RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Solar inRights

Product
The name of the base system (platform): Jet inView
Developers: Solar (formerly Rostelecom-Solar)
Date of the premiere of the system: 2014/03/05
Last Release Date: 2024/09/06
Technology: Information Security - Authentication,  MCDS - Access Control and Control Systems

Content

Solar inRights (formerly Jet inView Identity Manager) is designed to centrally manage user credentials and business roles.

The Solar inRights system for automating access control processes to information systems reduces labor costs for managing access rights, for example, removing the rights of dismissed employees, blocking the rights of employees absent from the workplace, and granting new rights to employees whose business function has changed. The system provides a complete picture of employees' access rights to information systems, making it easier to monitor compliance with access regulations.

2024

Solar inRights 3.5 with Advanced Role Differentiation Capabilities

On September 6, 2024, Solar Group announced the release of an updated version of the Solar inRights 3.5 IdM system with advanced role delineation capabilities and an updated risk model for SoD conflicts.

source = Solar
Solar inRights 3.5

As reported, the release introduced contextual assignment mechanisms, enhanced capability to detect and control authority differentiation (SoD), an updated risk module, and optimized work with system reference books.

This version of Solar inRights also supports the integration of the IdM platform with the Solar DAG unstructured data control system.

As a study cyber attacks by the Solar 4Rays Cyber ​ ​ Threat Research Center shows, in the first half of 2024, the share of incidents related to compromised accounts increased to 43% (against 15% of incidents in the first half of 2023). Therefore, the regular refinements of the Solar inRights 3.5 system take into account the current for 2024 cyber threats and the practice of using IDM/IGA solutions in business and. public sector The functionality of the updated version of the platform allows you to streamline and more effectively manage user credentials data and rights, as well as reduce the risk of misuse of authority.

The Context Assignment Engine helps limit the scope of roles in information systems. Contexts are loaded from the IE into a separate reference book and are displayed on different forms of the system in relation to roles, for example, in the user card, which indicates the available roles, in reports and role change history. Now the user can select not only the role for the query, but also the contexts necessary for assigning. For example, in federal distributed companies, the following scenario may be in demand: the information security administrator needs to work within the Southern branch to control access to the CRM system. In this case, the "Information Security Administrator" is the role, and the "Southern Branch" and "CRM System" are two types of contexts for assigning this role.

To manage SoD conflicts, the system now not only evaluates the risk of conflicts when assigning access rights to employees, but also checks all roles created and changed and informs them of inconsistencies. The advanced risk model also allows you to keep track of SoD conflicts in user rights. If the system detects possession of conflicting powers, the integral metric increases. Thus, it became possible to prioritize users with the optimal level of risk when working with SoD. As a result, companies can reduce security vulnerabilities and enforce internal regulations and external regulatory requirements.

Platform refinements allow you to configure automatic account locking when the last role is revoked and unlocking when assigned differently. The vendor also implemented the ability to manually reset the password for user and technical accounts. In this case, the system changes the passwords of the selected CM to automatically generated in accordance with the established password policies, then the generated passwords are sent to the responsible employees in the form of a password transfer request. For technical accounts, the attribute "password validity period" and the function of automatic password reset when changing the list of owners are also added (configured in configuration). The platform allows you to create mass requests for blocking and unlocking several accounts from the list, generate automatic scenarios when object owners, for example, a role, catalog, and information system, are dismissed.

The "Reference Books" section makes it possible to store different types of data in the system interface and use them in additional characteristics of system objects. You can enter any information that you want to structure, and then use the data selection function from the reference book when you need it. For example, you can create a catalog of data on different categories of external contractors in the system: trainee students, developers, marketing partners and others. Then information about them is entered into a separate reference book, which is later used to organize access to specialized extended characteristics of system users.

Solar inRights 3.5 supports integration with Solar DAG. This integration mechanism is designed to enrich role information with data, including their privacy classification. As part of this interaction, a microservice is implemented that connects to the DAG system and receives information about data classes and associated access groups. When this data is received, the history of its change and the entire history of interaction with Solar DAG is preserved.

{{quote 'author
= emphasizes Dmitry Bondar, Director of the Department for Development of Access Control Products of Solar Group|Each release is developed taking into account the constantly changing IT landscape and increasing customer needs. Integration of the IdM system with other information security solutions - as with Solar DAG, − optimizes the ecosystem of access control products and provides a holistic approach to protecting information assets.}}

This version also includes modules for working with technical accounts (TPS) and with applications, refinements of the interface to optimize the flexibility of control and connectors for effective interaction with connected information systems and applications.

Solar inRights 3.4 with "Qualification" module

On May 28, 2024, Solar Group announced the release of an updated version of the Solar inRights 3.4 IdM system, designed for managing access rights in organizations.

source = Solar

In the updated version of the product, a number of improvements are available that allow you to automate even more typical access management tasks, as well as implement changes that optimize the system.

One of the key developments of version 3.4 is the Qualification module. With this module, users will be able to organize and automate the processes of regular access verification in the organization. The updated system allows you to set rules for selecting users and roles for verification. As part of the evaluation, separate objects are created - "Campaigns," at the start of which the system will generate requests for revising roles for users, according to the prepared selection. You can track progress, view history and results using the campaign card.

Evaluation campaigns use a special type of requisitions and can create separate reconciliation routes. The campaign ends automatically when all applications created within its framework go to the final status.

The updated version of Solar inRights also expands the ability to work with parameters for separation of responsibilities and control of SoD conflicts. Interface pages related to SoD rules and conflicts have been redesigned to provide more intuitive management. System administrators will now be able to view permission conflicts in the user profile, making it easier to control incompatible permissions. The system also allows you to import and export SoD rules, for more convenient and effective conflict management. Additional attributes have been added to SoD rules, such as the name, description, and owner of the object.

Another important improvement in this release was the automatic recalculation of authorizations in the final information system when the role composition changes. You can enable or disable this feature manually.

