Environments identity and access management

Overview

Bizagi can be integrated with a variety of systems that are intended for different purposes. Usually, when a system is integrated with another, an authentication procedure must be executed first, to make sure that the integration occurs only between trusted systems. Due to the variety of systems, and their inherent technologies, access to these systems demand to handle a set of different authentication protocols, for each feature in Bizagi that can be integrated with other systems.

The following picture shows an example where you can have multiple integrations throughout different features available in Bizagi:

Security_1_cloud

Each feature can use a different authentication protocol. Therefore it is important to understand the protocols available for each feature. The following table sums the different integration types, their available authentication protocols. Click on each item to see the authentication protocols.

Authenticate users in the Work Portal

With an external IdP

Protocol	Available Profile	Identity providers
SAML 2.0	Post Single Sign-on Post Single Log-out * Redirect Single Sing-on Redirect Single Log-out	Azure AD Azure AD B2C ADFS NetIQ Okta PingFederated Any IdP that supports SAML 2.0
OAuth 2.0	Authorization code Implicit grant *	Azure ID ADFS 4
LDAP (requires VPN)		LDAP
Multiple Authentication		Multiple Id Providers

*This profile is not available for all providers

Without an external IdP

Protocol

Bizagi Authentication

Protocol
Bizagi Authentication

Management Console Web / Customer Portal / AI /BI

Protocol	Identity Providers
SAML 2.0	Azure AD ADFS NetIQ Okta PingFederated Any IdP that supports SAML 2.0
WS-Federation 1.0	Azure AD or ASDFS 3.0 or 4.0
Open ID connect 1.0	Default Idp or Okta
Multiple Authentication		Multiple Id Providers

Protocol	ECM Providers
HTTP basic authentication	Sharepoint On-premises, Documentum, Alfresco, FileNet

Connectors

Easy REST connector

Protocol	Grant types
HTTP basic authentication	N/A
Oauth 2.0	Client Credential, Password Resource Owner, Impersonation.
Digest	N/A

Custom connector

Protocol Grant types

Custom authentication Customer creates its own authentication methods

OData

Protocol	Grant types
Custom authentication	Customer creates its own authentication methods

Protocol	Token authorization
OAuth 2.0	Client Credentials, Bearer token

Invoke SOAP external web services

Protocol	Authorization method
Basic HTTP authentication	N/A
Plan header token	N/A
WS-Security	Secure conversation head token

Invoke REST external web services
Bizagi SOA Layer
Virtualization and Replication (requires VPN)
Sites
Mobile

Protocol	Authorization method
WS-Security	Basic user profile

Protocol
SQL authentication
Oracle authentication
WIndows authentication

Protocol
Same authentication of the Work Portal

Protocol
Same authentication of the Work Portal

Additional to authentication protocols set for integrations and features, there are other aspects of security that you can configure. You may define the following security aspects in a project:

Work Portal Security

Bizagi allows you to restrict access to different areas of your processes during execution to make sure that the correct people have the necessary privileges and prevent unauthorized actions.

Bizagi offers the Security Module that allows you to define a schema of permissions on some of the elements, which includes:

•How are users authenticated.

•What options can each user see or use (according to roles, positions, location, etc).

•Which processes and tasks are available for mobile device access.

For more information refer to Work Portal Security.