Sapho was designed to match the footprint of your existing internal web applications in order to be compliant with common security practices in large enterprises.
Sapho deploys as a standard Java .war file into a Java application server such as Tomcat, or into the Platform-as-a-Service feature of a private cloud. The Sapho software is managed and secured like your existing internal web applications, and fits into standard deployment processes.
Sapho’s patent-pending Rosetta Stone technology maps each employee’s identity across identity providers, enterprise mobility management, and both on-premises and cloud applications. Our unique consolidated identity system chains authentication across multiple systems and consolidates rules, such as groups or data filters, ensuring that employees only see the data they have permission to access.
Sapho stores all metadata and cached data in a SQL92 database such as MySQL, which can be isolated and managed on your internal network like existing database resources.
The Sapho Server uses SSL for transport security like any other Java EE application. SSL certificates can be forwarded by the reverse proxy or terminated within the DMZ.
All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.
Sapho uses your existing identity provider to authenticate and authorize users, just like your other applications. Sapho works with a variety of identity providers, including Active Directory, LDAP, and SAML. Access to individual micro apps is authorized by access control lists and groups defined in your existing identity solution.
Sapho can write directly back to source applications using native APIs. Database write backs are performed with JDBC. Application write backs can be performed in two ways: with delegated authentication or with direct user login. With delegated authentication, Sapho uses the application's API with a master account to perform the write action, along with an audit trail of the user logged into Sapho. With direct user login, Sapho deep links directly to the source application, where the user can be auto-logged on with their SSO and can complete an action.
Microsoft Active Directory