A system for managing microservice permissions.
Are you looking for software from which to grant permissions to all employees in your company?
Do you need a system that will securely store all login credentials for every application in your company?
Do you want to save time wasted on logging in, every time you open your company system?
If your answer to any of these questions is yes, then you are in the right place.
Table of contents:
- Glossary of definitions. Authentication, authorization and identification - what is it?
- Authorization management system - what is it and what is it used for? The idea and purpose of the system.
- How does the microservices authorization management system work?
- Advantages of authorization management system.
- Summary.
1. Glossary of definitions. Authentication, authorization and identification - what is it?
Before you go on to read information about our system for authentication and authorization, find out exactly what it means. Below you will find a glossary of useful definitions that are sure to explain a lot to you.
Identification - what is it?
Identification - is the process by which a user declares his identity, that is, provides his data in a specific system (microservice) or website, which is then subject to authentication.
Authentication - what is it and how does it work?
Authentication, also known as authentication - is an operation that involves confirming the identity of a user who wants to use a particular system. Its purpose is to obtain a high level of confidence that the user is who he claims to be. This can be done, for example, by verifying a digital signature.
Digital signature - what is it?
A digital signature is placed under a server certificate through a trusted certification authority. It is a function that is intended to confirm the identity of a given user. It is an international standard and is the most reliable guarantee of identity.
Authorization - what is it?
Authorization - is a confirmation that the user is who he claims to be and that he is authorized to use the desired system. The program that the employee wants to use additionally verifies the user's authorization, as established in the authorization system, and then allows him to use only those functions to which he has access.
Microservices - what is it?
Microservices - otherwise known as applications, are independent parts of the same larger system. They are distinguished by the fact that each of them can function separately, but at the same time they are connected by a common part. In analogy to our new authorization system, in this case it is a "larger system" that is compatible with microservices, or applications, or systems, such as a WMS, CRM, or MES system.
OpenID technology - what is it?
Open ID technology is called a technology that allows a user to log in to multiple services, systems, or sites with a single login and password, without registration. It is considered an international standard for authorization and authentication. In the case of our system, it also authorizes the granting of rights for all employees in the relevant systems through a single program.
API - what is it?
API (Application Programming Interface) - Application Design Interface. It is an interface that is necessary for applications to connect and communicate with each other. It is a kind of intermediary between them. It is also a guideline that tells how applications and systems should communicate with each other. With regard to our authorization management system, the API allows this system to be compatible with microservices, such as the WMS program, so that data can be exchanged between them, and consequently employees can be automatically logged in.
JWT - what is it?
JWT (JSON Web Token) - also known as access token (access token, root token), is a simple yet secure string of characters that is responsible for confirming a user's identity. It "lives" as long as it is programmed to. In the case of our system, it is usually valid for 15 minutes, after which time another code must be generated. Logging in every 15 minutes would be cumbersome, but we have found a way to do it, which is the refresh token.
Refresh token - what is it?
A refresh token, also known as a refresh token, has a much longer lifespan than a JWT code, or master token. Refresh token is designed to generate a new JWT key, after this one expires. To do this, you must log into the authorization system, after which you will receive two tokens: an access token, which will expire after several minutes, and a refresh token, which will expire after about 60 days.
2. authorization management system - what is it and what is it used for? Idea and purpose of the system.
Purpose of the system: The software created by our specialists is designed to manage login data and employee authorizations in all applications (microservices) of the company, from a single system. The program is also used to limit each time employees log in to the applications used in the company, which generates time savings - thanks to it, your login data is automatically entered into the application, and the login itself happens in the background, without your participation.
Idea of the system: The system works on the principle of one login and password for all company programs. What this means. As an employee, you get one login and password for the authorization management system, which you have to remember. As for the rest of the company applications that are compatible with the system, you gain access to them through a universal JWT (access token) key, which consists of numbers and letters and contains encoded in it all the authorizations you have in specific systems. This means that when entering an application where you have permissions, you don't have to log in - the process runs in the background and is invisible to you.
Moving on to permissions, let's take a warehouse worker - he only has access to the WMS program, and the permissions he has in the system depend on his position. For example, a warehouse worker may be given access to issue warehouse documents, such as PZ, or WZ, but is not given the authority to issue invoices. Therefore, with the help of our system, this possibility is automatically blocked for him, which prevents him from performing actions in the "invoices" tab in the WMS program.
With our system for authorization, you don't have to remember all the passwords and logins, because the program does it for you. All you have to do is log in and generate a new JWT code, or access token, which will ensure that you can enter the company application and activate your authorizations, without having to log in each time.
3 How does the microservices entitlement management system work? Step by step.
Step 1: Identification and Authentication - You log into the entitlement system with your login and password.
Step 2: Access token - You receive your JWT universal character key, or access token, into which all your permissions to selected microservices (applications) are encoded, as an employee. The access key is refreshed on average every 15 minutes and is different every time you use it.
Step 3: You select a company program, such as CRM in the menu of the device you are using, such as a data collector. While you click on the application, our system sends your access token (i.e. your login information and permissions, which it has in its database) to the CRM program. The transfer process takes place in the background and is invisible to you, so when you enter CRM you are already logged in and your permissions are active.
4 What are the advantages of using an authorization management system?
What is it that distinguishes our system and makes it extremely helpful and is already working successfully in several companies?
All data and authorizations in one place. Our software stores data with all the logins and passwords of the entire company. This means that the login data and permissions of all employees, regardless of department, position, function and microservices used, are stored in one place - our system - and can also be managed from this one place.
Grant permissions for the entire company and all microservices from one program level. This feature is a real convenience for your company's IT team. Its huge plus is that it reduces many of the factors needed, such as the number of employees required to perform these tasks, their time, responsibilities and the material they need to know. Until now, each company's program, such as MES, for example, needed a separate software from which IT staff could grant, change, delete permissions and establish logins and passwords for new employees. So if the company had a dozen or so large systems (microservices), the IT team used another dozen or so additional, large and difficult programs to be able to grant permissions, each of which they had to know very well. Several people were needed for this task - but in the case of our system, it has functions for granting permissions and login data from just one simple program. This allows for a significant reduction in the number of people, their time and responsibilities, involved in assigning permissions. This translates into a later increase in company savings.
Another convenience is that you and your employees don't have to remember multiple logins and passwords, which is certainly a big plus for forgetful people. The only credentials you need to know are those needed to log into the authorization system, which generates you an access token containing your login credentials and authorizations for the relevant applications, allowing you to use them seamlessly while saving your precious time.
The strength of the entitlement program is also web security. We know that most of your company applications are in WEB form, that is, they are accessible through a website. This exposes them to many dangers and hacking attempts, so our system uses modern cyber-security technology to avoid theft of your company's data.
Our software for logins, passwords and permissions uses a modern international standard for authentication and authorization, which is open ID technology, which means that an employee only needs one ID to use multiple web applications. This makes it easier to use company systems, as your employees don't have to set up separate logins and passwords for each company program, but instead use a single account, set up in the HDF system to manage permissions.
The authorization program fully integrates with other applications and systems. Our authorization system works for many of your subsystems (microservices), i.e. company applications such as CRM, MES, or WMS that already exist. There is no need to set up separate authorization management software for each microsystem. The HDF entitlement system communicates with your applications according to the standards of the API, or application programming interface, which is an interface, an intermediary, and a set of rules that establishes how the software should send information between each other.
5 Summary
To sum up, the microservices permission management system is a modern security for your entire company's login data. In addition to security, it also provides you with an incredible increase in cost savings, as it guarantees granting permissions to all your applications, from a single program, and speeds up the login process for employees, who don't have to mess with remembering numerous logins and passwords. Best of all, you can expect to see this new program in our offer soon!