In this article, we will discuss the various security features offered by the Engage Process Platform. These can be found in the Engage Process Admin Center under the ‘Security’ section.
Customers with our Enterprise subscription have an additional option, namely ‘Single Sign On’ (SSO).
IP address ranges
It is possible to restrict access to Engage Process on the basis of an IP address (enter the same IP address twice at ‘Beginning range’ and ‘End range’) or an IP address range. The user can then only access Engage Process from those outgoing IP addresses.
Password Settings
In this section, a number of different things can be set regarding the password, including minimum length and validity period.
Two Factor Authentication
By now, everyone has had to deal with two-step verification to access one or more applications or websites. This means that, in addition to entering a username and corresponding password, another security measure is required, namely entering a code generated by Microsoft's or Google's Authenticator app.
If you want to make use of this, you can turn it on for all users at once or set it manually for specific users.
Note!
If you use a generic viewing account for the Viewer, you do not need to enable two-step verification for this.
As soon as two-step verification is enabled for a user, he will see a QR code and an instruction on what to do after logging in for the first time. The QR code can be scanned using one of the apps mentioned above. The rest is self-explanatory.
If the user has a different phone or problems logging in using two-step verification, you can disable or reset two-step verification by clicking on the user in the ‘Users & groups’ section on the right (see window below).
Anonymous Access
In the Engage Process Modeler, it is possible to share processes with people who are not users within the Engage Process Platform. You can then enter the e-mail addresses of these ‘anonymous’ users. This option during sharing in the Modeler becomes available when, in the Admin Centre under ‘Security’ and under ‘Anonymous access’ the option is ticked that anonymous sharing of diagrams with externals is allowed. By ‘externals’, this means users who do not have an account in the customer's Engage Process environment.
Single Sign On
Within Engage Process' Enterprise subscription, there is the option to implement Single Sign On (SSO). This means that users do not need a separate username and password to use the Engage Process Platform. In addition, it is also one of the best security options.
When logging in, there is communication between the customer's so-called Active Directory and Engage Process. Only users known in the organisation's network can log into Engage Process.
When SSO is active, an additional header appears in the Admin Centre under the ‘Security’ section. When you press the ‘Change’ button behind ‘SSO Settings’, the window below appears:
After implementation, the administrator only needs to periodically adjust the Client Secret Value and the end date. The remaining details are filled in by us during implementation.