In addition to these innovations, the system has been replenished with several functions that optimize processes and expand access control capabilities in organizations:

  • There is a setting of a restriction on creating violations by authority - now you can specify in the configuration of the information system which violations should be taken into account and which should not.
  • The process of creating a role has changed - now, when creating, you can immediately specify the composition of the role: the included and assigned permissions in the information system associated with this role.
  • Administrators can now configure report templates with more options and specify them as one or more values.
  • A global setting has been implemented to help determine whether accounts are linked to users or to their employment, increasing access and ensuring clarity and consistency in data management.
  • Detailed information on the progress of requests for access through other information systems has been added to the request approval history.

To improve efficiency, security and flexibility of access control, a number of improvements have also been added:

  • A product connector and template for connecting to the ALD Pro domain directory system have been implemented, which has opened up new opportunities for data exchange in a Linux-like solution environment.
  • The operation control function is placed in a separate module, which allows system administrators to turn it on or off if necessary.
  • Technical enhancements now include migrating custom forms to the configuration server.
  • Platform administrators were able to selectively import objects from the connected information system.
  • It became possible to receive a JWT token for authentication through a domain account.

Separately, the company noted the redesign: the pages of the application were redesigned to improve user interaction and visual attractiveness. The redesign touched on the main page of the system, where convenient informative widgets appeared, as well as a technical account card (TAC), wizards for creating TACs and applications, lists of applications, as well as pages of SoD rules and SoD conflicts.

Red OS Compatibility

Now users can prevent and promptly respond to information security incidents related to access rights using the IGA system for managing Solar InRights accounts, installed on the Russian operating system Red OS. Solar Group, an architect of integrated security and developer of Solar InRights, and Red Software, a developer of RED OS, reported on the compatibility of their products based on the results of the tests. Companies have signed a two-way compatibility certificate. Red Soft announced this on May 17, 2024.

The ability to work Solar InRights with the RED OS operating system will allow customer companies to implement the software stack, fully adhering to the requirements for the transition to domestic products. Thus, the Solar InRights solution can be used both in government and commercial organizations that are aimed at strengthening their information security strategy.

File:Aquote1.png
Checking compatibility with operating systems included in the register of Russian software and certified by FSTEC is an important step in the development of our Solar InRights product. We strive to ensure in advance the maximum compatibility of our solutions with the operating systems that our customers choose, - said Nikita Igonkin, head of the department of technical expertise and quality control of products of Solar Group.
File:Aquote2.png

Solar inRights 3.3

On February 27, 2024, Solar announced the release of the Solar system inRights 3.3. This version provides advanced control, automation and flexibility for effective management of technical accounts (TPS) and compliance with external and internal regulations. A number of changes have been sent to optimize access control processes and their continuity. General technical and architectural changes were also made for smoother and more reliable operation of the system.

Solar inRights 3.3

File:Aquote1.png
The Solar inRights system has reached a serious level of maturity. It is designed to provide a comprehensive set of access control capabilities out of the box. The architecture optimizes installation and start working with the system, allows independent integrators to deploy the system to customers who are striving to strengthen their information security strategy.

noted Dmitry Bondar, Director of the inRights Department of Solar Group of Companies
File:Aquote2.png

According to the company, the key change in this version is the addition of the object system, TPS, to the object model, which introduced additional capabilities and greater flexibility in managing technical accounts. Technical accounts are one of the favorite targets of attackers, their interception or user errors can cause an incident. Better management of the TPS will allow customers to reduce this risk and facilitate investigations.

In the updated version, you can sort and filter the list of TACs. Putting accounts into operation for a certain information system has become easier thanks to the TPS creation wizard. Another addition is a card that contains an exhaustive account information: all general attributes, information about the TPS for a specific information system, assigned roles and their change history; You can also request the assignment of additional roles here. The whole process of TAC roles management, From the assignment request and the revocation of roles to the approval, it is displayed transparently in the system. Individual role approval routes are configured according to your organization's needs.

The update refined automation scenarios to ensure uninterrupted operation in cases where the TPS has a single owner or one of the owners is fired. The system now allows you to configure any scenario development, for example, "appoint the head of the dismissed employee as the owner of the TPS," "notify the responsible person" or set up the process otherwise in accordance with the company's regulations.

Setting up an account has become more convenient thanks to the automatic generation of a password transfer request, changing the TAC password has also become easier. Optimized scenarios for mapping account types and their purposes have also been implemented. By introducing an additional policy object, you can automatically assign rights to specific employees based on specified user or employment attributes. The policy card contains general information, assigned roles, and a list of related users. You can archive, enable, disable, and modify policies.

All deviations from approved procedures for the purpose and revocation of authority for users, including TPS, are displayed in the form "Policy Violations" in order to record, correct or legalize them in a timely manner.

Another addition will be useful in complex infrastructure environments. If the information resource is connected to the IdM not directly, but through an intermediate external system, for example, a data bus, asynchronous interaction is used. The asynchronous provocation function takes it to the next level. Access management in an extensive structure will allow the implementation of cross-domain assignment functionality. You have assigned an additional parameter to the roles - the information system for which you assign authorizations. If there is no account on this system, it will be created automatically.

Also, Solar inRights has optimized personnel processes. Administrators see the policy-based context of authorization assignments in each employee's card. If you manually change a position, department, or other data, the system now automatically adds the assignment and deletes the old one. The "prohibit synchronization with a frame source" check box has been added, a standard re-hiring process has been implemented, user photos can be added and deleted with one click. To reduce the waiting time, if the coordinating employee is on leave or sick leave, the function of automatic forwarding of the request to the nearest available manager is added.

The transfer of processes to the BPM engine and their adaptation continued in the updated release - this The change will enable customers to automate more business processes and streamline the configuration process. Added the ability to save BPM processes when exporting a configuration. The operations monitoring module, which is responsible for protecting information resources and preventing incorrect events, is adapted to this mechanism. All authorizations in the product were also updated based on the internal role model and refactoring security checks was carried out to increase the protection of the system from unauthorized access.

Particular attention is paid to the continuity of the account download process. Earlier, if an object with incorrect data arrived from the IS during import, synchronization or loading tasks, the process was interrupted. Now the system ignores attributes with incorrect data when searching through the resource object connector and saves them to the repository. Information about the object and the ignored attribute is stored in the log file.

In addition, the updated version has changed the design of a number of forms in favor of a more intuitive and visually attractive interface: list, cards and form of creating objects such as users, roles, accounts, information systems, departments, catalogs.

