Skip to content
  • There are no suggestions because the search field is empty.

org.manager Data Security

Find out how Navigo & org.manager keep your data protected

 

Data Segregation

Data is stored in individual containers to guarantee full isolation from other environments. Each tenant is separated from other tenants by operating its own containers (process isolation).

This ensures that each customer has its own application instance, and that data processing is strictly separated from one another.  

Secure Single Sign On

org.manager is SAML-2 & OKTA compliant via the org.manager Authentication Agent module.

Secured Single Sign On authentication is typically configured between your Microsoft Entra ID and the org.manager application.

Different authentication methods, which are supported by the Microsoft IIS web server (e.g. SAP Logon Ticket), can be used as an alternative to Windows authentication. 

Shibboleth SSO is supported

Authorisation is controlled via configurable rules which are defined by org.converter. As a result, it is possible to display to each user only those structures below their particular organisation, for example.

Penetration Tests

Penetration tests are performed and audited on a regular basis with the latest test results available on request. Infrastructure penetration testing is conducted by Microsoft.

Customers can test their own tenant on application.

Data Encryption 

org.manager utilises end-to-end data encryption. All data is encrypted in-transit and at rest.

Azure's recommended cipher set is used for SSL handshake between the client and server. All SSL Certificates are SHA-256 with RSA Encryption.

All user passwords are encrypted in the database, salted and hashed using Sha512Hah as per OWASP standards. Plain text passwords are never stored.

When the organisation chart is retrieved by the user, the respective HTML/Javascript/image/PDF file is generated and delivered to the browser.

HTTP over TCP Port 80 is used for communication between browser and server. HTTPS is also supported.

Encryption at Rest 

Data is encrypted via “Azure disk encryption” using Bitlocker technology. Data in Azure managed disks is encrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.  See: Azure Data Encryption-at-Rest - Azure Security

Encryption in Transit 

Communication over the internet uses HTTPs. Data is protected by Azure Firewall and infrastructure protection. A reverse proxy is in place to ensure only valid requests are processed and handles the encryption in transit to and from the application. Encryption is managed via SSL using TLS 1.2 (best practice cipher suites) and TLS 1.3 (depends on client browser). The current state can be verified on own tenant. 

Encryption Keys

Azure Key Vault is used to manage encryption keys. 

MFA / Two Factor Authentication

Two factor authentication is used by Navigo in all applications including Azure.

Anti-virus

Anti-Virus software is run and maintained on a daily basis.

The Azure Stack Hub update resource provider downloads antimalware definitions and engine updates multiple times per day. Each Azure Stack Hub infrastructure component gets the update from the update resource provider and applies the update automatically. See: Microsoft Defender Antivirus on Azure Stack Hub

Updates

The hardware components running org.manager are monitored by Navigo personnel on a regular basis and updated regularly with the latest patches and updates.

Logging

Security logs are transferred and stored within Azure Logs Analytics Workspace. They are protected against manual modification by the administrator. 

All login attempts are redirected to the customer's IdP and only valid attempts are processed by the application. Validation is performed within the authentication protocols eg SAML 2 or OAuth. Authentication is handled by customer’s IdP and thereby the access logs are in the responsibility of the customer. 

Monitoring

Navigo use Azure Monitor alarms to monitor access and configuration changes to the environments. Logs persist for 90 days.

Azure Monitor is used to monitor all system and/or user events. This includes successful and attempted logins to Azure via the Azure Console or API. Authentication events are forwarded to Monitor which will in turn trigger an alarm in Azure and send a notification to our Slack Security Channels.

Audit Trail logs against each record, listing every activity against that record and by who. There is also a System Log which logs configuration changes made and by who.

Azure Servers also utilise Azure Network Watcher. Network Watcher monitors the open ports and categorise access / attempted access.

Role Based Security

Access Protection

The access protection function is a standard module in org.manager. Authentication is via the web server's standard functionality (e.g. Windows authentication). Therefore, org.manager does not require a dedicated user management system. Different authentication methods which are supported by the Microsoft IIS web server (e.g. SAP Logon Ticket) can be used as an alternative to Windows authentication.

Authorisation is controlled via configurable rules which are defined by org.converter.

As a result, it is possible to display to each user only those structures below their particular organisation, for example. To allow the authorisation to be executed, the login of the employee concerned must be contained in the data.

Authentication/Single sign-on

On the basis of the authentication of the user who wants to open an organisation chart in an org.manager output via the browser, it is possible to assign access authorisations at person or group level.

The authorisations are set at directory level (IIS) and/or in the organisation chart configuration (access protection module).

I Anonymous authentication

If anonymous authentication is used in the web server (IIS), the user is not identified. Therefore, restrictions for persons/groups to the organisation chart are not possible (part from the external proxy servers or firewalls). Likewise, the user cannot be allowed to enter the organisation chart at their own organisation unit.

II Windows authentication

If Windows authentication is activated in the web server (IIS), it is possible to configure on the server which persons have access to organisation charts.

The user ID via which the user logs onto the PC is relayed by the server to the applications running there. If the access protection additional module is used, it is also possible to specify which information can be viewed and which functions in the organisation chart can be used. The authorisation function can also be moved from IIS to org.manager if org.directory is used. So-called advanced authentication will then be available.

III Token authentication

As an additional method, org.manager supports authentication via JSON Web Token (JWT). In this case, the client requests a token from an authentication server. If the authentication is successful, the authentication server returns a JSON Web Token. The client then relays the token to the org.manager server component on the web server and access to the organisation chart is granted.

