Internal network communication within Azure includes inter-service communication between Security Guardian components and the On Demand Platform.
Inter-service communication uses OAuth authentication using a Quest Entra ID service account with the rights to access the services. No backend services of Security Guardian can be used by end users.
On Demand Services accepts access to Security Guardian from the On Demand web user interface.
All external communication is secured with HTTPS TLS 1.2.
The Security Guardian user interface uses OAuth authentication with a JWT token, issued to a logged in user.
The customer logs in to the application by providing On Demand user account credentials.
For more information about user authentication, please refer to the Quest On Demand Global Settings
Security Guide.
Quest On Demand is configured with default roles that cannot be edited or deleted and allows you to add custom roles to make permissions more granular. Each access control role has a specific set of permissions that determines what tasks a user assigned to the role can perform. For more information on role-based access control, please refer to the Quest On Demand product documentation.
Security Guardian cryptographic usage is based on Azure FIPS 140-2 compliant cryptographic functions. For more information, see Microsoft-us/azure/storage/blobs/security-recommendations.