Azure AD Integration - Multi Factor Authentication (MFA)
The current authentication method for Aris Element / Advanced is using a single factor authentication (username/password). This is not secure enough, multi factor authentication is the standard for business SaaS applications. Aris contains commerc...
Multiple LDAP - Remove limitation of 5 characters for LDAP ID
If you're using the Multiple LDAP functionality the LDAP ID (com.aris.umc.ldap.connection.id) is limited to 5 Characters so it's not possible to use the Domain Name as the "identifier" as the ID will be added automatically infront of all userIDs t...
The finding impacts on Web UI and Desktop app.
The administrator is able to login to the application with username and password only. A compromise of these credentials may cause serious security issues, like deletion of users, website defacement,...
Application Sends Sensitive Data Unencrypted via email
The finding impacts on the Web UI
Confidential data (such as electronic statements) is delivered to the user via an insecure channel such as email. This exposes potentially sensitive data in plaintext over local and intermediary networks. This tr...
MFA Integration of Admin access on all EPR environments
MFA Integration of Admin access on all EPR environments. Not sure what is the current understanding/implementation of MFA checkboxes provided in ARIS UMC
When you log in for first time or change your password, you will not
return to the ARIS Connect login page. There is neither a button nor a
redirect to the login page.
In Process Administration in the tab "Processes" there is no kind of Search or filter functionality. It would be good if it was possible to search for model names to be able to find workflow instances easily for a specific model.
LDAP batch – delete disabled users from the main user list
Whenever a user has been disabled in our Identity Management System, the LDAP batch correctly deletes the username from arisViewer group. However, the batch doesn’t delete it from the main user list (tab: user management > users). The behaviour...
Silent installation of ARIS Server with jdbc JRE11
When custoemr configure the ile "silent.properties", there is no information and no check that the jdbc driver may be only for JRE8 and not JRE11. The consequence of that is that the setup finiss but DASHBOARDING can not start. And there is no cle...