Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Getting started with security

By Jackie Sexton
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

An Admin or Module Developer

A Module Developer license and Area access is required.

Application security within the platform is handled with a combination of Reporting Authorities and Roles, along with some additional special-case features. Administrators play a vital role in ensuring a subscriber's information is secure and that the data meets subscriber requirements.

For additional information review the following articles:

The following items should be reviewed and approved by the subscriber’s security department.

Login Options

  • Single Sign On (SSO): A mechanism to authenticate a user against another identity provider, like Active Directory. It is still necessary for each user to have a Person object.
  • Forced SSO: The platform can force the use of SSO for all users, meaning that users cannot log directly into the platform without using SSO.
  • IP Restrictions: For subscribers using a hosted environment, a subscriber can choose to limit access to the system by IP address, or a range of IP addresses. This would typically be the external IP address of your subscriber's security system. Remote users would need to connect to their company’s VPN (Virtual Private Network) before connecting to the platform.

Security Best-Practices

  • Set a period of inactivity to determine when a user’s session should be terminated. The default is two hours. User accounts can also be automatically disabled after a defined period. This is not a default setting.
  • Limit the number of admins with the User Access Control Administrator role. This is the only role that can grant other administrative roles to users. If there is only one person with this role, they know that others will not be granting themselves administrative roles and rights.
  • Do not allow or encourage shared or generic accounts.
  • Educate users about what type of information should and should not be entered or uploaded into the system. For example, classified or controlled information, PII (personally identifiable information), financial information, etc.
  • Encourage users to use the "Forgot Password" option if they are not using SSO.
  • Use Roles to manage oversight of user permissions across the various applications.
  • Use Reporting Authorities to segment data.
  • Use Record Access Control to control access at the objects level.
  • Limit the number of users with the Module Developer role. This role can permanently change application fields, behaviors, and rules.
  • Consider and monitor Ideagen recommended hardware and browser configuration guidelines and Login Options
    • Single Sign On (SSO)
    • Forced SSO
    • IP Restrictions
    • Mobile Behavior

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page