Our Solutions: SSO and IAM - soffid.com
Soffid provides full Single Sign On experience and full identity governance features. All in an open source, efficient and powerful software product. Security and productivity is now affordable.
Single Sign on, Identity governance, IAM, Identity and access management, Open Source, free IAM, open source IAM
page-template,page-template-full_width,page-template-full_width-php,page,page-id-6,ajax_fade,page_not_loaded,,qode_grid_1300,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Our Solutions: SSO and IAM

Single Sign On

Enterprise and Web Single Sign On Solution

Access to corporate and web applications needs to be secure, but it needs to be simple, fast and precise.

And this is exactlly what our Single Sing On solution provides.

Unlock all your companies potential and productivity by enjoying full single sign on experience.

Identity and Access Management

Full identity and access management solution

Fully integrated software suite that provides Role Management, Identity Provisioning, Business Workflows, Attestation, Reporting, Audit & Compliance, Federation, Priviledged Accounts management, and much more.

Because we believe that complete identity and access management solutions do not need to ask for tradeoffs between performance and cost, Soffid provides maximum performance at the lower cost in the market.

Reduce IT costs while increasing security.

Soffid provides state of the art Single Sign On and Identity Governance features at a fraction of the cost. For your peace of mind, security and productivity is now affordable.

Single Sign On

Enterprise Single Sign On

Is a fully managed enterprise single sign on solution that improves the security of IT assets while reducing the operational costs produced by lost passwords, authentication delays and change of management.

It enables full single sign on experience without the need of modifying applications. It is fully supported on Windows and Linux.

Web Single Sign On

Is a versatile web single sign on that automates web authentication and provides a central point to deploy enterprise web applications.

The XACML module allows fine grained access control to even legacy web applications.

Unified directory

Is a functionality that ensures that all authoritative sources are always in full synchronisation. This functionality in ensured by the Soffid backend engine and is completely transparent to the end user.

Powerful simplicity at stake. Directory provisioning, manual directory reconciliation, bidirectional password synchronisation and high availablity architecture are always assured when using Soffid.

Self service portal

Is a unique and versatile web interface where the end user would query or change account passwords, manage business processes, manage their own profile, or launch applications.

Everything from a single entry point, because productivity is enhanced only if you design the product to be simple and user friendly. And we have done it.

Identity and Access Management: Provisioning

Enjoy identity and access management features to enhance security and business functionalities.

Full role management and identity provisioning capabilities, workflows features, attestation, reporting and much more.

Identity Provisioning

User provisioning is made through connectors or agents. These agents act as a bridge between Soffid and all the repositories. These agents may act in both directions, either creating or modifying user accounts in managed repositories or creating identities or accounts found in existing repositories.

Soffid has a set of standard connectors that allow a very easy integration with most commonly used repositories, including LDAP directories, MS Active Directory, relational databases and most common operating systems.

Role management

From a technical perspective roles are grouped into repositories. However, Soffid also adds an organisational perspective, grouping roles into information systems. For any information system, the entitlement catalog is composed of a set of roles that grant access to the data in this specific information system regardless of the repository where these roles are saved. Users may be allowed to query or grant roles for selected information systems.

In a complimentary way, information system’s managers may define risk levels
associated to an entitlement or a group of them. For every entitlement, the risk level may be assigned to Low, Medium, High or Forbidden. For instance, if a group of entitlement is set to Forbidden, Soffid will prevent assignation of all this specific set entitlements to the same user.

Workflow creation and management

Soffid has been designed using the JBoss JBPM engine, which has been extended and improve with further functionality. Using this engine, Soffid allows administrators to define decision and work flows simply, securely and accurately. Some of its unique features are:

  • Graphical designer based on Eclipse, which enables ease of use without profound technical knowledge.
  • Events can be coded using compiled java or interpreted bean shell.
  • Run automatic and user tasks.
  • Run synchronous and asynchronous (scheduled) tasks.
  • Create multiple parallel execution threads in a single process.
  • Create multiple processes from a parent process.
  • Possibility of requiring electronic signature on manual tasks. Digital certificates can be stored on software, smart cards or HSM (Hardware security module) devices.
  • Integrated with document management systems.

