Security

Authentication

Authentication is based on username/password.

Optionally 2-factor authentication can be set up using af mix of

• SMS sent to phone
• IP address of callers

Single sign on (optional)

Single sign on integration is included for

• ADFS
• LDAP (and AD)
• Google, Azure, Facebook, LinkedIn

A group membership synchronization exists for

• ADFS
• LDAP

Anonymous users (optional)

External users can access data via the following methods

• Create new records: Public link
  • Services can be protected by a CAPTCHA test
• Edit existing records: Specific link sent to user
  • Links can expire after certain amount of time

Authorization

User permissions are granted via inheritable group membership

Authorization schemes

• Field level control
• State model
• Data ownership

Additionally special roles can be assigned

• Administrator (backend)
• Bulk operations

Encryption

Transport encryption is based on SSL via HTTPS policies

• Cloud hosting includes option for free SSL certificates

Storage encryption is best handled via operating system measures

• Linux: LUKS
• Windows: Bitlocker

Passwords are hashed using BCrypt algorithm.

Protection

Platform complies with all requirements in OWASP level 2

• Hacking: SQL injection, XSS, CSRF
• Password policies