Reltio Connect

 View Only

Security Rollout - Upcoming Deadlines and Exceptions

  • 1.  Security Rollout - Upcoming Deadlines and Exceptions

    Reltio Employee
    Posted 10 days ago

    The security and privacy of your data is our highest priority at Reltio and we will continue to uphold the highest standards of data protection and information security to safeguard your tenants and data. In the coming months, we would like to partner with you on important steps to enforce additional authentication security measures. This will require your support to implement these measures by taking the following actions within the timelines outlined below.

    1. Human Users: Implement Single Sign-On (SSO) or Multi-Factor Authentication (MFA) by November 4th, 2024.

      1. Single Sign-On (SSO) (Preferred Option)

    Implementing SSO with your enterprise identity provider (IdP)  is an industry-standard best practice for enhancing the security and efficiency of your user management. These guides provide step-by-step instructions on seamlessly integrating your IdPs (e.g., Okta) with Reltio.

    1. Multi-Factor Authentication (MFA):

    Implement MFA for any human users who cannot be on SSO. MFA is now available to all customers. Customers can choose between app-based or email-based MFA. 

    Note: There will be no exceptions to this Nov 4th deadline. Users will not be able to login unless they are either enrolled in SSO or MFA.

    1. System Users: Identify all service accounts and migrate to Client Credentials by November 4th, 2024.

      1. Client Credentials - All customers must use Client Credentials for any system-to-system integration or API usage with Reltio. Client Credentials authentication is the secure, standards-compliant method to access Reltio's platform and provides granular control and audit trails for services.

    Note: Service or application identities that currently exist under the User Management console will be affected by the MFA requirement on November 4th. We advise the review of all users to identify Service Accounts and plan the migration to Client Credentials by that date. An extension may be granted in exceptional cases. 

    1. Requesting an extension for specific Service Accounts - As an exception, extensions can be requested to migrate specific Service Accounts to client credentials.

    Note: Requests for extension must be submitted by October 28th, 2024.

    Please provide the specific extension date. You can be granted an extension through February 4th, 2025 (no further).

    To request the extension, follow these instructions:

    • Identify all Service Accounts (usernames) that should be exempted. The Reltio team will only grant exemptions on the usernames listed in the email.

    • Coordinate with a security stakeholder in your organization on this extension request and your timeline for migration. This should be someone from Security, Risk, or Compliance.

    • Send an email to your Customer Success Manager (CSM), either from the security stakeholder or with them copied, with the list of usernames to be exempted and the specific extension date for the associated accounts to be migrated to client credentials. 

    We appreciate your partnership, cooperation, and support as we continually work to ensure the safety of your information. If you have any questions or need assistance, don't hesitate to reach out to your CSM or Support.



    ------------------------------
    Sergio Abraham
    Principal Product Manager, Security & Compliance
    Reltio
    ------------------------------