Solar InRights is a solution for managing accounts and user access rights to corporate resources. In the Solar IdM system, the use of plugins allows you to save fine tuning when updating. The platform is certified by the FSTEC of Russia and entered into the Unified Register of Domestic Software.

2023: Solar inRights 3.2 with user interface on Vue.js

On July 3, 2023, RTK-Solar Group announced the release of an updated version of the Solar inRights 3.2 access control platform (IdM/IGA). In this version, the user interface has been translated to the progressive Vue.js technology, which is independent of import.

The solution interface no longer uses licensed third-party software. Also in this release, the Authorization Conflict Management (SoD) module has been updated and a number of improvements have been made to the system functionality based on requests from current customers.

The transition to the new Vue.js frontend framework has improved the efficiency of refining the Solar inRights user interface in accordance with the wishes of a particular customer. Previously, the JavaScript library Ext.js was used to create the interface, which, in addition to mandatory licensing, has a number of restrictions related to functionality, so it was necessary to manually modify and add the necessary tools. Thanks to the transition to Vue.js and the architecture update, the updated front-end Solar inRights has become a dynamically configurable tool that adapts to the user, scales easily and allows you to configure and develop the user interface for both desktop computers and mobile devices.

A large number of components developed with Vue.js allow you to customize the product interface to your individual needs without additional work. Also, Vue.js components require less computing power, reducing the requirements for the hardware on which the software runs.

In addition to Vue.js, important technological changes in this version of Solar inRights include the transition to Standalone installation of the product. Previously, when installing the system in the customer's infrastructure, the Apache Tomcat servlet container was necessarily used. Now the solution is a standalone solution, which allows you to speed up its installation and configuration during implementation in companies.

In terms of functional improvements in this version of the Solar inRights platform, a significant development of the Authority Conflict Management (SoD) module can be noted. This system component in demand on the market has been supplemented with scenarios for automated control of user access rights. Now conflict management is implemented not only at the application level, but also the ability to manage the life cycle of the conflict of authority, which allows you to work with the conflict separately. This is necessary in situations where, for objective reasons, it is impossible to avoid a conflict of authority: vacations, emergency absence due to illness, open vacancies and simply an urgent need to fulfill certain functions. If rights are necessary, then authority conflicts are created and used in the logic of the system, they can be managed by controlling the emerging risks with additional measures. The current interfaces of the module have also been implemented and redesigned. When issuing an application, users and conciliators will be warned of a conflict and will be able to make a decision on this situation: check and assess, supplement the application with additional information/documents, request clarification from the applicant, etc.

In this version of Solar inRights, it has become more convenient to work with various reporting forms. In particular, it became possible to subscribe to receive up-to-date reports. The user can specify the necessary subscription parameters, see which subscriptions he has already formed earlier, edit or cancel them if they have become irrelevant for him. In addition, the performance of the system when working with a large number of requests has been increased, and new features have been added to filter objects on user forms.

The Solar inRights IGA system helps to build convenient and effective procedures for the implementation of regulations at the enterprise, as well as the prevention and investigation of information security incidents in terms of access rights management. The platform is certified by the FSTEC of Russia and entered into the Unified Register of Domestic Software.

2022

Translating Core Business Processes into a Graphical Interface

On October 11, 2022, Rostelecom-Solar announced the release of the Solar inRights Access Control System (IdM/IGA) update. The main business processes were translated into a graphical interface - a BPMN editor, the possibilities of filling out dynamic forms for working with objects and mechanisms for creating and managing them were expanded, algorithms for determining the main employment were improved, the system security was increased.

Illustration: 3dnews.ru

Previously, the main access control business processes, such as hiring an employee, transferring from one position to another and dismissal, could only be configured using a limited set of engineering settings. This seriously reduced the ability to customize processes according to the individual wishes of customers, and the implementation of such requirements led to additional costs. Now you can quickly customize your company's business processes through a convenient graphical editor - BPMN (Business Process Model and Notation) - a generally accepted international standard for process modeling. It presents business processes in the form of diagrams that allow you to simply define branched business process designs that need to be implemented, without additional costs for refinement.

The BPMN graphic editor is distinguished by intuitive conventions, so it is simple and convenient to use not only for architects and developers, but also for analysts, business users, managers who participate in the project. This allows you to implement projects of any complexity, with the customization of any customer requirements for setting up and documenting business processes in a short time and with minimal costs.

The update significantly enhances the ability to fill in dynamic (changeable) forms for working with objects such as a role, user, etc. Depending on the initial conditions and parameters, the number of fields required to fill in, as well as their auto-filling, are determined. Thus, in the form of creating a new user for a full-time and freelance employee, there will be a different number of fields required to fill in. Also, to help you work with the system, forms provide text hints for the user that are readable but not saved to an object created through the form.

In addition, the updated Solar inRights allows you to flexibly change the logic of determining the main employment of an employee (held in a division of a position), depending on the specific customer, which significantly speeds up the configuration and customization of the system for the client. Previously, the definition of the main employment was tightly sewn into the system configuration, and for customization it was necessary to finalize, which increased the time, costs and complicated further maintenance of the system. Now the algorithm for calculating the main employment can be configured by changing the composition of the steps and setting the action at each step. Even if some parameters or attributes are not defined or defined, you can configure the system response so that related business processes do not stop.

Another extension of Solar inRights capabilities is the option to graphically customize the composition of roles associated with permissions and objects in a managed system. Earlier in the process of setting up account control rules and their permissions in integrable systems, engineers were forced to manually write complex constructs in roles/metrics. This can now be done in the graphical interface of the system, for which a new section "Construction" has been added to the role card.

Graphical configuration of roles made it possible to simplify the settings of rules of interaction with the integrated system, increase the speed and convenience of configuration, simplify system support and reduce the number of errors caused by human factors. The update also made a number of improvements to improve the usability of Solar inRights and strengthen the security of the solution.

Thus, the universal requisition mechanism has been expanded for the "role" object, and now all system objects can be created both without the requisition and upon the requisition. This makes it easier to create and modify all objects, as many customers are required to create and modify a system object after having passed the corresponding approvals. If necessary, the person responsible for creating or changing the object generates a requisition. Depending on the action with the object (create/change) and its attributes (for example, role/user type) in the requisition, the system determines the corresponding approver. Once reconciled, the changes are saved in the system.

