Strong and complete security framework
CITE.BPMS adopts an open and robust security model that covers every requirement placed on any modern system. In terms of authentication, the system uses structures such as roles, groups, and organizational units (departments, addresses, etc.), in addition to users. Authorization uses mechanisms that apply rules with various methods, such as: explicit access to entities through Access Control Lists or indirect because of organizational unit integration or case-related and explicit access to system functional areas, using the user's role.
With proper plugins the authentication and authorization itself can be done by almost any modern authentication and / or authorization system, such as LDAP, Active Directory, PAM, OpenID, SAML, proxy headers, Two Factor Authentication, SAML, OAuth2 etc. while combinations of these are allowed. CITE.BPMS supports SSO techniques throughout its range of applications. CITE.BPMS uses encryption for each communication based on the most up-to-date templates available on HTTPS, while older templates can be applied exceptionally if an installation requires it for compatibility reasons with older software. Optionally, it can apply encryption to both digital file data and text index data via archive system encryption and also at the DB management system level (encryption at rest). One of the security mechanisms of CITE.BPMS is that of continuous and complete recording of all the events that occur in it. This can be configured to record all user actions and any data changes they cause, as well as a big part of the system's internal processes. These data are stored in a separate logging system (CITE.AuditVault) which may belong to a different management area so that the data cannot be falsified by the same management authority as the DB. Finally CITE.BPMS is thoroughly tested during its production as to OWASP TOP 10 web application software vulnerabilities to minimize the risk of tampering with and alteration of the data it manages.
