App Security

Security Level

GRAVITY has a concept of different ‘Security Levels’ throughout every API call. It can be configured trough the GRAVITY admin site.

Level 0 – full trust

On premise installation in the environment which is accessible only from the Intranet or over VPN.

  • Full-trust relationship

  • Attacks from outside are almost impossible

  • Information stored in GRAVITY is not a top secret

Access is provided automatically without any confirmation. New users are added automatically after email confirmation. If a user’s access token is expired, it should be renewed automatically if he is not blocked on server side.

Level 1 – Partly trust

On premise installation in the environment which is accessible from the Internet.

  • Trust relationship

  • Attacks from outside are possible

  • Information stored in Gravity is not a top secret

Access has to be confirmed using email confirmation.

If a token is expired it can be renewed automatically if user is not blocked on server side. If a token is expired and was not used more than a defined number of hours, the user has to be reconfirmed using email.

Level 2 – No trust

Cloud-deployment or some secured information is stored. Focus is more on security then on usability.

  • Trust relationship

  • Attacks from outside are expected

  • Information stored in Gravity are top secret

Access has to be confirmed using email confirmation and password. If a token is expired, it can be renewed using a password.  If a token is expired and was not used more than a number of hours, than the user has to be reconfirmed using email.

 

More features like ‘behavior tracking’, IP-white listing, mail domain restriction and four eye acceptance processes are available. All security features and measures are bundled in the above levels. Each of the features can be added (or removed) to each other. 

Limit Mail Domains

GRAVITY can limit adding certain mail domains to the user list. It can be configured trough the GRAVITY admin site.

If the setting is empty all domains are allowed to add user. If one or more domains are configured only these domains are allowed to be added in to the user list.