Those attributes will be the attributes to deliver from the identity providers to the service providers depending on the defined rules. Soffid has a default implementa...
OpenID-Connect
Introduction OpenID is an open standard and decentralized authentication protocol. It allows users to be authenticated by cooperating sites (known as relying parties, or RP) using a third-party service, eliminating the need for webmasters to provide their ...
SAML (Security Assertion Markup Language)
Introduction Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. It is an identity federation protocol, born in 2...
OpenID-Connect architecture
Introduction OpenID is based on the well known protocol. It is easier to implement and deploy, as it does not require digital signature or encryption. The drawback is that it is significantly less secure. For example, the single logout protocol is not finish...
How to deploy the identity & service provider
Step-by-step 1. To deploy the identity provider is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to Soffid database. Instead, it will connect to main sync servers to get users and f...
Example Password Vault PEP
Password Vault Policy Enforcement Point Use case example 1 We want to define a policy to restrict access to the Soffid Password Vault. The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform ...
Step 4.3. Reconcile (Optional)
To request the accounts you must launch the reconciliation process. The main purpose of reconciling process is to provide a mechanism to ensure that all users are aligned on the specific roles and responsibilities. Step-by-step 1. First of all, you need to...
Step 4.2. Create an agent (Optional)
That step will be an optional step, and it will be mandatory only when the SQL Server agent or the Oracle agent was not created previously on Soffid Console and you need to add a database to manage its accounts. Step-by-step 1. First of all, to create an a...
Example Dynamic role PEP
Dynamic role Enforcement Point Use case example We want to define a policy to restrict access to the Soffid console user's page (MainMenu > Administration > Resources > Users). The users who are assigned to the SOFFID_RRHH role (from this point forward: end...
How to install Federation in Soffid?
Installation Download Please download the Soffid Federation add-on. You could download it at the following link http://www.soffid.com/download/enterprise/ if you have a Soffid user with authorization, or in the following http://download.soffid.com/download/...
How to install XACML in Soffid
Installation Download Please download the Soffid XACML add-on. You can download it at the following link http://www.soffid.com/download/enterprise/ if you have Soffid user with authorization, or in the following http://download.soffid.com/download/ by regis...
How to install BPM Editor in Soffid
Installation Download Please download the Soffid BPM Editor add-on. You could download it at the following link http://www.soffid.com/download/enterprise/ if you have a Soffid user with authorization, or in the following http://download.soffid.com/download/...
Introduction to Identity Federation
What is Identity Federation? A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. The federation is a system of trust between two par...
Example Role centric PEP
Role centric Enforcement Point Use case example We want to define a policy to restrict access to the Soffid console role's page (MainMenu > Administration > Resources > Roles). The users who belong to the "enterprise" group as primary group (from this point...
Identity Provider
Description An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed networ...