Security

We, at Catenda, have recently released support for SCIM v2 APIs (System for Cross-domain Identity Management), an open standard extension to SSO (Single Sign-On) for our Enterprise customers. 

 

SCIM – System for Cross-domain Identity Management

If you are not an Enterprise Software Engineer, then the likely answer is no. It's a complicated term, which in practice enables our customers to automatically create and delete users in Bimsync, the open CDE (also referred technically as provision/deprovision of users).

 

The main reason for adding support to SCIM now is that many of our bigger customers are reaching a point where they are managing a multitude of SAAS solutions for all their users. This becomes a headache to manage properly and efficiently, as they need to give manual access to Bimsync for each user that joins or leaves the company.

The adoption of SCIM can help address this problem by integrating the creation and deletion of Bimsync users directly into our customers ID system (Microsoft Azure Active Directory, for example, or any other that supports SCIM).

With this setup in place there is also a higher security threshold making sure that only allowed users are accessing the platform, which is very important for our customers. Moreover, we also support MFA (multi-factor authentication) in case your setup is not ready for SSO or SCIM. MFA can be enforced on an Organization level inside Bimsync.

 

How to set it up?

To integrate with SCIM, you only need to set it up through your supported ID system (example on how to do it for Microsoft Azure AD), no software development needed.

For the more technically oriented, or in case you need more advanced control, these new SCIM v2 APIs are available in our public documentation

 

In this initial release, we have only automated the creation and deletion of users, but the SCIM protocol is simple and extensible, so in the future, we also plan to add finer controls in order to automate Organization and Project memberships through the SCIM APIs.

 

The journey to adopt SCIM is an Organization-wide change, as it needs buy-in from all stakeholders in the company and needs some push to get the support from all their 3rd party SAAS software vendors. This is no simple task, at the same time, it is very important for the future of any bigger organization that wants to lead the way on the best security practices when it comes to how to efficiently manage the authorized access of data and information across multiple SAAS softwares.

 

Customer's story

One of our biggest customers is Schiphol Airport, and they are very advanced in the use of digital systems and best practices. Their Organization is at the forefront of promoting the SCIM standard to all their systems used internally and we now have a setup in place with Schiphol where the Bimsync user management is centralized through SCIM. This means, the access to Bimsync is managed in Schiphol's centralized ID management system.

 

"For Schiphol, security is top priority. Therefore, we use SCIM to automate the access control in a standardized way in (most of) our applications. Bimsync's SCIM functionality enables us to work in a safe, integrated, and easy way on construction projects using Building Information Management (BIM) technology." – Lysette Kampman (Informatiemanager Center of Excellence / Schiphol Projects).

 

As the previous example points out, Catenda is leading the way when it comes to best practices that secure the access of our customers' data! This is crucial to us and to our customers.

If you are interested in improving your management of Bimsync users by enabling SSO with SCIM, please reach out to us at [email protected] and we will be happy to assist you in this journey. Also glad to hear any feedback or suggestions on this initiative.

 

Leonardo Cunha, CTO. 

Related Post