Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column
width40%
Panel
borderColorlightgrey
bgColor#F0F0F0
titleColorwhite
borderWidth1
titleBGColor#88AACC
borderStylesolid
titleAbout

 

 has a plugable security framework and offers a variety of built-in Security Managers. If you use the  Default Security Manager, a tenant admin can create users and roles directly in your  tenants. See the Manage Users and the Manage Roles for instructions on creating users and roles. Note that with LDAP Security Manager and Delegating Security Manager, groups are the equivalent of  roles.

 also supports two types of LDAP Security Managers that pull users and groups from your external Active Directory or Open LDAP system; a Delegating Security Manager when you are integrating with Confluence; a /wiki/spaces/frevvo74/pages/355086544 that pulls users and groups from your external users database; a SAML Security manager that allows enterprises to take advantage of Internet Single sign On and custom security managers that lets you integrate with a security manager that you build yourself.

Note
  • frevvo Security Managers are an Add on feature with additional costs.
  • frevvo only supports/certifies Security Managers when is running in the Apache Tomcat container. Refer to our Supported Platforms for the list of Application Servers supported/certified by frevvo.

Column
width20%
Panel
borderColorlightgrey
bgColor#F0F0F0
titleColorwhite
borderWidth1
titleBGColor#88AACC
borderStylesolid
titleLive Forms Security Managers

Working with LDAP

SAML Security Manager

Azure SAML Security Manager

Which Security Manager do I choose?

Changing the Security Manager for your Tenant

...

You cannot pull custom attributes from your AD into your forms/flows in

this

mode

.

 


Partial sync if discovery mode ( “auth only” off). User details and user’s roles are automatically discovered each time the user logs into the tenant. Thus the tenant can get out of sync with your IDP therefore manual or automated csv uploads on a regular basis are still recommended.

 LDAP

SAML

Azure

Cloud or on-premiseBoth - Some organizations do not want to expose LDAP to the internet so they choose on-premise. Read how LDAPs in the cloud is secure.Both - Primarily used for cloud tenants who do not want to expose their LDAP directly to the internetBoth - provides a simple and secure way to access identity management (azure AD) in the cloud

Are Users/Roles automatically synchronizied with your Live Forms tenant(s) ?

Yes - Manual user/role sync (via frevvo csv upload for example) is not required. The frevvo server automatically gets users & roles from LDAP.

No - if “auth only” mode selected - Users/Roles must be created in your tenant manually. The CSV upload is a good way to do this.

Note
Yes - Manual user/role sync (via frevvo csv upload for example) is not required. The frevvo server automatically gets users & roles from Azure AD.
Single Sign On

Cloud - not available

  • One tenant that uses SSO for internal forms/flows
  • A second tenant that uses the Default Security Manager where all anonymous forms are designed and shared from.
YesYes
Authentication Only Mode Choice

No - You must change your IDP (LDAP in this case) to have roles you need in your frevvo workflow if they do not already exist. All user information is maintained in LDAP.

YesYes
Authentication Only = YesNot Supported

SAML handles authentication only - roles/users managed & maintained via the tenant Users/Roles UI.

Changes made via the tenant Users/Roles UI do not get overridden when user logs in/out.

You may choose this mode if:

  • You do not want to add  roles to your LDAP.
  • LDAP has many roles that have no relevance to your workflow.
  • Find the SAML mapping for the other required attributes complex. For some IDPs, retrieving the manager user id and role names may require writing custom rules.

Con - (1) All user information (email address) must be managed by the frevvo tenant admin. This can get out of sync with your IDP.

Note

You cannot pull custom attributes from your AD into your forms/flows in this mode.


Pro - You can add roles for frevvo workflow without having to edit your IDP

Users and roles are defined in Azure AD.

 

Authentication Only = No

This is the only mode allowed in this SM and this property does not even exist to change it.

Groups needed for these user types in your IDP:

  • Designer users must be members of the frevvo.user and frevvo.Designer groups
  • Tenant Admins must be members of the frevvo.User and frevvo.TenantAdmin groups

Users are discovered immediately the first time the tenant connects to the IDP and are automatically and always kept in sync without any manual intervention.

Groups needed for these user types in your IDP:

  • All Users that will have access to Live Forms must be members of the frevvo.User group.
  • Designer users must be members of the frevvo.User and frevvo.Designer groups
  • Tenant Admins must be members of the frevvo.User and frevvo.TenantAdmin groups

Users discovered when they log in.

Changes made via the the tenant Users/Roles UI are overwritten if user logs out then in again.

Users and roles are defined in Azure AD.

 

If your company uses LDAP as your IDP, do you need to install additional software to use this frevvo Security Manager?NoYes -  (Either install one of the SAML 2.0 Implementations such as ADFS or use a cloud provider such as Okta, and configure it to talk to your LDAP server)Yes (You must purchase Azure AD in the cloud)
Can I embed frevvo forms/flows into my website with this Security Manager?Yes

Yes - if the visibility of the form is set to Public.

Yes - if the visibility of the form is set to Public in Tenant and the user is already authenticated to Azure SAML.

No - if the visibility of the form is set to Public in Tenant and the user is NOT already authenticated to Azure SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe.

Yes - if the visibility of the form is set to Anyone (login not required)

Yes - if the visibility of the form is set to Authenticated Users (login required) and the user is already authenticated to SAML

No - if the visibility of the form is set to Authenticated Users (login required) and the user is NOT already authenticated to SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe.

What does frevvo support?Microsoft AD, Open LDAPShibboleth, ADFS, Okta, Centrify, Google and any other software that implements the SAML 2.0 protocolThere is no other implementation of Azure AD then Azure AD
What does frevvo certify?Microsoft ADnoneAzure AD
Do you need your own Configuration Specialist for your IDPYesYesYes

...