Attestation in the context of identity and access management and governance implies having capabilities and tools to revise and confirm the current set of permissions  and authorisations.

Revision of permissions definition:

  • The application owner would validate/add/delete the permissions that are assigned to each business role.
  • Optionally, the responsible of Information Technology security would confirm the previous revision.

Revision of assigned permissions:

  • The head of each department would validate the set of permissions that have been assigned to each of the users in his/her department.
  • The responsible of each application would validate the set of permissions assigned to all users in such application.
  • Optionally, the responsible of Information Technology security would confirm the previous revision.
  • Such processes may be revised and monitored in real-time by the responsible the Information Technology security.

Soffid supports automatic report generation using the iReport designer standard. Data related to identities, authorizations, audit and many other Soffid data fields may be exported to spreadsheets for further analysis.

To generate automatic recurring reports, Soffid has a builtin report generation feature and delivery system that allows report scheduling. This is also configured through the Soffid web portal.

Identity and Access Management: Audit & Compliance

Enjoy state of the art identity and access management functionalities.

Full audit and compliance features at your fingertips, together with federation features, management of previleged accounts, fine tuning of permissions, and recertification processes.

Audit and compliance

Every action performed is recorded in Soffid database. This data may then be queried by Soffid console or third party tools.

Audit systems may be connected to external record management systems, or Security Information Event Management System (SIEM) to set up more complex analytics and alerting systems.

Soffid deliver three different levels of traceability:

  • Firstly, any actions performed on all Soffid objects (users, accounts, permissions, authorisations) is automatically registered in the internal Soffid database together with the actions performed and the associated object.
  • Secondly, any change or modification performed by Soffid on any managed system is also registered and correctly logged. Thus, all the actions performed by the synchronisation engine are easily identifiable.
  • Finally, all the actions performed during any workflow are also logged and persisted to the Soffid database.

Since all the data to be used for auditing purposes is persisted in the Soffid database, full reporting and analysis flexibility may be implemented via SQL or any other query language. In order to integrate SIEM (Security Information and Event Management) capabilities, Soffid activates the auditing register via activation of the SYSLOG protocol.


Federation allows integration with the most widely used cloud services without the need of sharing passwords with third party providers. It supports SAML federation as well as OpenID. Federation is easily implemented by having an Identity Federation addon installed on the administration tool.

Then, on the Identity provider side that the end user would access, a SAML or OpenID bridge are used to connect securely to the External Identity Providers.

Shared and privileged accounts

Soffid manages shared accounts that are used by more than one user simultaneously.

Each one of these accounts will have an access control list that specifies the identities that may use it. This access control list is formed by identities, business units or entitlements.

Of course, every shared account usage through the single sign on module is
conveniently audited.

XACML: Fine tuning of permissions

Define user management delegation easily:

  • Soffid allows selected users to create/modify user, accounts, groups, application roles, etc. based on its organization role, organizational unit or granted roles.
  • Separated permission schema restricts the scope of users, accounts, groups or roles that can be queried by any user.
  • XACML optional module available (eXtensible Access Control Markup Language to define attribute based control policy), thus permissions can be assigned based on location, time, device used or any other attribute.

Soffid manages the complete workflow to generate new certificates for certain applications and certain users completely integrated in the Soffid workflow engine.

A complicated process made simple and fully transparent to the end user.

Role mining

The role mining feature in Soffid applies data mining technology to create business profiles based upon current application permissions in order to minimise the number of roles to be managed and maintained. In this context, the tool allows the administrator to select different role management strategies, such as:

  • More roles with less permissions
  • Fewer roles with more permissions
  • Balanced approach

Then, the tool minimises a cost function that represents the effort of the
administration and maintenance of these accounts. It then suggests the type of roles that need to be used.

This functionality allows to minimise the number of roles that need to be live in a specific system, thus helping to reduce the amount of time and resources that need to be allocated to maintain such a system.