This page details user authentication and access within Behavioral Engagement PlatformTM.
Table of Contents
What is Identity and Access Management
At Symend, securing your data is our top priority. Across cloud services, attacks on user credentials sit at the top of the threat landscape. Symend’s Identity and Access Management help mitigate all attacks on user credentials by enforcing authentication and authorization controls. Let’s examine those controls so you understand our security model.
Who Uses User Authentication at Symend
Authentication is the process of verifying the identity of the user logging into the Symend application. To minimize attacks on user credentials, Symend enforces Multi-Factor Authentication (MFA) in addition to traditional password-based authentication.
The combination of a complex password and MFA ensures that Symend secures our authentication process. Our MFA model utilizes our partnership with Microsoft and their Authenticator tool to ensure only your people are accessing your data.
You can learn more about inviting your team members into the application by checking out our Get Started: Users, Roles, and Permissions article.
Why Use a complex password
We recommend that you take these steps to ensure your password is secure and protected from a brute-force attack:
Make passwords long. This is the best way to keep it secure. At least 15 characters are best.
Use a mix of characters: upper-case and lower-case, numbers, and symbols.
Avoid common substitutions. For example, avoid using and changing a word like DOORBELL to D00R8377 (known as leetspeak). Random character placement is more effective.
Don’t use easy letters close together on your keyboard which is easy to guess (for example, avoid “Qwerty”). Instead, use a longer phrase like “MyDog45isA%nice%” which mixes all the best practices, and you can easily remember.
Managed Single-Sign-On (SSO)
You can integrate Symend authentication with your identity provider to manage users and credentials centrally. You must create a support request to configure SSO for the Symend Application, which will be done in conjunction with your Client Delivery Representative.
User Authorization
Authorization is the process of validating if the authenticated user has permission to access a component of the Symend application.
Symend minimizes unauthorized user access by using role-based access control, which enforces a separation of duties. Each user persona in the platform has a distinct role, such as playbook designer, segment designer, org system admin, org security admin, etc.
You can learn more by checking out our User Management article.
Understanding the Access Model
Users are created and managed by you and your people at the client level, while all the authorization (roles) are managed by Symend administrators at the organization level.
You can learn more by checking out our Access Model Structure document. This model helps to simplify the access granted to users, in addition to enforcing the separation of duties.
To give you more context, let’s consider the following scenario using an example with the fictional client “NeutralComp.”
NOTE: All roles are bound to the context of an organization (NeutralComp). |
Trust-but-Verify with Audit Trail
The Symend Platform tracks all user authentication actions by our clients. You can provide you with the log of user authentication on request by your organization. You simply created a support request with the desired time period and we’ll get you the audit trail for your user authentication activities.
Securing Sensitive Data by Default
Data security is built into our Symend platform by default. This ensures that we minimize the exposure to any sensitive data by masking the Personally Identifiable Information (PII) data. Any user or service can access PII data in clear text, only if they have a Trusted User role in the system.