User access

For the users on the workstations to have access to SoftExpert Suite, they need to be authenticated. For that, SoftExpert Suite makes available the following authentication methods:

▪User and password: Passwords and users are stored in the database using encryption through a SoftExpert Suite algorithm added to the SHA-1 algorithm. The algorithm used does not allow decryption, thus increasing the solution security.

▪NTLMv2: Authenticates users in the SoftExpert Suite using the NTLMV2 protocol connecting to the AD (Microsoft Active Directory).

▪LDAP: Authenticates users in the SoftExpert Suite using the LDAP protocol connecting to the AD.

▪SAML 2.0 (ADFS): Authenticates users in the SoftExpert Suite, with the user and password provided to the operating system, using the SAML protocol connected to the ADFS (Microsoft Active Directory Federation Service).

To increase security, SoftExpert Suite allows some security policies to be configured in the SoftExpert Configuration component. For example:

▪Expire password: requires that the password is changed by the user;

▪User blocking according to the number of attempts;

▪Sending of e-mail to the manager when a user is blocked for exceeding the number of attempts;

▪Strength control: requirement of a minimum or complexity size (presence of letters, numbers, symbols, and uppercases/lowercases) in passwords.

All requests are performed through the HTTPS protocol, which needs a logged and open section in the server to send an answer to the user. The session expiration time may be configured.

Access control

After the user logs in, SoftExpert Suite allows, through the access rights associated with each menu item, managing the access control of each resource individually through access right policies.