Enterprise and Web Single Sign On Solution
Access to corporate and web applications needs to be secure, but it needs to be simple, fast and precise.
And this is exactlly what our Single Sing On solution provides.
Unlock all your companies potential and productivity by enjoying full single sign on experience.
Full identity and access management solution
Fully integrated software suite that provides Role Management, Identity Provisioning, Business Workflows, Attestation, Reporting, Audit & Compliance, Federation, Priviledged Accounts management, and much more.
Because we believe that complete identity and access management solutions do not need to ask for tradeoffs between performance and cost, Soffid provides maximum performance at the lower cost in the market.
Reduce IT costs while increasing security.
Is a fully managed enterprise single sign on solution that improves the security of IT assets while reducing the operational costs produced by lost passwords, authentication delays and change of management.
It enables full single sign on experience without the need of modifying applications. It is fully supported on Windows and Linux.
Is a versatile web single sign on that automates web authentication and provides a central point to deploy enterprise web applications.
The XACML module allows fine grained access control to even legacy web applications.
Is a functionality that ensures that all authoritative sources are always in full synchronisation. This functionality in ensured by the Soffid backend engine and is completely transparent to the end user.
Powerful simplicity at stake. Directory provisioning, manual directory reconciliation, bidirectional password synchronisation and high availablity architecture are always assured when using Soffid.
Is a unique and versatile web interface where the end user would query or change account passwords, manage business processes, manage their own profile, or launch applications.
Everything from a single entry point, because productivity is enhanced only if you design the product to be simple and user friendly. And we have done it.
Enjoy identity and access management features to enhance security and business functionalities.
Full role management and identity provisioning capabilities, workflows features, attestation, reporting and much more.
User provisioning is made through connectors or agents. These agents act as a bridge between Soffid and all the repositories. These agents may act in both directions, either creating or modifying user accounts in managed repositories or creating identities or accounts found in existing repositories.
Soffid has a set of standard connectors that allow a very easy integration with most commonly used repositories, including LDAP directories, MS Active Directory, relational databases and most common operating systems.
From a technical perspective roles are grouped into repositories. However, Soffid also adds an organisational perspective, grouping roles into information systems. For any information system, the entitlement catalog is composed of a set of roles that grant access to the data in this specific information system regardless of the repository where these roles are saved. Users may be allowed to query or grant roles for selected information systems.
In a complimentary way, information system’s managers may define risk levels
associated to an entitlement or a group of them. For every entitlement, the risk level may be assigned to Low, Medium, High or Forbidden. For instance, if a group of entitlement is set to Forbidden, Soffid will prevent assignation of all this specific set entitlements to the same user.
Soffid has been designed using the JBoss JBPM engine, which has been extended and improve with further functionality. Using this engine, Soffid allows administrators to define decision and work flows simply, securely and accurately. Some of its unique features are:
Attestation in the context of identity and access management and governance implies having capabilities and tools to revise and confirm the current set of permissions and authorisations.
Revision of permissions definition:
Revision of assigned permissions:
Soffid supports automatic report generation using the iReport designer standard. Data related to identities, authorizations, audit and many other Soffid data fields may be exported to spreadsheets for further analysis.
To generate automatic recurring reports, Soffid has a builtin report generation feature and delivery system that allows report scheduling. This is also configured through the Soffid web portal.
Enjoy state of the art identity and access management functionalities.
Full audit and compliance features at your fingertips, together with federation features, management of previleged accounts, fine tuning of permissions, and recertification processes.
Every action performed is recorded in Soffid database. This data may then be queried by Soffid console or third party tools.
Audit systems may be connected to external record management systems, or Security Information Event Management System (SIEM) to set up more complex analytics and alerting systems.
Soffid deliver three different levels of traceability:
Since all the data to be used for auditing purposes is persisted in the Soffid database, full reporting and analysis flexibility may be implemented via SQL or any other query language. In order to integrate SIEM (Security Information and Event Management) capabilities, Soffid activates the auditing register via activation of the SYSLOG protocol.
Federation allows integration with the most widely used cloud services without the need of sharing passwords with third party providers. It supports SAML federation as well as OpenID. Federation is easily implemented by having an Identity Federation addon installed on the administration tool.
Then, on the Identity provider side that the end user would access, a SAML or OpenID bridge are used to connect securely to the External Identity Providers.
Soffid manages shared accounts that are used by more than one user simultaneously.
Each one of these accounts will have an access control list that specifies the identities that may use it. This access control list is formed by identities, business units or entitlements.
Of course, every shared account usage through the single sign on module is
conveniently audited.
Define user management delegation easily:
Soffid manages the complete workflow to generate new certificates for certain applications and certain users completely integrated in the Soffid workflow engine.
A complicated process made simple and fully transparent to the end user.
The role mining feature in Soffid applies data mining technology to create business profiles based upon current application permissions in order to minimise the number of roles to be managed and maintained. In this context, the tool allows the administrator to select different role management strategies, such as:
Then, the tool minimises a cost function that represents the effort of the
administration and maintenance of these accounts. It then suggests the type of roles that need to be used.
This functionality allows to minimise the number of roles that need to be live in a specific system, thus helping to reduce the amount of time and resources that need to be allocated to maintain such a system.