SECURITY WHITEPAPER
SECURITY WHITEPAPER
Identity and Access Control
PRODUCT USER MANAGEMENT
The Y Soft products allow for granular authorization rules . Customers are empowered to create and manage users of their portals and assign the privileges that are appropriate for their accounts and limit access to their data features .
For more information about user roles , please see the Y Soft SafeQ Cloud documentation .
PRODUCT LOGIN PROTECTIONS
The Y Soft products allow users to login to their YSoft SAFEQ Cloud accounts using built-in login or Single Sign On ( SSO ). The built-in login enforces a uniform password policy which requires a minimum of 6 characters and a combination of lower- and upper-case letters , special characters , whitespace , and numbers . People who use Y Soft ’ s built-in login cannot decrease the default password length and have the ability to enforce more secure password policies if required .
More advanced SAML-based SSO integrated with any SAML-based IDP is available .
Customers who use an SSO provider can set up SSO-based login for their users . Instructions for setting up SSO are available in the YSoft SAFEQ Cloud documentation and Y Soft Academy . Single Sign On users can configure a password policy in their SSO provider .
PRODUCT API AUTHORIZATION
Application programming interface ( API ) access is enabled through either API keys or Oauth ( version 2 ) authorization . Customers can generate API keys for their portals . The keys are intended to be used to rapidly prototype custom integrations . Y Soft ’ s Oauth implementation is a stronger approach to authenticating and authorizing API requests . Additionally , Oauth is required of all featured integrations . Authorization for Oauth enabled requests is established through defined scopes .
PRODUCTION INFRASTRUCTURE ACCESS
Access to Y Soft ’ s systems is strictly controlled and follows the principle of least privilege . Y Soft employees are granted access using a role-based access control ( RBAC ) model .
Day to day access is minimized to only the individuals whose jobs require it . For emergency access ( e . g ., alerts responses / troubleshooting ) and access to administrative functions , Y Soft ’ s system uses a Just-In-Time-Access ( JITA ) model in which users can request access to privileged functions for a limited duration . Each JITA request is logged , and logs are continuously monitored for anomalous requests . After the configured session limit , access to the account expires and is automatically revoked .
Employee access to both corporate and production resources is subject to daily automated review and at least semi-annual manual recertification .
YSoft SAFEQ Cloud - 23 - YSOFT . COM