Chatta subito con l'assistenza
Chat con il supporto

Nova Current - Core Security Guide

Separation of customer data

A common concern related to cloud based services is the prevention of commingling of data that belongs to different customers. Nova Core has architected its solution to specifically prevent such data commingling by logically separating customer data stores.
 

Customer data are differentiated using a Customer Organization Identifier. The Customer Organization Identifier is a unique identifier obtained from the Nova Core that is created when the customer signs up with the application.
 

Nova Core does not create additional resources when new customer is added to system. Each organization/tenant entity which is persisted has an attribute of OrganizationId linking it to the unique identifier obtained from Nova Core. Data requests are then restricted to particular single or multiple organization (organization group). Multiple organizations access is only allowed for multi-tenant customers, as each organization can only have single tenant associated to it. An AzureAD tenant can only be added to one organization.

 

 

Network communications

Internal network communication within Azure includes:

·Inter-service communication between Nova Core components

·Communication to customer Microsoft Entra/Office 365 tenants (mostly by Nova apps)

The following scheme shows the communication configuration between key components of Nova Core.

 

NetworkComms1

 

The network communication is secured with HTTPS and is visible to the external public internet, as all services are communicating directly with each other.
 

Inter-service communication uses OAuth authentication using a QTID client service account with the rights to access the services. Backend services of Nova Core is accessed by UI with the signed-in user token. The access is then differentiated by user or client tokens.
 

Nova Core accepts the following network communication from outside Azure:

·Access from web UI.

·Access from other Nova Core based application (Reporting, DPC, TXP, …)

All external communication is secured with HTTPS TLS1.2.
 

The Nova user interface uses OAuth authentication with JWT token issued to a logged in user.

 

There are no unsecured HTTP calls within Nova Core.

Authentication of users

The customer logs in to the application by providing QTID user account credentials.
 

The process of registering an Microsoft Entra tenant into Nova Core is handled through the well-established Azure Admin Consent workflow. For more information about the Microsoft Entra Admin Consent workflow, please refer the Quest On Demand Core technical documents.

 

Role based access control

Nova Core does provide the common authentication via Quest Identity (QTID) service. Nova Core is configured with default roles that cannot be edited or deleted. Each access control role has a specific set of permissions that determines what tasks a user assigned to the role can perform.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione