ARIS - SHARE YOUR IDEAS
How can we make ARIS better?
ADD A NEW IDEA

Technical Administration

Showing 98

Click log data wanted

At Rabobank we're interested in obtaining the raw date from the elasticsearch runnable. The statistics are stored in the elasticsearch runnable and currently there is no way to export the raw data into a text file or something similar.
Asha Chitan about 2 years ago in Technical Administration 0 Open for voting

Notification of expiring licenses

As a license admin I'd like to be notified well in advance of licenses expiring in order to act before the expiration.
Jesper Loell about 2 years ago in Technical Administration 0 Open for voting

Architect/Designer - Support NTLM authentication for proxy

Almost all customers are using NTLM authentication for proxy servers as this is considered far more secure. With more and more customers moving to the cloud, the fact of only supporting basic authentication becomes a bottleneck as the security dep...
Koen Maes about 2 years ago in Technical Administration 0 Open for voting

Azure AD Integration - Multi Factor Authentication (MFA)

The current authentication method for Aris Element / Advanced is using a single factor authentication (username/password). This is not secure enough, multi factor authentication is the standard for business SaaS applications. Aris contains commerc...
Guest about 2 years ago in Technical Administration 0 Open for voting

Multiple LDAP - Remove limitation of 5 characters for LDAP ID

If you're using the Multiple LDAP functionality the LDAP ID (com.aris.umc.ldap.connection.id) is limited to 5 Characters so it's not possible to use the Domain Name as the "identifier" as the ID will be added automatically infront of all userIDs t...
Guest about 2 years ago in Technical Administration 0 Open for voting

Administrator Login Accessible through Internet

The finding impacts on Web UI and Desktop app. The administrator is able to login to the application with username and password only. A compromise of these credentials may cause serious security issues, like deletion of users, website defacement,...
Guest about 2 years ago in Technical Administration 0 Open for voting

Application Sends Sensitive Data Unencrypted via email

The finding impacts on the Web UI Confidential data (such as electronic statements) is delivered to the user via an insecure channel such as email. This exposes potentially sensitive data in plaintext over local and intermediary networks. This tr...
Guest about 2 years ago in Technical Administration 0 Open for voting

Automated password change capability

To avoid our ARIS administrators have permanent access to high privileges to their Personal Accounts (PA) as they have those high privileges to perform user management tasks. The suggestion is to have a Non-Personal Account (NPA) instead, which c...
Guest about 2 years ago in Technical Administration 0 Open for voting

"skipSSO" parameter in URL

Scenario: Custoemr is using SAML SSO with import of users from IdP. Such users are created in UMC as local users. Users who are using SAML today are still able to reset their passwords, and use the "SKIPSSO" backdoor to login with their identity...
Lubomir Havlicek about 2 years ago in Technical Administration 0 Open for voting

Provide server configuration to use HTTP Strict Transport Security (HSTS)

Provide server configuration to use HTTP Strict Transport Security (HSTS)
Guest about 2 years ago in Technical Administration 0 Open for voting