The Solar inRights update also contains a number of improvements to improve system security: we have developed our own mechanisms for protecting against DDoS and CSRF attacks, as well as increasing the reliability and security of the solution by switching to the current Java 17 development platform.

Solar inRights 3.1

On March 15, 2022, Rostelecom-Solar released an updated version of the Solar inRights 3.1 access control platform. The update implements a risk model that allows you to manage the risk levels of company employees, as well as stores the history of all login changes from employee accounts.

Solar inRights 3.1
File:Aquote1.png
Each employee of the organization has access to certain IT resources, which potentially carries certain security risks for the organization. So, in any company there are specialists who have administrator rights and can change the configuration of IT resources and network objects. Or workers who have permission to edit, financial data maintain active transactions on accounts or contracts. Such employees, obviously, carry companies higher security risks than personnel with rights only to view such data. To identify employees with access to increased risks and be able to reduce them, we implemented the Risk Model functional module in the updated version of our platform.

noted Dmitry Bondar, Director of the Solar inRights Access Control Competence Center of Rostelecom-Solar
File:Aquote2.png

According to the company, within the framework of the risk model, the responsible employee - the owner of the resource, the head of the controlling department or other authorized person of the company - can assign a certain numerical value of risk to each resource and object of the company, which the user receives access to. The combination of these values allows you to calculate the integral level of risk for each employee who gains access to certain resources of the company based on the position or as a result of requesting additional rights.

As soon as the employee's integral risk level exceeds the value specified by the security policy, the system automatically places the employee in the list of high-risk ones. You can set up different risk response scenarios for such personnel. For example, send notifications to controlling employees about exceeding the permissible risk level, form a request for a review of rights in systems, use additional control tools, or limit the period of time during which an employee has high-risk access.

Solar inRights enables proactive risk optimization. When applying for high-risk access, the employee is notified that he or she is requesting high-risk rights. If he does send a request, the approver may approve the request or, if in doubt, delegate the approval to another person. Also, the request can be returned to the applicant for clarifications, changes in the term of access or the application of administrative documents.

In the card of each employee in Solar inRights, you can see his general integral risk level, as well as get information on which individual risks this level was formed from. So that the security and internal control specialist, as well as managers and resource owners can track the dynamics of integral risk levels of the company's personnel, Solar inRights forms a special report "Risk Level Map." Thus, all employees who pose an increased risk to the company will be under constant control, and measures can be taken to reduce the risks they carry to the company.

Another important change to Solar inRights 3.1 was the implementation of the storage of historical user account data. Starting with this release, the system saves all changes to employee account names in the archive, which allows you to track the history of all changes. This feature is especially required when investigating incidents, when only the name of the account on behalf of which any action was carried out is known.

Solar inRights is an IGA (Identity Governance and Administration) platform that ensures the implementation of processes and regulations for managing access rights to company information resources. The system allows you to automatically grant and change access rights, draw up and execute applications for issuing rights and ensure comprehensive access control throughout the company. Solar inRights was developed in Russia using its own technologies patented by Rostelecom-Solar.

2021

Certificate of compliance with the requirements of FSTEC of Russia

The Solar inRights software package received a certificate from the FSTEC of Russia for compliance with information security requirements according to the 4th level of trust and technical conditions. The document certifies that Solar inRights is a software tool that provides delimitation of access to information that does not contain information constituting a state secret. Rostelecom-Solar announced this on November 16, 2021.

File:Aquote1.png
We are always very demanding and highly responsible for the development of our software. Our access control platform works in the leading system-forming enterprises of Russia, in government agencies. We are obliged to provide our customers with a solution that meets all the technical requirements of the supervisory authorities for the means of protecting information and ensuring the security of Russian organizations. In particular, this is important for significant objects of the critical information infrastructure of our country. We have been really waiting for this conclusion of FSTEC and are now ready to provide it to our customers as a guarantee of the safe operation of our solution, "said Dmitry Bondar, director of the Solar inRights Competence Center of Rostelecom-Solar.
File:Aquote2.png

Information protection tools corresponding to the 4th level of trust are used in significant objects of the critical information infrastructure of the 1st category, in state information systems of the 1st class of security, in automated systems for managing production and technological processes of the 1st class of security, in personal data information systems if it is necessary to ensure the 1st level of security of personal data, as well as in public information systems of the 2nd class.

Solar inRights has previously been certified for compliance with the FSTEC requirements for the 4th level of control over the absence of undeclared capabilities. And after the release of the amended requirements of the information security regulator in June 2020, an application was submitted for certification under the latest requirements.

During the year, Solar inRights passed all the necessary examinations for compliance with the requirements for the development and production of information protection tools, as well as testing and security support. Based on the technical conclusion of the testing laboratory of JSC NPO Echelon and the expert opinion of JSC PPSh Laboratory Solar inRights received a certificate of compliance with the requirements in force for November 2021. The confirmed high level of security of the solution will allow the Solar inRights Access Control Competence Center to provide its developments with the state's needs for means that reduce cybersecurity threats.

Compatibility with Alt Server 9 OS

The Russian companies BASEALT and Rostelecom-Solar ensured the compatibility of the Solar inRights platform for centralized management of employee access rights to information resources (IGA) with the Alt Server 9 operating system. Rostelecom-Solar announced this on February 24, 2021. Test tests showed the correctness of the collaboration of software products; the results are confirmed by a two-sided compatibility certificate. The work was carried out within the framework of the development of technological partnership of companies. Solar inRights and Alt Server OS are included in the Unified Register of Domestic Software.

The created software package will be in demand by organizations that own a critical information infrastructure. Its application will allow you to monitor compliance with the regulations for granting users access rights to corporate digital resources, reduce the number of incidents caused by excessive powers, and reduce labor costs for access control.

File:Aquote1.png
The digital environment of KII facilities should be built on the basis of domestic technologically independent solutions that provide a high level of protection of information resources, - said Alexey Smirnov, General Director of BASEALT. - The use of the software and hardware complex as part of the Alt Server 9 OS - Solar inRights provides CII subjects with the opportunity to form their IT infrastructure in accordance with the requirements of state, industry and corporate security standards.
File:Aquote2.png

File:Aquote1.png
We pay special attention to the development of our partnership with Russian software companies. This allows us to expand the list of compatibility of our products and offer customers high-quality solutions of Russian development for the state and business on the basis of a proven technological stack that has all the necessary certificates. The main focus of our interaction with suppliers is aimed at the reliability and proof of the technologies used and the maximum possible compliance with the requirements of import substitution. It is important for us to provide our customers with reliable solutions that allow them to seamlessly migrate to domestic software, "said Dmitry Bondar, director of the Solar inRights Competence Center of Rostelecom-Solar.
File:Aquote2.png

Inclusion in GISP

The Ministry of Industry and Trade of the Russian Federation on the basis of the State Information System of Industry (GISP) has compiled a list of solutions that are recommended for use by the authorities and commercial enterprises of Russia to organize remote work processes. In the "Information Security" category, it also includes the Solar inRights automated access rights management system. The developer announced this on February 9, 2021. Read more here.

2020

Solar inRights 3.0 release

On November 19, 2020, the company Rostelecom-Solar"," a national provider service and technology company, cyber security announced the release of the Solar inRights 3.0 IGA platform. The release of the platform for managing access to information systems (IS) of companies implements a mechanism for managing conflicts of authority - the functionality of preventing SoD conflicts.

Solar inRights 3.0

According to the company, conflicts of user powers in the information systems of companies are one of the urgent and at the same time difficult to solve problems in the field of access control. Giving an employee complete control over a process or asset increases the risk of fraud in the organization. Therefore, the functionality of distinguishing conflicting powers - SoD (Segregation of Duties) - is a necessary component of an effective risk management strategy of a modern company. In previous versions of Solar inRights, permission conflicts were managed using complex engineering settings, and starting with version 3.0, users receive an automated tool to solve this problem.

The updated version has a graphical interface that allows you to form a matrix of "critical" combinations of employee rights (roles) in the company's information systems. Conflict data can be imported from an external file or entered manually through the system interface in the "Configure SoD Conflicts" form. The matrix allows you to indicate conflicts of combinations with criticality markings. In the case of a critical combination (prohibition), the user cannot simultaneously have conflicting roles, and in the case of an undesirable combination (warning), he can, but only when confirmed by an authorized employee.

Solar inRights 3.0

Solar inRights 3.0 provides various scenarios for responding to SoD conflicts. First, the system automatically checks for critical and unwanted roles in the access request. Next, it analyzes whether roles are requested that, in combination with those already available to the user, form a critical/undesirable combination. If such a combination is found, then the initiator of the application is given a warning about the conflict.

The system then automatically determines if the user has authorization to create a request with SoD conflicts. If there are any such rights, you can continue with the registration or remove roles with a critical/undesirable combination from the application. If there are no such rights, then the conflicting rights with the critical combination will be automatically removed, and the rights with the undesirable combination can be removed or saved in the application.

Solar inRights 3.0 logs all events related to the occurrence or elimination of SoD conflicts, it stores complete information on all conflicts of authority. The report can be uploaded from the system at any time, having formed the desired sample using convenient filters: by conflict status, by departments, employees, roles and for a certain period of time.

For timely notification of conflicts, Solar inRights 3.0 sends notifications to role owners and information security officers. The system allows you to set up access to view and edit information on SoD conflicts depending on the employee's position.

The updated version is also distinguished by the changed password policy. Now, when changing the password of the user account in the information system, the policy set for this IS will be used. If the password policy for the information system is not specified, then the password rules specified in Solar inRights are used - the only option in previous versions of the platform. More flexible rules will be in demand if some systems in the organization (for example, containing strictly confidential data) are subject to more stringent password requirements than the main part of the systems. Or if the company uses legacy or unique systems for which it is technically impossible to configure centralized password policies.

To optimize work with the platform, the functionality of managing e-mail notifications received from users from the system has been significantly redesigned.

In the basic Solar inRights settings, notifications contain the minimum sufficient information - application number, role assignment, creation date. However, the notification system can be customized for the client and further include information about the exact time the request was created, the name, the position and the department of the initiator, which roles and for which employees are required, etc. This allows the user who received the notification to quickly navigate the essence of the request and quickly process it.

Solar inRights Release 2.10

On July 9, 2020, the company Rostelecom-Solar"" announced the release of an updated version of the management system identification data and (access Identity Governance and Administration, IGA) Solar inRights 2.10. The main changes affected the module for working with violations of policies. safety Together, the functionality reduces the time required to to the administrator work with the system through automation elements and enhanced analytical tools.

Solar inRights 2.10

The module for working with access policy violations has a set of filters that, according to the developer, have simplified and accelerated the processing of security policy violations. You can quickly select violations by status, by specific system, for a certain period or date, as well as by other parameters. For each violation, you can view the details, for example, about the comments made during its processing. For conducting information security investigations and building reports, a history of working with all violations has become available.

According to the developer, Solar inRights 2.10 allows not only to correct identified violations of security policies, but also to legalize violations, if necessary in some exceptional cases. For example, in a situation where it is urgent to grant redundant authority to an employee for emergency elimination of a technical failure. This violation will immediately affect the access control system, but in the presented version it can be approved by specifying the grounds for this action or by forming an application for its confirmation. When legalizing without a request, the processing date, executor and comments will appear in the violation log. If the user forms an application for legalization, then it will go along the already specified route. It will indicate complete information on the violation, and all data on the processing of the event will appear in the violation log.

In the updated version, it became possible to perform mass operations with violations of security policies. For example, you can select several violations according to the criteria "system," "role," "authority," "date," "full name" and apply massive operations to them like fix, legalize, etc. This refinement will also reduce the time required for the administrator to work with the system on a daily basis, and increase the convenience of working with the solution, according to "Rostelecom-Solar."

The appeared setting of automatic response rules to violations is also aimed at this. In the graphic designer, various conditions for setting rules are made in separate blocks. You can select the required system, select violations by type, enter a description of the new rule, and configure a response scenario or notification by type of violation.

File:Aquote1.png
"In the presented version, the Solar inRights access control system can itself, for example, return the user's rights in the business system to its original form and automatically notify information security service specialists about the violation. Or, say, process the event as legalized, while filling out comments on legalization. Or automatically form an application for legalization along a certain route. This is a convenient mechanism for processing events when human participation is not required and it is possible to shift some actions to the machine, thereby freeing up the time of qualified specialists, "
File:Aquote2.png

The application module is supplemented with the ability to request a set of roles for the user, identical to the one that his colleague has. This feature is required to ensure continuity in non-standard situations. For example, in the event of an illness or dismissal of an employee who had some specific rights in the system that his colleagues in the business unit do not have.

In an application for a set of roles "like another," you need to specify the "beneficiary user" (to whom the role is assigned) and the "reference user" (whose roles are assigned to the beneficiary). The system generates a list of roles for the requisition, which includes roles that the beneficiary does not have and that the template has. Moreover, only those roles that the applicant can request in accordance with the role visibility settings for the initiator in the Solar inRights interface. You can make changes to an already completed application at any time, for example, by setting a new term for the appointment of roles, a set of beneficiaries, extra or additional roles, etc.



Solar inRights Release 2.9

On April 29, 2020, Rostelecom-Solar announced the release of the next version of the Solar inRights 2.9 Access Control and Administration System (IGA). The update introduced an operation control module, the ability to massively manage roles, as well as tools for monitoring the operation of the system.

Automated access control systems have the ability and rights to make massive changes to the various objects connected to them. Therefore, even a minor error of an employee (administrator, HR employee) or inconsistency in the system settings can lead to large-scale negative consequences. To avoid this, Solar inRights 2.9 implements the ability to control the execution of mass operations and pause them.

File:Aquote1.png
The operation control module protects the company's information resources from massive errors and the implementation of incorrect events. For example, the system can be configured to automatically block employee access upon termination. And in the event of a failure in personnel data or other incorrect event, the system receives information that the department has been deleted and all its employees have been dismissed. Eliminating the consequences of such a failure is a laborious and troublesome task. In the next version of Solar inRights, features have appeared that allow you to customize the behavior of the system so that in response to such bursts of operations with a large amount of data, changes are suspended until they are considered by the system administrator. At the same time, the rest of the processes are proceeding as usual without any downtime. This feature will be especially needed in large organizations with extensive business processes and a large number of users,

- explained Dmitry Bondar, Head of Solar inRights at Rostelecom-Solar
File:Aquote2.png

This function can be performed both in manual mode and automatically after the specified threshold is exceeded.

When administering an IGA system, a lot of time can be spent on the same type of role operations, for example, removing certain roles from all directories or setting a ban on the ability to request a role. Now, to save time, an administrator can define a list of roles in a few clicks and specify the necessary operation to apply to the selected roles. The system will automatically perform the necessary actions and report the result.

In addition, the system monitoring tools have been improved in version 2.9. Now the administrator can monitor the correctness of Solar inRights without involving the vendor's specialists in order to make changes to its settings if necessary.

Solar inRights 2.8 release

On February 11, 2020, Rostelecom-Solar released an updated version of the Solar inRights 2.8 access control and administration system (Identity Governance and Administration, IGA). The version has the most convenient graphical designer for creating and changing access request approval routes, as well as significantly optimized operations with applications according to the wishes of current customers.

Implementation of the graphical designer for creating and changing access request approval routes

The Visual Route Designer allows you to easily create many requisition reconciliation chains or edit existing ones. With it, you can flexibly set the necessary conditions: approval by a specialist of a certain department, conditions for delegation and escalation of approvals, timeout actions, etc. Now this functionality can be used by employees without deep technical skills, for example, representatives of business units of the company. In previous versions of Solar inRights, the creation and change of routes was possible only by technical specialists through engineering settings.

File:Aquote1.png
Many Russian user companies access control systems call weak ergonomics and inflexibility of tuning tangible shortcomings of domestic IGA solutions. These shortcomings eventually become a great pain for customers, because the processes of modern enterprises change rapidly, and business must quickly respond to these changes. In this regard, one of the components of the development strategy of our Solar inRights solution is to improve usability, maximum simplicity and modularity of system settings. So that the company can easily configure our IGA solution to implement its specific tasks,
comments Dmitry Bondar, Head of Solar inRights at Rostelecom-Solar
File:Aquote2.png

As of February 2020, the graphic designer has already been implemented for modules for creating or changing basic user rights, configuring role scopes according to the organizational structure or functional direction and configuring access request approval routes. In the coming versions, it is planned to extend this tool to other administrative modules of the IGA system.

In general, in this version, many changes are aimed at improving the user experience. Thus, in Russian companies, the combination of electronic and paper document management is still practiced. For such organizations, Solar inRights 2.8 provides for the possibility of attaching scanned documents to the application for access - orders, orders, signed obligations and the like - in any file formats.

At the request of customers, Solar inRights 2.8 implements the option to return requests for clarification, if the approver needs additional information to make a decision on issuing access. Now there is no need to reject the request and force the initiator to create it again, which previously seriously slowed down the business process. The system allows you to transfer the request to the status "On clarification" and automatically sends it to the initiator by email a notification about the need to provide additional information. And in the user interface of the IGA system, a list of requests in the status "On Clarification" is now separately displayed. The initiator of the application, for his part, can either enter additional information, or cancel the application in its entirety or a separate request from it.

In the direction of the development of filtering mechanisms in the "Information Systems" section, filtering was implemented by the personnel status of the account owner. This filter allows the information security service to quickly make sure that employees who have left the company do not have active accounts in information systems. And in case it is necessary to select accounts that were not used for a certain period (month, six months, year, etc.), Solar inRights 2.8 provides filtering by the date of the last login. Previously, the filter allowed you to select only by account status - used and unused.

2018

Release version 2.7

On October 2, 2018, Company Rostelecom-Solar company announced the release of the next version of the IGA platform (Identity Governance & Administration) Solar inRights. With next-generation tools that reduce implementation and maintenance costs, customers can reduce their total cost of ownership by an average of 1.5 times.

According to the company, to simplify the integration process in Solar inRights 2.7, the tool "Wizard for connecting information systems" has been implemented. Thanks to it, the system is added in only three stages: choosing the appropriate connector to the information system, configuring its connection and choosing a connection template. The administrator can then import user objects and system permissions into Solar inRights.

Version 2.7 of the platform "out of the box" offers typical configuration templates for the main functional elements - coordination processes, data conversion rules, technical roles for delimiting access to the system, etc. This speeds up the process of configuring Solar inRights, providing it with the artifacts necessary for work.

Setting up and maintaining the next version of the IGA platform has become easier and more convenient thanks to graphic tools - role editor and user rights editor.

The graphic role editor Solar inRights allows you to analyze the composition of the role, see which systems an employee has access to. The administrator can quickly create and edit roles, change their composition, view departments and positions for which the role is basic, and see parent roles and Solar inRights internal rights that are included in the role. A set of pre-installed technical roles has appeared in the system, this allows you to reduce and simplify the implementation process.

The Graphical User Rights Editor allows you to dynamically manage the scope of users and organizational units based on user attributes, organizational unit membership, and other similar parameters.

Solar inRights certified in the Republic of Belarus

Rostelecom-Solar, a developer of products and services for targeted monitoring and operational management of information security, announced in September that Solar inRights had successfully passed the certification procedure for information protection tools at the Operational and Analytical Center under the President of the Republic of Belarus.

The issued certificate confirms the compliance of Solar inRights with the requirements of the technical regulations of the Republic of Belarus TR 2013/027/BY "Information technologies. Information security tools. Information security. " Thus, Rostelecom-Solar receives the right to implement the Solar inRights IGA solution in the Republic of Belarus, including in public sector organizations. The solution can be used in information systems of classes 2 and 3, that is, to ensure the protection of service information of limited distribution, as well as information protected in accordance with the legislation of the Republic of Belarus.

Integration with CompanyMedia EDMS

On August 16, 2018, it became known that Rostelecom-Solar the company INTERTRUST also completed integration its products: Solar EDMS CompanyMedia DLP Solar Dozor inRights systems and IGA platforms. Using them together will allow customers to differentiate the access rights of employees in the system electronic document management and protect themselves from. leaks More. here

2017

Release 2.5

Solar Security in November 2017 introduced the next version of the Solar inRights 2.5 access rights management solution.

The presented version focuses on the needs of large companies, which are important for usability and the ability to adapt the solution to existing business processes. To do this, Solar inRights 2.5 has expanded the capabilities of the application system, graphic customization tools and customization.

Requisition System

Solar inRights 2.5 has improved the application system. The number of users and authorizations in the requisition, the sequence and number of matching steps, the logic of splitting, branching and executing the requisition can now be practically any. Delegation, escalation and deputy management mechanisms are supported. An error processing mechanism is implemented that allows you to handle situations of absence of approvers (for example, due to dismissal) without interrupting the process of approving the application. The Solar inRights 2.5 claims management system is able to support processes of almost any complexity and does not require the organization to absolutely no changes in established business processes.

The list of standard types of applications has also become wider - such types of applications have appeared as "Change the term of office," "Revision of authority when transferring to a position," "Transfer of password." But one of the key architectural innovations in Solar inRights 2.5 in terms of the application system was the ability to quickly add various types of applications. Now you can create a fundamentally new purchase requisition type that is not provided for in the system in just a few days.

Graphic editors

Solar inRights 2.5 has expanded the list of graphic editors that make system configuration easier and more convenient - both during implementation and during operation. The Role Catalog Graphic Editor allows employees to apply by self-creating a catalog of systems to which they need access.

The Organizational Structure Editor allows you to visualize and edit the organizational structure of your organization. The Role Model Editor enables you to set up standard access profiles for company business units. With it, you can assign a basic set of roles to a specific unit or position that are relied on by the corresponding employees. And the report editor allows you to develop almost any report in accordance with client requirements directly through the Solar inRights 2.5 user interface.

Other changes

In addition, version 2.5 offers users advanced authentication capabilities. Now employees can authenticate both through Kerberos - without the need to enter a login and password in Solar inRights itself, and on any of their personal accounts managed by the solution (for example, by an account in SAP).

The Solar inRights 2.5 event logging system has also changed. The audit system allows you to flexibly configure the list and depth of audited events, as well as broadcast them to external systems in various formats. In particular, the ability to transfer event data in SYSLOG format is implemented, which provides seamless integration of Solar inRights 2.5 with SIEM systems.

Finally, one of the largest innovations in Solar inRights 2.5 is the plugin extension system, which makes it possible to refine the system without affecting its kernel. This system allows you to expand the functionality of the system within a wide range - to create entities, functions and forms of the user interface through additional libraries. Thus, solution refinements during large implementation projects can be carried out separately, without interfering with the system core, but the solution can be updated regardless of the modifications made.

Certification in FSTEC of Russia

The company, Solar Security a developer of products and services for targeted monitoring and operational management of information security, on September 7, 2017 announced that it had received a certificate from the IGA (Identity Governance and Administration) Solar InRights class solution. FSTEC Russia

Certificate of Conformity No. 3793 confirms that the Solar inRights 2.0 solution meets the requirements of the FSTEC of Russia for level 4 control and technical specifications. The obtained certificate allows you to use Solar InRights when creating automated systems up to and including 1G security class, as well as to protect information in personal data information systems (ISDS) of all security levels. Solar InRights is also included in the Unified Register of Russian programs for electronic computers and databases.

Solar inRights provides automatic execution of access control policies, as well as management of the full lifecycle of accounts, roles, information systems and other management entities. The solution reduces the risks associated with errors in the execution of access procedures, redundant rights of employees, and also increases the transparency of access control processes.

File:Aquote1.png
Solar inRights is a Russian product with a maturity level of the Western solution of the IGA class. Now organizations that use exclusively certified solutions can use advanced access rights management technologies, automate a number of routine IT and information security operations and, most importantly, reduce the risks associated with excessive employee access rights to corporate information systems, "said Dmitry Bondar, Head of Solar inRights at Solar Security.
File:Aquote2.png

Integration with Indeed ID Solutions

On August 9, Solar Security and Indeed Identity announced the development of a joint integration solution that combines the capabilities of the Solar inRights IGA platform (Identity Governance and Administration), the Indeed Enterprise SSO single sign-on system and the Indeed Card Management public key infrastructure management system. The solution improves information security and saves human resources in the company by automating processes related to granting access rights and managing the user password lifecycle.

The integration of Indeed Enterprise SSO with Solar inRights allows you to automate various operations with an employee's SSO profile. This includes creating a profile, adding targeted applications to the profile for end-to-end access, saving and deleting user settings and credentials to access applications from the SSO profile. In addition, the solution eliminates the need for manual control of the password lifecycle - they are created, changed and entered completely automatically.

File:Aquote1.png
Automating the administration of employee SSO profiles is always a big step to improve the level of information security for the company. The human factor should not be underestimated, and an IT and information security specialist can make a mistake in granting access rights or forget to revoke them when an employee is dismissed, and such mistakes are very expensive for companies, "said Pavel Konyukhov, technical director of Indeed Identity.
File:Aquote2.png

In terms of Solar inRights integration with Indeed Card Management, the solution automates the use of the public key infrastructure. As a result, revoking, suspending, or restoring user certificates (such as resignations, vacations, or reassignments) does not require the participation of users or administrators.

File:Aquote1.png
Our joint solution provides a high level of automation. For example, when a new employee enters a company, he automatically receives password-free access to all the necessary business applications and platforms immediately after entering his data into the HR system. This removes most of the routine tasks of providing access from administrators and makes these business processes more convenient and secure, "said Dmitry Bondar, head of Solar inRights at Solar Security.
File:Aquote2.png

Compatibility of Solar inRights and Elbrus hardware and software platform

At the beginning of the year, Solar Security, a developer of products and services for targeted monitoring and operational management of information security, tested and confirmed the technological compatibility of Solar inRights and the Elbrus software and hardware platform.

The technological partnership MCST"" and Solar Security will allow Russian companies to build an access control system using exclusively domestic components. The components of the Elbrus software and hardware platform are a server manufactured by a Russian company INEUM named after I.S. Brook operating system and Elbrus, built on the basis of the kernel. Linux Solar inRights is included register of domestic software in and can use as a free database. DBMS PostgreSQL

To verify the correctness of Solar inRights on the Elbrus platform, Solar Security conducted a number of functional and load tests. They showed that the solution has high performance and can be used to build an access control system in large enterprises.

2015: Solar inRights 2.0

On October 20, 2015, Solar Security announced the launch of Solar inRights 2.0.

Version 2.0 differs from its predecessor primarily in the interface developed in conjunction with Usethics, a company specializing in interface design and usability testing.

Solar Security Ad (2015)

"We paid great attention to the convenience of working with the system," said Dmitry Bondar, head of inRights at Solar Security. - Prior to development, a study was conducted on the experience of implementation, operation and maintenance of IdM systems in major Russian companies. Thanks to this, we realized how they want to see IdM. "

The emphasis in version 2.0 is on the convenience of working with the system, since its users in fact are all representatives of the company. The system interface helps employees interact with the product without the need for outside help. And employees who work with the system every day can quickly make decisions through the convenient organization of information and the ability to use the system on smartphones and tablets.

The product helps you set up any access rights management processes, including developing your own scenarios if standard ones do not allow you to automate the existing process - this reduces the number of improvements and implementation times as much as possible.

The flexible mechanism for coordinating applications helps to build a process that will be convenient in a specific company. Applications can be considered sequentially or in parallel, and executed as agreed or as the entire process is completed.

Solar inRights 2.0 is capable of functioning both on commercial components and on free distribution. operating system The and OS families are supported Windows as. Linux As a DBMS solution,,. Microsoft Oracle PostgreSQL

"We
deliberately made inRights completely independent of foreign software. All components of foreign manufacturers have been replaced with their own developments, so we can safely say that Solar inRights 2.0 is the first domestic IdM, not inferior to its Western counterparts, "said Dmitry Bondar
.

2014: Announcing the Solution

On March 5, Jet Infosystems announced the launch of Jet inView Identity Manager.

Description

The product of the Identity Management (IdM) class is included in the company's own line - Jet inView, focused on companies in the medium and small business segment, small corporations.

A fully functional IdM solution focused on companies with 500 − 2,500 employees solves 80% of access control problems at 20% of the cost of a regular IdM solution. Using Jet inView Identity Manager will help companies reduce the time to grant access rights to their employees from several days to several minutes, reduce the burden on administrators by 50 − 60%, avoid redundancy and inconsistency in access to systems, reduce the complexity of auditing and incident investigation, and increase the productivity of IT and information security employees.

"We have been building access control systems based on solutions from different vendors for more than 7 years. Our experience shows that Enterprise-level IdM products are too heavy for medium-sized companies and have excessive functionality. Existing boxed products do not fully solve all access control problems and require significant customization for specific infrastructure and processes, − said Dmitry Bondar, Development Manager for IdM at the Information Security Center of Jet Infosystems. "In response to the urgent need of SMB and Low Enterprise companies for a solution that is not overloaded with functionality and meets their real needs, we have developed our own product."

The Jet inView Identity Manager product is based on the technology platform from IBM Security, on the platform of which the experts of Jet Infosystems implemented and set up the most popular access control processes: "hiring," "transfer to office," "dismissal," "request for rights," "revocation of rights," "request for rights for time," "revision of rights," "control of SoD conflicts," etc. The platform is easy to scale and allows you to expand the functionality of the system in accordance with the growing and changing needs of the company.

Jet inView Identity Manager integrates with human resources systems to obtain and process human resources information, and − with target information systems to effectively manage accounts. The product has 40 integration modules with Western-made ICs and the most popular Russian systems.

Jet inView Identity Manager supports the management of several types of employees: full-time and freelance employees, technology users. The hierarchical role model implemented in the system supports different types of roles that can overlap in terms of employee authorization in terms of access to information systems. Roles can be assigned either automatically (based on employee data) or manually.

The system has a single interface that allows its users to quickly and conveniently create and coordinate access requests, track access rights, accounts in information systems, access request status, reset passwords, manage access rights of subordinates, etc.

Jet inView Identity Manager has dozens of reports that allow you to get information about the current state of users' access rights and their change history, about active and consistent applications, about various processes and objects. In addition, additional reports have been developed that are required for incident investigations and IT audits.