Security Considerations
Upon initial configuration and deployment, Identity Automation includes a self-signed certificate to provide secure network communication to ensure secure connections.
To maximize security, Identity Automation recommends the following measures:
Obtain and install host-specific or wildcard certificates from a third-party Certificate Authority
User-facing URLs should use port 443 for HTTPS
Excluding Portal and Federation, port 443 should be restricted to local server subnets and internal networks where admin users reside
To ensure effective integration, allow Portal outbound HTTPS to connect to Connect inbound HTTPS, and vice versa
Restrict Connect and Folders servers, and databases to admin users only
Beyond these measures, Identity Automation performs regular security penetration testing to ensure product integrity and configuration prior to release. This testing includes OWASP Top 10, cross-site scripting, SQL injection, and shell vulnerabilities amongst others.
As vulnerability concerns arise, a workflow involving product engineering and quality assurance begins. Once validated and remedied, necessary information is communicated through the online forums.