The advantage of this method is being able to use the company's existing authentication servers (insofar as they support JWT). The manner in which a client/user is actually authenticated vis-à-vis the authentication server is part of the corporate IT Policy and completely independent of org.manager operation.

 

Frequently Asked Questions

Questions

 

Answers

 

Does org.manager support role based user access and restrict access to protect employee data?

Yes. See Role Based Security

 

What are your Data Portability and Data Lifecycle policies?

org.manager accepts a daily feed of data from a customer’s payroll / HRIS system. On termination this feed ceases and the existing 
Azure tenant is decommissioned. Customer’s are able to download their own data via CSV and PDF files. 

Customer data is permanently deleted after 60 days from the date of the expiry or termination of your agreement. 

Hardware decommissioning completed by Microsoft Azure.

What are your IT Change Management policies?

Navigo maintains a structured release process and release notes. Cloud Hosted org.manager customers automatically receive updates 3rd Wednesday bi-annually. On-premise org.manager customers receive up to six releases updates per year with one mandatory.

Data Interchange Formats

The following formats are supported by default as a data source for org.manager:

  • CSV

  • MS Excel

  • ODBC, MS SQL, Oracle

  • LDAP

  • SAP Functional Transport

  • org.manager archive

API Interfaces

Not available. org.manager consumes data from leading data sources (HRIS, or Payroll) via CSV, SQL, LDAP Oracle or SAP formats.

Mobile Access

IOS (v9+) and Android (v6+) via mobile responsive design and iPad App. The content / design displayed on mobile devices can be configured without any coding involved and supports all platforms.

WCAG Standards

Navigo & Ingentis are committed to WCAG compliance and associated product updates. 

org.manger comes with a speech recognition feature which enables the navigation and the use of features such as print, search or export by speech command.

The user interface and the content / design of the org charts can be configured without any coding involved. This ensures an output which is aligned to the latest standards. org.manager does not support ‘text to speech’ as a specific function.

For further information see:

SAP Interface

org.manager includes a powerful SAP function module which can access PA, PD and OM including custom info types. The function module can be customised if required.

org.manager connects to the functional module via web service or the function module creates a file extract.

org.manager is an object and relation independent solution which can display any evaluation path.

V2 of the OM Interface (OMI) is designed as a data source for SAP HR/HCM (OM, PA, PD, PY TM) information for org.manager.

Data are acquired in different ways:

  • "Online" from PPOME / PPOSE

  • "Offline" by downloading files

  • via an RFC BAPI call

  • as a direct access from org.converter via Web Service

There are two different methods of data acquisition:

  • "SAP Standard” (via BAPI & Queries) (known as the SAP HR Interface for Organisational Charting HR-OCI). This method uses internal queries for acquiring data. SAP standard queries can be replaced by the customer's own queries. These additions are not part of the OMI product. This method is very similar to the SAP standard and only requires minor adaptations in the OMI interface.

  • “OMI native (dynamic SQL)”. This method uses dynamic SQL commands depending on the required fields. Settings must be made in specific tables. In this case, there are no restrictions in the queries, but more extensive customising is offered. Data can be selected without adapting the coding by means of plug-ins which can also be added from the customer namespace.

Are Police Checks completed on all employees?

Yes. Mandatory for all Navigo employees.

Is there an ongoing security awareness and training program for all workers?

Navigo maintains security awareness training for all staff. This includes security awareness training at onboarding and annual updates for all staff.

Is antivirus software current and active on all Windows desktop and Windows server systems?   

Yes

Are all email attachments scanned for malicious code?

Yes

Do all laptops used have an active firewall?

Yes

Is there a hardening standard for servers, workstations and networking equipment that may store, process or transmit our organisation's data?

Yes.

Cloud Hosted
Infrastructure

  • Application servers are hosted in the Microsoft Azure platform under a private network protected via Azure Firewall and Reverse Proxy.

  • Remote access to all servers is only available to DevOps Team via bastion host.

  • OS security updates are run every 2 months.

  • Encryption protocols currently restricted to TLS 1.2 or above.

  • Application servers' drives are encrypted using symmetric AES 256.

Services

  • Mandatory authentication against Identity Provider for access to the application.

  • Access Protection module available to restrict the data visible by users, and the actions they can perform.

  • Secure data transfer mechanisms - SFTP or HTTPS via proprietary API client software.

  • Encryption of data at rest.

On Premise
Infrastructure

  • Security hardening is done by customer.

Services

  • Optional authentication against Identity Provider for access to the application.

  • Access Protection module available to restrict the data visible by users, and the actions they can perform.

Does the Change control process include applying security related fixes and service packs?

Yes

Is a PKI solution utilising Hardware Security Module being utilised?

Yes. Navigo hosting uses Azure Microsoft Azure Stack Readiness Checker See: Azure Stack Hub public key infrastructure certificate requirements - Azure Stack Hub

Will access to website, administrative management interfaces be locked down to authorised IP ranges and specific ports?

Yes. Restrictions on the IP addresses that can connect to the administration ports of networking equipment and servers from external networks are implemented.

Do you allow for host-based intrusion detection and prevention service (IDS/IDP) agents to be installed within the virtual machines?

No. Threat monitoring is conducted by the Web Application Firewall (WAF), part of the application gateway in the current architecture, runs incoming traffic inspections and checks for common threats based on the Open Web Application Security Project (OWASP).
Common threats like:

  • SQL injection

  • Cross-site scripting

  • Command injection

  • HTTP request smuggling

  • HTTP response splitting

  • Remote file inclusion

  • Bots, crawlers, and scanners

  • HTTP protocol violations and anomalies