Home
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
Implementing Spectrum Single Sign-on (SSO)
Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
Server configurations for authentication support
Spectrum Technology Platform requires you to define specific server-side properties and entities to support SSO authentication through IdP—Active Directory Federation Services (AD FS), Ping Identity, or Azure Identity Provider (IDP).
Set server authentication properties
When you configure Spectrum Technology Platform to use AD FS_STS or AD FS_SSO for authentication, ensure that SSO is available through SSL/TLS. This is required for the authentication server.

Welcome
Perform administrative tasks required to manage the operation of Spectrum Technology Platform on your system.
Getting Started
Configure and run a new installation of Spectrum Technology Platform.
Approval Flows
Define approval flows that data stewards use to review and accept records generated in a job by Exception Monitor.
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
- Security Model
  Spectrum Technology Platform uses a role-based security model to control access to the system.
- Users
  Spectrum Technology Platform user accounts control the types of actions users can perform on the system.
- Roles
  Spectrum Technology Platform comes with these some predefined roles.
- Access Control
  Access control settings work in conjunction with roles to define the permissions for a user. Roles define the permissions for categories of entities, such as all dataflows or all database resources, and access control settings define the permissions for specific entities, called secured entities. Examples of secured entities include specific jobs or specific database connections. For example, you may have a role that has granted the Modify permission to the secured entity type "Dataflows", but you may want to prevent users from modifying one specific dataflow. You could accomplish this by using access control to remove the Modify permission for the specific dataflow you do not want modified. You can specify access control settings for users and roles. Access control settings for a user override that specific user's permissions as granted by the user's roles. Access control settings for roles apply to all users who have that role.
- Security for Spatial
- Limiting Server Directory Access
  You can browse the Spectrum Technology Platform server's folders when performing tasks that require them to select a file. For example, users can browse the server when selecting an input or output file in a source or sink stage in Spectrum Enterprise Designer.
- Using HTTPS
  Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.
- Web Service Authentication
  Spectrum Technology Platform web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.
- Using LDAP or Active Directory for Authentication
  Spectrum Technology Platform can be configured to use an LDAP or Active Directory server for authentication.
- Implementing Spectrum Single Sign-on (SSO)
  Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
  - Configuration assumptions and SSO deployment checks
    We have designed Spectrum SSO to be seamless to end-users. To facilitate this seamless implementation, before you implement SSO, ensure that some specific security features are in place.
  - Server configurations for authentication support
    Spectrum Technology Platform requires you to define specific server-side properties and entities to support SSO authentication through IdP—Active Directory Federation Services (AD FS), Ping Identity, or Azure Identity Provider (IDP).
    - Set security authentication
      The security setup process requires you define the SSO authentication type and apply JCE policy files.
    - Set server authentication properties
      When you configure Spectrum Technology Platform to use AD FS_STS or AD FS_SSO for authentication, ensure that SSO is available through SSL/TLS. This is required for the authentication server.
    - Set keystore configuration properties
      Spectrum Technology Platform server needs to shake hands with the IdP server, requiring a private and public key pair.
    - Manage AD FS session timeout properties
      IdP has its own session management property. You also have the option isolate and control the Spectrum Technology Platform session timeout. As a best practice, we recommend defining both properties describe here with the same timeout values.
    - Setup SAML2 assertion
      For SAML2 assertions, you must download your site's preferred SAML metadata for the IdP, and store it locally to generate requests.
    - Set SSO binding properties
      Bindings use artifact resolution protocol to resolve SAML identity provided messages by reference.
  - SSO in a clustered configuration
    As part of the setup of SSO in a clustered environment, you must first have your clustering configuration in place.
  - Managing and mapping roles and properties
    Spectrum SSO conveniently maps user accounts to admin-assigned credentials.
  - Mapping LDAP/SSO roles to Spectrum Technology Platform roles
    Before mapping roles, ensure that you have enabled LDAP/SSO authentication.
- Encryption
Data Sources
Configure data sources from which to load and process data in Spectrum Technology Platform2022.1.0.
Spectrum Databases
Manage databases that contain data from trusted data providers. These include databases used by Enterprise Tax, Geocoding, Global Sentry, Universal Addressing, Spatial and Routing.
Services
Access Spectrum Services through a REST or SOAP web service interface.
Flows
Schedule and manage job execution, options, and defaults.
Performance
Perform tasks to get optimal performance from your Spectrum Technology Platform environment.
Monitoring
Monitor system performance and configure notification and use system and audit logs.
Backup and Restore
Schedule or create backups and restore the Spectrum Technology Platform server.
Settings
View and configure Data Stewardship and Context Graph settings.
Administration Utility
Use the Administration Utility Command Line Interface (CLI) to manage Spectrum components and data.
Spectrum properties
Reference information for spectrum-container.properties properties and proxy server settings.
About Spectrum Technology Platform
An overview of Spectrum, its data management architecture, its platform architecture, and its modules and components.

Set server authentication properties

When you configure Spectrum Technology Platform to use AD FS_STS or AD FS_SSO for authentication, ensure that SSO is available through SSL/TLS. This is required for the authentication server.

Configure settings in the following file:

SpectrumDirectory\server\conf\spring\security\spectrum-config-sso-sts.properties.

This file contains configuration values for LDAP/SSO-specific properties. For SSO-enabled authentication, change the following property setting to true to enable SSO:

spectrum.security.authentication.web.sso.enabled=true

This property enables browser-based SSO for Web applications and STS for all other applications (client or Web services, for example). If this property is set to false, and the authenticator is LDAP/SSO, basic STS will be the default authentication protocol.