Blog

Read blogs from our team of ReconArtists. We post on trends and items of interest to our user community.

Enabling Enterprise-class Security in ReconArt

by Ivan Popov

Ivan Popov

As designers of a world-class enterprise system, ReconArt has always had significant focus on application security. We have purposefully integrated enterprise security best practices in the application to keep access and data secured, while simultaneously keeping configuration and management as simple as possible. To achieve this capability, our application implements several methods for application security which allow integration in most common security infrastructures. These capabilities are designed following best practices for password management which are often required to meet corporate and statutory security policy (often subject to audit).

Stand-alone Security

Standalone security method stores user logins and passwords in encrypted format within the ReconArt system. Administrators of ReconArt can configure enhanced password policy through parameters like password expiration, minimum password length, password complexity, number of unsuccessful logins, password history, password lockout, and number of password changes before a password can be reused. . If a user needs to be updated, disabled, or his password needs to be reset, the ReconArt administrator will act in the ReconArt application itself. Audit of accesses and permissions granted are also stored in ReconArt and can be retrieved for review.

Enterprise SecurityIntegrated and Enterprise Security

Even though standalone security provides a secure method of handling passwords and managing user access to the application, it has one drawback. Users need to set and keep yet another login and password to work with the system – another parallel user that is only logically tied to the unique individual. This is a drawback owing to manual coordination in each application and its inherent redundancy.

To address this problem, a single repository that centralizes identity management and related storage are available. This provides a single source of management and authorization for the software estate and serves as a major component for enterprise-level security. ReconArt provides alternatives that allow integration with such repositories, such as Microsoft Active Directory (AD) and cloud-based Identity and Access Management (IAM) solutions.

For in-house deployments that use Microsoft Windows infrastructure, ReconArt provides functionality for integration with the Active Directory (AD). In this case, users authenticate in ReconArt with their AD usernames and passwords. ReconArt will redirect the authentication to the AD and will let the user access ReconArt after receiving confirmation from the AD that the credentials were correct.

Additionally, Single Sign On is also available. In this case, after logging into Windows workstation and authenticating in the AD, users can login directly to ReconArt without undergoing a second login challenge. Password policy and management (reset passwords, user deactivation) is done by the administrators in the AD. The configured changes are replicated to ReconArt automatically. As noted, the benefit of such configuration is that Active Directory becomes the central point for management and auditing of the access for the users in the enterprise.

Security Integration with the Cloud

With the development of cloud-based platforms, hybrid configurations have become more common. They require a different approach to security to integrate the external cloud-based applications with in-house applications (and often Active Directory).

ReconArt makes accommodation for security integration in cloud-based and hybrid configurations (configurations where some of the systems are deployed in-house and others in the cloud). We implement connectors for ReconArt to work with leading cloud-based Identity and Access Management solutions (such as Okta). With such integration, users can login with their enterprise username and password and login to the any connected system automatically after being authenticated once. Again, password policy can be centrally managed by the administrator for all the applications in the enterprise (in-house or cloud-based) and adhere to a common policy which ReconArt will observe. Users can use password reset self-service functionality provided by the Identity and Access Management solution to manage their access. Of course, the new password will need to be compliant to the password policy that is enforced by the IAM solution.

Common Enterprise Security Integrations

ReconArt is agnostic regarding IAM solutions and supports any SAMLv2 compliant identity provider. Popular integrations that customers use include Okta, OneLogin and Shibboleth – all of which provide for the functionality described in this article.

Referred solutions *:

  • Shibboleth : https://shibboleth.net/
    Shibboleth is among the world’s most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.
  • Okta : https://www.okta.com/
    Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud connects and protects employees of many of the world’s largest enterprises. It also securely connects enterprises to their partners, suppliers and customers. With deep integrations to over 5,000 apps, the Okta Identity Cloud enables simple and secure access from any device.
  • OneLogin : https://www.onelogin.com/
    OneLogin is a cloud-based Identity and Access Management (IAM) provider for the modern enterprise, with an industry-leading SSO and identity-management solution. Over 2,000 enterprise customers trust OneLogin to secure and manage identities in cloud, legacy and hybrid environments.

