Skip to content

Controlling Access to the Interface

Securden EPM (Cloud Edition) is designed so that end users don’t have the need to access the main application interface at all. Administrators, auditors, and approvers who are tasked with managing privilege requests can access the web interface using a web browser. End users use the Securden Agent on their endpoints to fulfll their requirements.

Access to the web interface is controlled in two levels. The frst one is either through the native authentication method or authentication through an identity provider. Securden EPM with AD, Azure, G Suite for user onboarding and users can authenticate themselves using their directory identities. Additionally, Securden can integrate with all LDAP compliant directories and all SAML based SSO solutions for seamless authentication.

How does Securden authenticate using directory services?

Securden doesn’t store the directory credentials anywhere. The authentication is carried over secure channels over SSL and authenticates against AD. To connect with the Active Directory service running on your server, Securden uses a remote connector to connect the AD from cloud.

To connect with Azure (Entra ID), a client secret and secret key pair is used to establish the secure connection.

How secure is Securden’s native authentication?

To withstand brute force attacks, a one-way hash of the password is created through brcypt hash function, one of the advanced algorithms available. Once the hash is created, the hash is then combined with salts to protect against attacks. Even in the rare case of the database getting breached, the encrypted data cannot be deciphered without the encryption key.

Additional layer of protection using MFA

Securden helps add an additional layer of security by requiring a second factor of authentication before allowing users to access the vault. Securden integrates with an array of solutions from which you can use any to enforce MFA.

Design Highlights

  • AD authentication over SSL
  • Azure authentication through secret generated in Azure
  • Credentials are hashed using brcypt function and then salted
  • Integration with MFA solutions for added security