OBEM uses industry-standard system security and encoding protocols to protect against unauthorized access to data and control systems, including the following security features:
- All OBEM components (UI, API) use HTTPS, HTTP Strict Transport Security, and SSL.
-
Certificates to prevent unauthorized access to secure, encrypted communication.
- Supported services use self-signed certificates that are installed on supported products with the option of configuring trusted certificates.
- OBEM enables different users to hold various roles with particular configurable rights, and data is available based on these specific roles.
- OBEM uses an Enterprise Identity Management System (EIMS). The EIMS has a logon workflow to ensure the authentication process is secure through issuing temporary authorization codes in exchange for a secret access code. As the access token is never visible to the user, this is the most secure way to pass the token back to the application, reducing the risk of the token leaking, and the risk of an attacker intercepting the authorization code.
-
OBEM also offers additional password
security features that ensure unauthorized users cannot access the application:
- Multifactor authentication: If a user forgets a password, the user has to validate a one-time password sent through email to enable password recovery.
- Password expiry policy: Requires the user to change their password every 60 days.
- Password history checking: Users cannot re-use any of their past 10 passwords when they reset their password.
- Password lockout: OBEM application locks out a password after multiple retries.
- Credentials on two screens: User ID and passwords are typed on two different screens.