Sapho is secure

Sapho inherits your security and compliance practices

Sapho’s security thesis

You have already spent a lot of time defining security practices to match your needs. This is why Sapho was designed to match the footprint of your existing internal web applications in order to be compliant with common security practices in large enterprises.

On-premises or private cloud deployment

Sapho deploys as a standard Java .war file into a Java application server such as Tomcat, or into the Platform-as-a-Service feature of a private cloud. The Sapho software is managed and secured like your existing internal web applications, and fits into standard deployment processes.

Controlled data storage

Sapho stores all metadata and cached data in a SQL92 database such as MySQL, which can be isolated and managed on your internal network like existing database resources.

Transport security

The Sapho Server uses SSL for transport security like any other Java EE application. SSL certificates can be forwarded by the reverse proxy or terminated within the DMZ.

Extensive logging

All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.

Identity provider support

Sapho uses your existing identity provider to authenticate and authorize users, just like your other applications. Sapho works with a variety of identity providers, including Active Directory, LDAP, and SAML. Access to individual micro apps is authorized by access control lists and groups defined in your existing identity solution.