Architecture¶
-
Single Tenant - Private Cloud Instance ( GC, Azure, AWS )
24/7/365 availability, EU/US/ASIA region deployment options
-
Private Database & private Cloud Storage Bucket
Automated Daily Backups
-
Secure
SSL on all clients, Data Encryption at REST and in Transit, Private Encryption key possible
-
Default Authentication
Token based with SHA256 HMAC signature, or TOTP
-
Enterprise Authentication Options – Single Sign On (SSO)
Microsoft On Premise AD, Azure AD, OAuth 2.0, OIDC
Continuous Delivery¶
Continuous Integration Workflow¶
Technology Stack¶
Single Tenant Container Architecture Diagram¶
Security & Federation¶
Single Sign On - Requirements¶
-
Identity infrastructure that supports
-
WS-Federation (Passive Requestor Profile)
-
SAML 2.0
-
Fully encrypted communication (HTTPS)
-
Most used supported systems
-
Microsoft Active Directory Federation Services
-
Microsoft Azure Active Directory
-
Email to be setup as a claim in the trust
-
The user’s company email address or other suitable contact email address
-
Claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-
Requires FieldTwin Single Tenant
Simplified SSO diagram¶
Typical SSO onboarding process¶
-
Customer provides XML metadata for federation
-
The FieldTwin Single Tenant is configured
-
FutureOn enables SSO with metadata from customer
-
FutureOn gives the URL for the federation XML metadata to use in the trust configuration
-
The organisation sets up the trust based on the XML metadata
-
The SSO is verified and tested
-
Solution is ready to use