Reltio Connect

 View Only

  • 1.  What are Best Practices in controlling tenants and combinations of customer roles

    Founding Member
    Posted 04-28-2021 07:41
    I would love to hear from other Reltio users and employees on how they are controlling access to their tenants. I would love to hear what combinations of custom roles, SSO, IP whitelisting, and perhaps other technical/process controls are in place to ensure there is no unauthorized access to their tenants and their data.

    ------------------------------
    Walt Feldman
    Digital Data Lead
    Subway
    ------------------------------


  • 2.  RE: What are Best Practices in controlling tenants and combinations of customer roles

    Reltio Employee
    Posted 04-28-2021 16:23
    Hi @Walt Feldman,

    Thank you for your question. We have several layers of security in our platform. 
    All access to a tenant is controlled by user credentials. APIs can be accessed via client credentials. 

    Once a user has access to a tenant, the access to specific functionality and data is controlled by our Role Based Access Control (RBAC). 
    This section of the documentation explains these in detail. 

    https://docs.reltio.com/security/securitymanagement.html  

    Many of our customers use Single Sign-On (SSO) to ensure higher level of security for their users where the authentication is done by a SSO provider like Okta.  Reltio supports both SAML and OIDC standards for SSO. 



    ------------------------------
    Venki Subramanian
    ------------------------------

    Original Message


  • 3.  RE: What are Best Practices in controlling tenants and combinations of customer roles

    Founding Member
    Posted 05-02-2021 09:32
    Hi Venki,

    I agree that identity and access management is fairly robust in Reltio. My question has to do with the other layers of security:
    • What are best practices for controlling access to tenants based on trusted network/location?  
    • What are best practices for controlling access to tenants based on trusted device or application?
    • How are suspicious patterns of access to tenants identified and alerted on?

    Are these sorts of controls coming to Reltio in the future?

    Regards,
    Walt

    ------------------------------
    Walt Feldman
    Digital Data Lead
    Subway
    ------------------------------

    Original Message


  • 4.  RE: What are Best Practices in controlling tenants and combinations of customer roles

    Reltio Employee
    Posted 05-03-2021 10:30

    Hi Walt,

    Thank you for your continuous patronage. We do consider security very seriously in Reltio & are continuously investing in bringing fine grained capabilities to secure your data.

    Please find my responses to your queries.

    - Currently we have the capability to whitelist IPs to restrict accessibility to nominated tenants with certain limitations i.e. Not all services can be restricted with IP whitelisting today. We will continue to enhance this functionality to address those limitations in the future.

     - As of today, we have not planned for device/application-based access control to tenants. But as part of our continuous initiative to enhance our security features, we will consider planning for similar functionalities in the future.

     - As part of roadmap, we have plans to enhance our security features to give you the capability to get alerted when your tenants are subjected to suspicious activities/configured events.

    Hope this helps.




    ------------------------------
    Nirmal Natarajan
    ------------------------------

    Original Message