Wiki source code of Portal Security - Basic
Last modified by Erik Bakker on 2023/01/24 15:24
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{container}}{{container layoutStyle="columns"}}((( | ||
2 | Securing your solution and your data is a shared responsibility between eMagiz and you. | ||
3 | |||
4 | In this microlearning, we will educate you on the basics of the security of the eMagiz Portal. | ||
5 | |||
6 | == 1. Prerequisites == | ||
7 | |||
8 | * Basic knowledge of the eMagiz platform | ||
9 | |||
10 | == 2. Key concepts == | ||
11 | |||
12 | This microlearning centers around eMagiz portal security. | ||
13 | With portal security we mean: Ensuring that your model is not accessible for those who have no right to access your model. | ||
14 | |||
15 | The portal security consists of multiple parts: | ||
16 | |||
17 | * User access to Portal | ||
18 | * User access to Integration Models | ||
19 | * User authorizations to Integration Models | ||
20 | * Partner user access to Client environments | ||
21 | * Password Policy & Validity | ||
22 | |||
23 | For each aspect, it is good to know how the security is set up by eMagiz. | ||
24 | |||
25 | == 3. Portal Security - Basic == | ||
26 | |||
27 | Securing the portal is done in various ways. | ||
28 | In this microlearning, the focus will be on user access to the portal, to models, and how to determine that a user has exactly the rights he/she needs to execute their job. | ||
29 | We will discuss each of these aspects below one by one. | ||
30 | |||
31 | === 3.1 User access to the portal === | ||
32 | |||
33 | Users can be added with their email address by the eMagiz Partner Manager or the Company Contact, upon which the user gets an email to sign-in. | ||
34 | A temporary password is created and emailed as well, which has to be changed at the first login to the iPaaS Portal. Users are connected to organizations in eMagiz. | ||
35 | In the administration section of the user, an MFA token can be used to enable the Multifactor Authentication on a user level. | ||
36 | Typical authenticators on a smartphone can be used such as Google Authenticator. | ||
37 | An MFA response is required for model owners to manage the permissions on a model level and for any Edit activity in Production environments. See the next sections for more details on these functions. | ||
38 | |||
39 | === 3.2 Users access to models === | ||
40 | |||
41 | Users can be added to Integration models, which hold all the configurations required to run the different integrations for the TAP environments. | ||
42 | Integration models are connected to organizations in eMagiz to ensure the integration model remains within the limits of the license agreements. | ||
43 | Users can be added to integration models of the organization where the user belongs to. Users can't be added to integration models of other clients. | ||
44 | |||
45 | === 3.3 User authorizations to models === | ||
46 | |||
47 | Every integration model has a model owner who can distribute rights across functionalities and environments. | ||
48 | In the picture below, one can see the various options available across the Integration Life Cycle (ILM) Phases Capture through Manage. | ||
49 | The model owner manages the user permissions and needs to have the MFA authentication level activated before making any changes. | ||
50 | |||
51 | * In case of Edit permission is granted on an ILM phase, all the sub-options can be configured | ||
52 | * View rights mean that all options can be viewed only | ||
53 | * In case the user has no Edit or View rights to a certain ILM phase, the phase will not be displayed at all in the eMagiz iPaaS Portal | ||
54 | * Model owners are assigned to integration models by the previous model owner, the company contact or an eMagiz administrator | ||
55 | * An audit trail is kept of the changes made in the model permission structure | ||
56 | |||
57 | [[image:Main.Images.Microlearning.WebHome@crashcourse-platform-manage-portal-security-basic--integration-project-rights.png]] | ||
58 | |||
59 | === 3.4 Partner user access to models === | ||
60 | |||
61 | Partner organizations are supported in eMagiz. | ||
62 | Model owners can select a user from their organization or the connected partner organization. | ||
63 | The connection between client and partners organization is managed by eMagiz administrators | ||
64 | |||
65 | === 3.5 Password policy & Validity === | ||
66 | |||
67 | Below the relevant items for the password policy in the eMagiz Portal | ||
68 | |||
69 | * There is no expiry policy on the password - eMagiz has a Forget Password functionality. | ||
70 | * Password must be 8 - 20 characters long, cannot contain white spaces, and must contain at least one digit, one upper case, and one lower case letter." | ||
71 | |||
72 | == 4. Key takeaways == | ||
73 | |||
74 | The portal security consists of multiple parts: | ||
75 | |||
76 | * User access to Portal | ||
77 | * User access to Integration Models | ||
78 | * User authorizations to Integration Models | ||
79 | * Partner user access to Client environments | ||
80 | * Password Policy & Validity | ||
81 | |||
82 | For each aspect, it is good to know how the security is set up by eMagiz. | ||
83 | |||
84 | == 5. Suggested Additional Readings == | ||
85 | |||
86 | If you are interested in this topic and want more information on it please read the help text provided by eMagiz. | ||
87 | )))((({{toc/}}))){{/container}}{{/container}} |