...
| Table of Contents |
|---|
Application Access Control
Access to the application is controlled using various security settings based on users, roles and groups. To find out more about application-level security, please refer to users manual: Security
The application server is capable of handling user authentication internally, but can also use federated authentication services based on SAML, for example, corporate ADFS or Azure based SSO.
...
Information for customers willing to use internal user database:
User password is stored in hashed "salted" form
The password is required to be passed over a secured connection
System provides brute force
password crack prevention (the account is locked for 60 seconds after three failed attempts)detection capabilities and can temporarily disable a user account if the number of login failures exceeds a specified threshold.
Multi factor authentication (using e.g. authentication app) can be enabled for all users.
External user management
When external (federated) user management is used, the password is never passed to application server.
...
Metrics being monitored include:
application availability in general
application server load (CPU load, number of processes, response time)
storage system (free space, load, availability)
database servers
network status
all other services used by the application server
System Log Management
Application server environment is using a log management system that gathers, filters and manages logs from application servers and other components of the system.
...
Application Server Security Patching
Security updates installed once a week, if a critical security update is released it is installed as soon as possible
Updates are installed and tested in a staging environment before installing to production servers