This article provides information about Tivian Access, a module designed to increase the security of Tivian applications. It covers the main scenarios for implementation, identity providers and protocols, architectural overview, and frequently asked questions.
Increase the security of your TIVIAN applications
To increase the security of your TIVIAN applications – after the implementation of the Privacy Assistant (GDPR) – the new TIVIAN Access module has been implemented. By the use of this module, which can be integrated into your existing SSO infrastructure, bad password habits will be mitigated.
Three Main Scenarios
Multi Factor Authentication
Partner Setup
You want to add an extra layer of security to my EFS login by using a second authentication factor.
You want to access all my EFS installations & modules that I manage for my clients using one set of login credentials.
Federated Login
You want all users to access EFS (admin, portals, report manager) by using our existing corporate sign in that we are using for all 3rd party products. The integration with an existing SSO software or service is based on the supported protocols OIDC Federation or SAML Federation.
→ Read more about OIDC Federation
→ Read more about SAML Federation
Please note that scenario C can be configured with or without a connection to an existing identity provider. A second authentication factor can be enforced here as well.
Identity Providers and Protocols
Read more about the pre-requisites for a successful connection to an existing IAM/SSO via SAML 2.0 or OpenID connect.
Architectural Overview
Read more about the various components that have been integrated into the TIVIAN Access architecture.
FAQ
What is an Identity Provider?
An Identity Provider is a service used to handle authentication for other services. It is commonly used to achieve Single-Sign-On (SSO) across multiple applications. Examples include Okta, Auth0, and social identity providers like Facebook, Twitter, and Google.
How do we integrate with Identity Providers?
We integrate with customer’s Identity Providers using standardized protocols such as SAML 2.0 or OpenID Connect. The integration is done through our Identity Provider, which acts as an application from the customer’s perspective.
Which Identity Providers are supported?
We support Identity Providers that support authentication via SAML 2.0 or OpenID Connect protocols. They must be publicly available (not in a private network). Each Identity Provider needs to be tested to ensure compatibility.
How long does it take to set up an Identity Provider?
The setup time varies depending on the case. If all information is provided, it can take only a few minutes. If information is missing or the integration is not working as expected, some iterations may be needed.
Can I set up multiple Identity Providers for a client at the same time?
Yes, multiple Identity Providers can be configured in Okta. The identity provider where the user has to authenticate is chosen based on the email address (domain) the user provided.