Security Checkpoints in IFS Aurena are defined in the projection layer. It is bound or unbound actions that can contain Security Checkpoints.
The following actions can have Security Checkpoints:
Security Checkpoints in IFS Aurena supports both new Security Checkpoints created for IFS Aurena and Legacy Checkpoints created for Enterprise Explorer. The concept in IFS Aurena is a combination of both these types of Security Checkpoints.
Security Checkpoints in IFS Aurena can be defined for an action by having,
Creating Security Checkpoints for IFS Aurena is explained under Creating New Security Checkpoint
Enabling and disabling of these Projection and Legacy Checkpoints can be done using IFS Aurena's Security Checkpoints administration pages.
When a Security Checkpoint is created for an action, the metadata of the projection that uses this action will have Security Checkpoint details. The Aurena client identifies the Security Checkpoint for a particular action by getting checkpoint details from the client metadata.
If Security Checkpoints for IFS Aurena are globally enabled and a new Projection Security Checkpoint or a Legacy Checkpoints is active, when a transaction encounters a Security Checkpoint, IFS Aurena will then present a dialog asking the User to provide its credentials to proceed.
The credentials will be sent to OData Provider with other action parameters. The User credentials will be validated at the OData provider and if successfully verified, the Security Checkpoint will be opened and the action and the transaction will be executed. If the User verification fails, the action and transaction will not execute and will present an error message to the User.
Security Checkpoints in IFS Aurena supports different authentication methods. Different authentication methods require different verification types for Security Checkpoints in IFS Aurena.
The verification type in IFS Aurena is independent of Enterprise Explorer.
Read more about verification types here.
When using standard Database Authentication, the Users credentials, username and password, will be used for verification.
The verification type PIN-Code can also be utilized when using Database Authentication.
When using Azure Active Directory Sync or Active Directory Federation Sync (ADFS) as an authentication method, IFS Aurena must have PIN-Code as the verification type for Security Checkpoints.
Web browser often has the functionality of saving Username and Passwords to enhance the user experience. This functionality can be counter-productive for Security Checkpoints in IFS Aurena since the credentials will automatically be pre-filled with the credentials stored by the Web browser.
Consider to turn off this functionality in the Web browser of choice for the Users if Security Checkpoints is going be utilized.