Authentication: Form-based authentication using IT-Conductor stored password hashes
- Prompt Captcha validation after a Number of Unsuccessful login attempts
- Lock user account after a Number of Unsuccessful login attempts, requiring password reset
- Self–service password reset via validation e-mail
- E-mails are not modifiable by the end-users
User Identity: Maintain in the Application server memory for the duration of the session (Java). Initial registration and password reset employ validation e-mails sent to the end-user.
Role Based Access Control:
- Each tenant user can only access data in its tenant.
- Each user is assigned a role
- Each role has to be granted access to objects based on Object Class, Type of operation, Object Values. Type of operation is one of many defined operations like read, update, create, etc. - over 20 at this time allowing for a granular control over available functionality.
Tennant users granted “Tennant Administrator” role can grant access to tenant data to other uses by creating/granting roles