We use role-based security to control what each user has access to in accordance with current best practices. The system defines over 20 standard roles covering all of the standard functions that you might need. Users can be linked to many roles that can flex and change for specific needs.
We offer the option to necessitate four-eyes approval (requiring a second user’s authorization) to apply any changes to the system. These precautions can be activated by table or across the entire system. The ability to approve changes can be excluded from a role.
Single Sign-on (SSO) is an access control that lets you access our system without logging in through your own central corporate authentication system. Our application provides two different SSO authentication modes:
- LDAP allows for a SSO through the active directory. The application must be installed at the client as part of the active directory.
- SAML 2.0 allows for a remote SSO over the internet through an SAML-compliant Identity provider. This can be installed either at the client-level or in our own hosting servers. SAML is an XML based protocol standard for authentication and authorization between secure domains.
The benefits of SSO are:
- Ease of Use. No need to log into our application, putting another password to remember on your plate.
- Security. Access is centrally controlled outside of the application – only users defined in the group authentication system can access the system. Additionally, when a user leaves the company, they will be removed from the central authentication system as a matter of procedure, and access to any corporate application automatically revoked. Consider this: how many former users still have access to your current netting system?
Secure File Transfer
We can deliver files via the SFTP (SSH File Transfer) protocol, which offers:
- Encrypted file contents.
- Verification that files are delivered to the specified destinations
- Checks to determine whether or not a file has been altered during transmission (even encrypted files can be altered, making them unreadable when decrypted). The SFTP protocol can be used for any file delivery, but it’s typically used for bank payments.
We log all major events in the system, storing them in an encrypted SQL database table. Any change to any data by any users is logged; login and logout is logged; change of rates, modification of data, close period etc. are all logged. Stored data includes when the event occurred, who made the change, and which fields were changed from what to what. Users (with the appropriate roles) have access to the audit log, and the user interface enables searching and filtering so that they can find the events in question. Audit details are stored in perpetuity.
Two Factor Authentication (2FA)
Two-factor authentication adds another layer of security to the sign-on process by using an authentication app (such as Google or Microsoft Authenticator) to create a second step to sign in. Once we’ve enabled the function on your database, users will receive a QR code the first time they sign in. From then on, the application will require a key generated by the authenticator app whenever the user signs in.