Progress Rollbase provides a flexible authentication and security model giving you control over how users access the platform and how they are identified. From LDAP and Single Sign On to multi-factor authentication, security level settings, password expiration policies and IP whitelists, Progress Rollbase adapts to the needs of each organization on a tenant by tenant basis. In addition SSL technology protects your information during transit with data encryption.
LDAP (Lightweight Directory Access Protocol)
For organizations that have standardized on Microsoft's Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) as their identity management system, Progress Rollbase offers a simple integration process for each tenant within the Rollbase user interface that allows users to be authenticated by these external systems. This allows enterprises to strengthen security and avoid errors from entering information into two separate systems and enhance efficiency since users do not need to remember multiple email addresses, user IDs or passwords.
Single Sign-On (SSO) support is available for each Progress Rollbase tenant using HTTP POST and HTTP GET requests, allowing customers to integrate with a variety of external systems regardless of required request format. With this support, users no longer need to provide additional ID and password credentials to log into any Progress Rollbase instance. Instead, a session ID confirms the user as having already been authenticated by a trusted source: their enterprise's own network or another applications. This single sign-on process makes it faster and easier to access Progress Rollbase accounts.
Multi-factor authentication can be enabled on a tenant to further ensure user identity by providing a set of pre-defined challenge questions defined by users upon first login. Users have the ability to edit these questions as needed and a cookie remembers whether they have been recently answered, thus not requiring the user to answer them every time they login.
Security Level and Password Policies
Progress Rollbase gives you control over security settings and password policies on a tenant by tenant basis. Security level settings determine minimum password length, password case-sensitivity, whether or not character sequences are allowed or non-alphabet characters are required, whether to temporarily block users after a number of unsuccessful login attempts, duration of this block, and more.
Password Expiration Policies
Password expiration policies can be set for each tenant by specifying number of days before passwords must be reset. A customizable "Password Expiration Notification" email template can be assigned to this event using a Trigger on the User object.
As a security precaution you can restrict login to each Rollbase tenant to a list of IP addresses. You can optionally limit whitelist restrictions to a group of selected Roles or apply the whitelist to all Roles. The IP address of the user trying to login into that tenant will be cross-checked against this list and if a match is not found the user will be denied login.
SSL and HTTPS
The Progress Rollbase Hosted Cloud infrastructure is hosted in a secure server environment that uses firewalls and other security technology to prevent interference or access from outside intruders. When you access the Progress Rollbase service via HTTPS, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption, ensuring that your data is safe and secure during transit.