Why a User Access Control Policy is crucial for your organization

Why a User Access Control Policy is crucial for your organization

Organisations spend a lot of time and effort protecting their networks from external attacks. However, it is insider threats that are viewed as one of the biggest risks to corporate data according to IT decision makers surveyed in the Cyber-Ark 2012 Trust, Security & Passwords report.

To efficiently mitigate insider threats and reduce the attack surface of an Information System, a network must be set on a ‘need-to-know’ and ‘need-to-use’ basis.

In real terms, this means that IT departments must ensure that each user in their organisation can only log in according to the pre-authorisation that has been granted. Unfortunately, this is usually not the case.

Complete article by techradar

Soffid IAM and the Gamification of Identity Governance process

Soffid IAM and the Gamification of Identity Governance process

Recently we have participated together with our partner IXTEL, in a really interesting webinar about Identity Governance.

From Soffid IAM, our CTO Mr Gabriel Buades explained how the Access Certification mitigates access risks, and reduces review-times as well as review-costs substantially by using risk-level driven recertifications. It enables you to act immediately to correct inconsistent or unauthorized permissions to prevent unwarranted access. These changes will be enacted in real-time with your IAM provisioning solution on the source systems.

Soffid manages the whole process to generate new certificates for specific applications and users and integrates perfectly into the Soffid workflow engine and allows the simplification of a complicated process to maximize the productivity of the company without compromising security.

Now companies are able to enforce the need to comply with the recertification campaign and within the defined time frame, thereby minimizing any risk of unauthorized access.

Release 2.8.2 includes Session Recording and Keystrokes

Release 2.8.2 includes Session Recording and Keystrokes

New Soffid version is available for the end users at http://www.soffid.com/download/

New features:

Session Recording and Keystrokes for Privileged users.

– Improved NL translation
– Mail password is now automatically encrypted on first use
– Fixed wrong textbox look and feel in some workflows
– Export tool now exports checkboxes
– Provent password validation infinite-loop
– Fix JNDI lookup problem in workflow engine configuration page
– Add remote IP in syslog messages
– Allow wildcards in trusted IPs
– Fix bug in multi-select lists
– Backport 2.7 patches



Cerrejón’s aim is incorporating an identity management system to accomplish audit and legal compliance.

They need to protect access to the Active Directory so that no one can connect to give permissions.

With Soffid, the user follows the procedure that has been designed and this is audited within the tool, so that, at all times, it is known who, what, when and to whom the permissions have been granted.

Many applications have been integrated in the system of this company. Being a natural resource of the governmet, they were interested in having all the information audited and with our software they can demonstrate that everything is safe and controlled.

The access control mechanisms of SAP Pay Role and SAP Employee Central, Workforce, are being strengthened to control what the supervisor can do with respect to their employees, such as payroll validation, time control….

What is Authentication?

What is Authentication?

Authentication is basically the problem of taking a real world person who’s sitting in front of a computer and working at who they are, in other words, working at, which particular piece of information that we’ve got in our identity store, relates to that person, so we’ve got to tie these two things together.

In the world of identity, you would probably have some kind of login page, and these applications would send the user to this login page where they authenticate or type in some information that only they know, most of us have used a username and password or something like that to authenticate ourselves, the identity system takes this information and does some magic make sure that it is indeed you and can now tell each one of these applications that user has logged in.

The application is just saying, tell me who this is and so I don’t need to build blogging pages for every single app and all of the applications can take that same log in.

How to authenticate in different ways?

There’s a lot of complexity because everybody wants to determine who the user is in a different way.

We’ve all used banking applications where you’ve got a username and password and some magic pin or there’s other applications where you have to use some kind of secret token that gets emailed to you, so each one of these are different ways of determining who the user is.

Could be the user authentication is based on sorts of different things.

What that means is that behind this it’s not just one single authentication, we want to have the possibility to use a whole range of different kinds of authentication, or, different authentication modules. It is important that the identity system be able to support those different levels, in fact, to be customized, because each customer may want to do additional things when they authenticate a user.

Well I think that gives a good introduction about what authentication is.