Solution

This topic contains details about the main security aspects in SoftExpert Suite access to the persistence layer and used services.

Database

SoftExpert Suite connects to the database by using basic authentication, through user name and password. The database connection configurations are stored in encrypted configuration files by using the SoftExpert Suite encryption algorithm.

E-mail

To send e-mail notifications, SoftExpert Suite is parameterized to connect to the e-mail server using basic authentication through user name and password, or OAuth authentication, through Microsoft or Google accounts. These data are stored in the database by means of the SoftExpert Suite encryption algorithm.

LDAP

To perform the LDAP service connection, either for authenticating or synchronizing the users data, SoftExpert Suite uses a valid AD user, entered in its parameterization. If using the LDAP synchronization and authentication functionality, make sure the rules to access the services in the company domain server are created in the firewall. The ports commonly used to make the connection with these services are listed below:

▪389/TCP

NTLMv2

To perform the user authentication with the SoftExpert Suite using the NTLMV2 protocol, you must ensure that the rules for accessing the company domain server services are created in the firewall. The ports commonly used to make the connection with these services are listed below:

▪445 TCP

▪445 UDP

SAML

To perform the user authentication with the SoftExpert Suite using the SAML protocol, you must ensure that the rules for accessing the company domain server services are created in the firewall. The ports commonly used to make the connection with these services are listed below: