Centralised Security Architecture and Infrastructure
The Single Sign-On Portal, or SSO Portal is today the foundation of the FDJP’s central and strategic security infrastructure, providing unified access to critical, sensitive and highly networked FDJP applications. The SSO Portal of the Federal Administration’s Standard IAM Service has been in use since 2015 for applications requiring a heightened security standard.
Identity and Access Management (IAM)
Identities, identity credentials (e.g., certificates) and access rights are managed centrally. Identities are verified a single time with the help of strong two-factor authentication. Following authentication, a web application enables users to access all applications for which they have been authorised.
Using SAML 2.x, the SSO Portal acts both as Identity Provider (IdP) and as Service Provider (SP) for FDJP services. Cantonal systems use these services for purposes of federation and for interconnecting with the FDJP’s specialised applications.
The SSO Portal supports the following core functions:
- Identity-based access control to multiple secure networksUnified, secure and network-independent access to all specialized FDJP applications
- Standardised federation (FDJP Identity Provider, FDJP Service Provider) via SAML 2.xStrong, two-factor authentication (smart card, SecToken and MobileID)
- Single sign-on – one-time login for use of all FDJP applications
- Support for diverse client categories (web clients, rich clients, terminal server client)
- Hierarchical management of identities and access rights
- Support for diverse service orderers
Last modification 30.06.2020