RapidIdentity Product Guide

Security Considerations

Upon initial configuration and deployment, Identity Automation includes a self-signed certificate to provide secure network communication to ensure secure connections.

To maximize security, Identity Automation recommends the following measures:

  1. Obtain and install host-specific or wildcard certificates from a third-party Certificate Authority

  2. User-facing URLs should use port 443 for HTTPS

  3. Excluding Portal and Federation, port 443 should be restricted to local server subnets and internal networks where admin users reside

  4. To ensure effective integration, allow Portal outbound HTTPS to connect to Connect inbound HTTPS, and vice versa

  5. Restrict Connect and Folders servers, and databases to admin users only

Beyond these measures, Identity Automation performs regular security penetration testing to ensure product integrity and configuration prior to release. This testing includes OWASP Top 10, cross-site scripting, SQL injection, and shell vulnerabilities amongst others.

As vulnerability concerns arise, a workflow involving product engineering and quality assurance begins. Once validated and remedied, necessary information is communicated through the online forums.