Sapho is secure

Sapho inherits your security and compliance practices.

Sapho’s security thesis

You have already spent a lot of time defining security practices to match your needs. This is why Sapho was designed to match the footprint of your existing internal web applications in order to be compliant with common security practices in large enterprises.

On-premises or private cloud deployment

Sapho deploys as a standard Java .war file into a Java application server such as Tomcat, or into the Platform-as-a-Service feature of a private cloud. The Sapho software is managed and secured like your existing internal web applications, and fits into standard deployment processes.

Controlled data storage

Sapho stores all metadata and cached data in a SQL92 database such as MySQL, which can be isolated and managed on your internal network like existing database resources.

Transport security

The Sapho Server uses SSL for transport security like any other Java EE application. SSL certificates can be forwarded by the reverse proxy or terminated within the DMZ.

Extensive logging

All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.

Identity provider support

Sapho uses your existing identity provider to authenticate and authorize users, just like your other applications. Sapho works with a variety of identity providers, including Active Directory, LDAP, and SAML. Access to individual micro apps is authorized by access control lists and groups defined in your existing identity solution.

Data write backs

Sapho can write directly back to source applications using native APIs. Database write backs are performed with JDBC. Application write backs can be performed in two ways: with delegated authentication or with direct user login. With delegated authentication, Sapho uses the application's API with a master account to perform the write action, along with an audit trail of the user logged into Sapho. With direct user login, Sapho deep links directly to the source application, where the user can be auto-logged on with their SSO and can complete an action.