App Security
Authentication methods
GRAVITY has a concept of different ‘Authentication methods’ throughout every API call. It can be configured trough the GRAVITY admin site.
Login only – full trust
Available for On premise installation and Cloud-deployments. Use cases:
Full-trust relationship between App and GRAVITY
Information stored in GRAVITY is not a top secret
Access is provided automatically from the underlying application without any confirmation as only unique login (email, UUID) is required. New users are added automatically if such login does not exist.
Login & Password – no trust
Cloud-deployment or some secured information is stored. Focus is more on security then on usability.
Trust relationship
Attacks from outside are expected
Information stored in GRAVITY are top secret
Access must be confirmed with Login and Password. Users must be created in advance and assigned a password.
More features like ‘audit tracking’, IP-white listing, mail domain restriction and four eye acceptance processes are available.
Protection of content modification
An additional level of protection can be activated to improve usability and make the system easier to access for regular users, while keeping content under control.
If “Authentication method“ is set to 'Login only' all the users can easily access and read the content being authenticated manually or automatically using information from the underlining application.
If “Additional authentication for Authors“ is set to “Login & Password“, the Authors who are added as Site Content Owners, will be prompted for their Login & Password when they enter the Content Editing Area or switch to Edit Mode.
Limit Mail Domains
GRAVITY can limit adding certain mail domains to the user list. It can be configured trough the GRAVITY admin site.
If the setting is empty all domains are allowed to add user. If one or more domains are configured only these domains are allowed to be added in to the user list.