![]() Maximum Server Session Duration – Forces reauthentication periodically according to a specified timeframe. ![]() Requires re-authentication to resume access. Inactive Session Timeout – Timeout period after last server request.User Inactivity Timeout – Closes all windows and logs user out after specified amount of time. Privileges such as exporting materials can be disabled. The role-based permissions in Diligent Boards support both standardized roles and granular permissions per user. ![]() This process applies to both direct and federated identity authentication to the application.ĭiligent Boards employs a role-based access control (RBAC) model. Device level authorization controls are also available, please contact Diligent CSM for details.Īuthorization in the Diligent platform is by determined the client and set by our customer success teams. By restricting access to specific devices, customer organizations can prevent access from unknown and untrusted devices providing additional control of access rights and access locations. This feature associates a user with a specific device via a certificate installed on the device, and restricts the user’s access to Diligent Boards from that specific device. This certificate is implemented via the Device Authorization feature.ĭevice Authorization provides a 2FA solution that is compatible with the offline functionality offered by the Boards mobile applications. When accessing the web client, the user will require an SMS code, while accessing the mobile apps will require a certificate to be installed on the device. The second factor is dependent on the application’s platform. Identity and Access Management: Multifactor Authentication (MFA)īoards users can be configured to require MFA for authentication. ![]() Customer can leverage federated integration to support their own SSO (single sign on) or other strong authentication methods such as adaptive or 2FA authentications based on customer’s internal security policy. This allows customers to sign into Boards with their own identity provider, as long as it uses a supported protocol.Ĭurrently ADFS, Azure AD, and Okta are supported via SAML 2.0. The Diligent Boards Web App and iOS App support login using client identity providers. Identity and Access Management: SSO / Federated Identity Username and password are required by default and the password policy is configurable by the customer.Īfter a set number of incorrect login attempts, user accounts are locked out of the system. Identity and Access Management: AuthenticationĪuthentication is performed by an authentication service that stores the passwords in hashed form only. This is in addition to any encryption provided by the device’s OS. This encrypts the data with AES encryption. Secrets are managed using industry-standard HSM devices.Īny data downloaded to a user’s device is encrypted by the app using an offline data protection key. The master encryption key is never stored in plain text and use of the customer master key to decrypt data protection keys is restricted to a Key Management Service (KMS) using a FIPS 140-2 元 Hardware Security Module. Data protection keys are managed on a per-customer basis at a minimum, with a two-key system and document-level encryption. Public Key Infrastructure (PKI) utilizes 2048-bit RSA Public/ Private key pairs and SHA-2 for hashing.Įncryption at rest is achieved using AES utilizing Cipher Block Chaining (CBC) with a key length of 256 bits and a random initialization vector (IV). Encryption in transit is achieved via the industry- standard TLS (Transport Layer Security) 1.2 protocol. We provide strong encryption of all data in transit andat rest. In addition to the physical security and infrastructure, we also have a robust information security environment to ensure that the confidentiality, integrity, and availability of customer data meets our high standards and our customers’ high expectations. Our customers have ownership of their user access controls and manage their entire data lifecycle from deciding what data goes into the system, how long it should be retained, what data should be deleted, and whom can access the data.ĭiligent is responsible for the physical facility as well as the physical infrastructure of server hardware, networking, and related services for the service and hosting customer data. Board materials, voting and resolutions, evaluations, collaboration tools, document sharing, committee intelligence, candidate search, entity management – all these tools and features work together to enable seamless management and reporting.Ĭustomers share the responsibility of not only keeping their data secure, but also complying with applicable regulatory or privacy laws. Modern governance solutions bring together historically disparate tools into one secure product suite. Diligent Boards is part of a suite of tools that can be used to form a Modern Governance strategy.
0 Comments
Leave a Reply. |