* Information about Shibboleth, Okta and OneLogin as provided on their websites and Linkedin pages.

The ReconArt Security Advantage

Integrating ReconArt with an Identity and Access Management solution provides the following benefits:

  • Improved security – Control security for ReconArt as part of the cloud-based solution infrastructure and manage security from a central point. Use Multifactor authentication for enhanced security and access control.
  • Security Policy Enforcement – ReconArt access will be compliant with the security policy of the company and managed by the central repository (either the AD or IAM solution)
  • Compliance Tracking/Auditing – All access management and access reporting are centralized in a single application
  • Easy Integration – Does not require complex configuration. Usually ReconArt can be integrated with any of the supported IAM solutions in less than an hour using configuration parameters solely
  • Affordable – ReconArt believes enterprise class security should be provided to everybody who is using our system. For this reason, we deliver integrations with Identity and Access Management solutions at no extra cost. They are included as part of your ReconArt license and do not require any extra licensing, upgrades or additional payment. Just configure it and use it!
Tags/Topics in this article: Compliance

Share this post


Trends for Travel & Hospitality

by Geri Davies

Geri Davies
The travel industry is one of today’s most exciting and rapidly growing business sectors. Web-based companies like Expedia, Booking.com and Hotels.com have made booking and buying travel easier than ever before. For travel companies, 2016 was an exciting year with dynamic changes, aggressive growth, and continuous success. To put it simply, travel is on the rise globally. ...
Tags/Topics in this article: Travel & Leisure

Share this post


The Benefits of Automating Employee Expense Reconciliation

by Denitsa Krachunova

Denitsa Krachunova
Employee expense management is better than ever, but full control over the process requires reconciliation, too. Employee expenses, or the costs related with tasks performed by an employee for an employer, are nothing new in the business world. These common expenses are employee-generated transactions associated with business travel, accommodation and meals,...
Tags/Topics in this article:

Share this post


How to Own Self-Sufficient Reconciliation Processes For Your Business

by Jeremy Shanahan

Jeremy Shanahan
Self-sufficiency, the ability to supply one’s own needs without external assistance, is essential for any business team which strives to maintain control of its operations, without being overly dependent on external parties. This is especially true for businesses that have to process a large volume of transactions from multiple internal and external accounts....
Tags/Topics in this article: Customer Trends, Operational Efficiencies

Share this post


It’s not too late to automate

by Nicolo Nisbett

Nicolo Nisbett
It’s been a great and beautiful year so far here at ReconArt. This has even been true of the weather. As a native Englishman I naturally think and speak often (often meaning daily) about the weather. So I have felt blessed to be able to walk the two miles each morning in just shirtsleeves to our corporate office just outside of Washington DC. That was until this week. For the...
Tags/Topics in this article:

Share this post


The Struggles with Credit Card Recs Solved

by Geri Davies

Geri Davies
These days it seems like we are receiving more and more requests to help with the automation and streamlining of credit card reconciliation. As a platform historically rooted in principles such as the ability to handle large data volumes, various and complex data sources, and mu...
Tags/Topics in this article: Reconciliation Solution

Share this post


Fastest Growers Leverage SaaS

by Jeremy Shanahan

Jeremy Shanahan
Although it has been touted for many years as a pending revolution in how IT and business services are delivered, only recently has “the cloud” been embraced broadly as part of business strategy. Initially, adoption of Software-as-a-Service (SaaS) was focused on front office functions such as sales, marketing, and customer service (e.g. SalesForce CRM and Zendesk). The adop...
Tags/Topics in this article: Customer Trends

Share this post


Challenges of Reconciliation for Payments Businesses

by Jeremy Shanahan

Jeremy Shanahan
We are all familiar with reconciling outgoing payments against our bank accounts. That is simple enough. For the most part these are expenses. You know who is to be paid and you know why the payment is due. Slightly more challenging is reconciling incoming payments against a bank a...
Tags/Topics in this article: Financial Services

Share this post