Versions Compared

Old Version 14

changes.mady.by.user Henning Støverud

Saved on

compared with

New Version 15

changes.mady.by.user Henning Støverud

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed HRID to Talentech ID


The authentication in our platform is based on a centralized Identity Server called HRIDTalentech ID. HRID Talentech ID is built on IdentityServer4 which is an Open Source OpenID Connect and OAuth 2.0 framework for .NET. IdentityServer is OpenID Certified and part of the .NET Foundation.


What is authentication?

Authentication is the process that ensures and confirms a user's identity. This is an important process to make sure we can trust that the user is actually who they claim to be.


Types of authentication

Our identity platform support different methods of authentication. The default one is local user accounts in HRID Talentech ID where the user authenticates via a username and password. HRID Talentech ID also acts as a federation gateway allowing our customers to bring their own identity provider. Our preferred way to set up external identity providers is via OpenID Connect.


Password recommendations

Earlier it was recommended to force periodic password resets, use complex password with numbers, special characters etc, but this is no longer considered to be a good practice. We recommend using a strong and unique password for HRID Talentech ID with a minimum length of 8 characters. The password should not be re-used in any other service.

You can read more about good password practices here and here.

When setting a new password in HRIDTalentech ID, we give the user a warning if they try setting a password that is in a know password leak. This is done by using the Have I Been Pwned service as shown in the screenshot below.

Account lockout

To prevent brute force attacks on user accounts, we automatically lock accounts temporarily after too many failed login attempts. First it gets locked for a few minutes and then we permanently lock it.

Infrastructure

HRID Talentech ID is running on PaaS infrastructure in Microsoft Azure using the North Europe region as primary region and West Europe as secondary region. The infrastructure is set up with geo-redundancy both for the application servers and backend databases, so in the event of an outage in one of these data centers, HRID Talentech ID will still be able to serve requests.

Encryption

Network traffic between HRID Talentech ID and clients is encrypted using TLS 1.2. 

Passwords for local user accounts are hashed using the password hasher provided by ASP.NET Core

Image RemovedImage Added

Image result for identityserver logo

OpenID Certified mark