Enabling Enterprise-class Security in ReconArt
As designers of a world-class enterprise system, ReconArt has always had significant focus on application security. We have purposefully integrated enterprise security best practices in the application to keep access and data secured, while simultaneously keeping configuration and management as simple as possible. To achieve this capability, our application implements several methods for application security which allow integration in most common security infrastructures. These capabilities are designed following best practices for password management which are often required to meet corporate and statutory security policy (often subject to audit).
Standalone security method stores user logins and passwords in encrypted format within the ReconArt system. Administrators of ReconArt can configure enhanced password policy through parameters like password expiration, minimum password length, password complexity, number of unsuccessful logins, password history, password lockout, and number of password changes before a password can be reused. . If a user needs to be updated, disabled, or his password needs to be reset, the ReconArt administrator will act in the ReconArt application itself. Audit of accesses and permissions granted are also stored in ReconArt and can be retrieved for review.
Even though standalone security provides a secure method of handling passwords and managing user access to the application, it has one drawback. Users need to set and keep yet another login and password to work with the system – another parallel user that is only logically tied to the unique individual. This is a drawback owing to manual coordination in each application and its inherent redundancy.
To address this problem, a single repository that centralizes identity management and related storage are available. This provides a single source of management and authorization for the software estate and serves as a major component for enterprise-level security. ReconArt provides alternatives that allow integration with such repositories, such as Microsoft Active Directory (AD) and cloud-based Identity and Access Management (IAM) solutions.
For in-house deployments that use Microsoft Windows infrastructure, ReconArt provides functionality for integration with the Active Directory (AD). In this case, users authenticate in ReconArt with their AD usernames and passwords. ReconArt will redirect the authentication to the AD and will let the user access ReconArt after receiving confirmation from the AD that the credentials were correct.
Additionally, Single Sign On is also available. In this case, after logging into Windows workstation and authenticating in the AD, users can login directly to ReconArt without undergoing a second login challenge. Password policy and management (reset passwords, user deactivation) is done by the administrators in the AD. The configured changes are replicated to ReconArt automatically. As noted, the benefit of such configuration is that Active Directory becomes the central point for management and auditing of the access for the users in the enterprise.
Security Integration with the Cloud
With the development of cloud-based platforms, hybrid configurations have become more common. They require a different approach to security to integrate the external cloud-based applications with in-house applications (and often Active Directory).
ReconArt makes accommodation for security integration in cloud-based and hybrid configurations (configurations where some of the systems are deployed in-house and others in the cloud). We implement connectors for ReconArt to work with leading cloud-based Identity and Access Management solutions (such as Okta). With such integration, users can login with their enterprise username and password and login to the any connected system automatically after being authenticated once. Again, password policy can be centrally managed by the administrator for all the applications in the enterprise (in-house or cloud-based) and adhere to a common policy which ReconArt will observe. Users can use password reset self-service functionality provided by the Identity and Access Management solution to manage their access. Of course, the new password will need to be compliant to the password policy that is enforced by the IAM solution.
Common Enterprise Security Integrations
ReconArt is agnostic regarding IAM solutions and supports any SAMLv2 compliant identity provider. Popular integrations that customers use include Okta, OneLogin and Shibboleth – all of which provide for the functionality described in this article.
Referenced solutions *:
- Shibboleth : https://shibboleth.net/
Shibboleth is among the world’s most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.
- Okta : https://www.okta.com/
Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud connects and protects employees of many of the world’s largest enterprises. It also securely connects enterprises to their partners, suppliers and customers. With deep integrations to over 5,000 apps, the Okta Identity Cloud enables simple and secure access from any device.
- OneLogin : https://www.onelogin.com/
OneLogin is a cloud-based Identity and Access Management (IAM) provider for the modern enterprise, with an industry-leading SSO and identity-management solution. Over 2,000 enterprise customers trust OneLogin to secure and manage identities in cloud, legacy and hybrid environments.
* Information about Shibboleth, Okta and OneLogin as provided on their websites and Linkedin pages.
The ReconArt Security Advantage
Integrating ReconArt with an Identity and Access Management solution provides the following benefits:
- Improved security – Control security for ReconArt as part of the cloud-based solution infrastructure and manage security from a central point. Use Multifactor authentication for enhanced security and access control.
- Security Policy Enforcement – ReconArt access will be compliant with the security policy of the company and managed by the central repository (either the AD or IAM solution)
- Compliance Tracking/Auditing – All access management and access reporting are centralized in a single application
- Easy Integration – Does not require complex configuration. Usually ReconArt can be integrated with any of the supported IAM solutions in less than an hour using configuration parameters solely
- Affordable – ReconArt believes enterprise class security should be provided to everybody who is using our system. For this reason, we deliver integrations with Identity and Access Management solutions at no extra cost. They are included as part of your ReconArt license and do not require any extra licensing, upgrades or additional payment. Just configure it and use it!