Overview
In Bizagi there are multiple ways to start a case. Users can start cases manually from the Work Portal, you can use an external system using the Bizagi OData API, or you can define programmed jobs. With Triggers and Actions, now you can define an automatic way to start cases, based on the content of emails. For example, if the email contains the word complaint, then Bizagi can automatically start the case of the Claims and Complaints process.
For more information about email triggers, refer to Triggers and Actions.
This article is intended to explain and recommend how Triggers and Actions are setup securely.
Security by design
The Triggers and Actions feature is covered by the security layer of the Bizagi Cloud Platform. Likewise, the architecture of the functionality offers data security, availability, and traceability. Moreover, Triggers and Actions rely on Office365 mailboxes and benefit from its security measures.
Security layer for Triggers and Actions
The security layer has two levels. The first level corresponds to the security layer of the Bizagi Cloud Platform and the second level is the security of the Office365 mailbox security features.
Bizagi Cloud Platform security layer filters request and protects access by implementing:
•Next generation firewall Offers IDS, IPS, antimalware, along with preventing leaks and protecting the ports.
•Application gateway (includes a Web Application Firewall): Offering extra security at the web application level (which prevents SQL injection, cross-site scripting attacks, malicious files and other threats), while routing requests to the target environment and its authorized endpoint (performing load balancing as well).
Office365 mailbox includes antiphishing, antispam, and antimalware protection and it helps protect against malicious email attachments. If a message is detected as malicious, it is blocked and quarantined to prevent malicious emails from arriving at Bizagi.
Integration and Authentication
Customers do not need to set up any system integration or authentication between their email provider and Triggers and Actions. The mailbox is provisioned and managed by Bizagi.
Interaction between the BizagiMailer service and the Automation Service application is protected by OData authentication (OAuth 2) and authorization features. While we setup a generic user in Automation Service as a principal in the OAuth application, you can use a user with restricted permissions over the case creation method.
Data security
•Data is encrypted at rest and in transit, using strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL) and Advanced Encryption Standard (AES). We recommend using encryption in transit for mail messages that are in delivered from your SMTP system to Bizagi. Data at rest is encrypted using Office365 Service Encryption.
•To comply with data regulations, all service components are deployed in the same Azure region of the Automation Service.
•Bizagi retains data to guarantee the service operation.
•Once an email is processed by the Triggers and Actions feature, they are placed in a special “Processed” storage and they are not available for processing again.
•Email messages are not backed up.
•Triggers and Actions mailbox is out of the scope of the disaster recovery service.
•Emails are retained for 30 days for troubleshooting purposes. After 30 days, they are permanently removed.
Availability
Bizagi manages and monitors the service through alerts and makes the necessary adjustments to ensure service availability.
Traces
There is a section in the Tracing menu of Management Console, where traces related to Triggers and Actions are located. You can use these traces to evaluate how triggers are working, which actions were completed and to pinpoint problems.
These traces will look like the one below:
Security for your processes
For you to get the most out of the triggers and actions functionality, we recommend taking the following actions:
Use an email box from your domain
Use an email box of your company to receive email messages. Never use the email address of the BizagiMailer service to receive notifications directly. Using your company's email box guarantees that the emails will be subject to the security rules you have configured and will prevent malicious messages from reaching Bizagi's triggers and actions.
Setup forwarding rules on your email box
We strongly suggest setting up rules to automatically forward messages to Bizagi-provided mailbox, from existing support mailboxes so you ensure email messages have been filtered using your provider's security technologies and policies.
Triggers and Actions configuration in Bizagi Studio
Set up the sender domains that will be considered by the Trigger. If this property is empty, the trigger considers all domains. Otherwise, if you register one or more domains, for example, mycompany.com, only emails coming from that domain are considered. We strongly suggest setting al least one domain. More information about setting up Triggers and Actions here: Triggers and Actions configuration in Bizagi Studio.
Last Updated 12/11/2024 11:41:56 AM