RooX UIDM has enhanced access protection for field and outsourcing employees
20 апреля 2022
RooX has implemented a new adaptive authentication scenario that supports the enhanced protection of access to internal systems for field, outsourcing and remote employees of large companies.
Many companies engage outsourcing professionals, for example, sales agents, call center employees, delivery workers. Besides, there are full-time employees, who work in the field — first aid teams to help after car accidents, field amblance service, chain store auditors and so on.
Now, RooX UIDM supports the safe adaptive logon scenario for these employee categories that takes into account peculiarities of the remote work.
Such employees usually use mobile gadgets for their work. They get online through the "foreign" network — mobile Internet, public access points, client's network. In the field, they have smaller set of functions as that in the office, and sometimes this choice is strictly limited by the dedicated application functionality.
It is dangerous to use the domain account in untrusted networks and devices. In some cases, it is undesirable for "field" empoyees to know their login and password in the domain, as they should not have access to any other internal resources, except the dedicated application. Besides, it makes sense to differentiate "mobile" and "office" role priviledges. Then, even if an offender logs in via the stolen gadget, they will not have complete access to all internal services
Konstantin Korsakov
Chief Architect at RooX
New Functions of RooX UIDM
In RooX UIDM, we had already implemented the role management and multi-factor authentication capabilities earlier. Now, we added two new functions in the system — checking the subnetwork the user works from, and storing additional authenticaion data.
The first function allows to single out untrusted networks and restrict access from them to the company resources. The second enables binding a user to the standardized form of the mobile number, enhanced qualified digital signature, account ID of the third party IDP and so on. It’s important to note that using mobile numbers specified in the domain is not a reliable practice. Its data are rarely reduced to the single record format, can be out of date, invalid, duplicated for different employees or just missing.
With these RooX UIDM functions, you can configure the adaptive safe logon scenario that encompasses all steps of interaction with an employee.
How to Configure the Adaptive Safe Logon Scenario
A new employee is connected to remote work features within the internal network. The employee logs in from their domain account and binds the field authentication data to it. If this is a mobile number, it is confirmed with one-time password via SMS. The mobile number setting scenario provides a range of notifications and actions in case this number was previously used by another employee.
If a user has limited domain access rights, the binding is carried out by the admin.
Further, when an employee starts working in the “foreign” network, the alternative logon scenario branch is activated. The rights to use functions are automatically reduced down to the mobile role. This scenario branch can be additionally enhanced through the use of the second authentication factor.
Further, when an employee starts working in the “foreign” network, the alternative logon scenario branch is activated. The rights to use functions are automatically reduced down to the mobile role. This scenario branch can be additionally enhanced through the use of the second authentication factor.
