Adaxes

Strong authentication for Adaxes API ?

0 votes

Hello

We are currently building HRIS automation capabilties over the Adaxes API and it works quite well.

The main issue we have is that Adaxes API works with simple username and password authentication. Which is unsage and against our zero password policy.

The web UI is authenticated with SAML currently, and that's perfect for us.

Regarding the REST API, is there a way to improve the security by moving to one of those option (sorted from the most prefered one to the least one):

  • OAuth2 via the web UI
  • Certificate Based Authentication
  • Kerberos

Thanks

by (240 points)

1 Answer

0 votes
by (299k points)

Hello,

Unfortunately, there is no such possibility. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

0

That's a really bad news. Having the identity API supporting only weak authentication is a bit concerning…

by (240 points)
0

oov to bad

by (0 points)
0

Is this on the Adaxes roadmap? These days, companies fail audits for products that still use this security design.

by (210 points)
0

Hello,

We are considering the possibility of using other authentication methods. However, the feature is still not on the roadmap and there is not ETA.

by (299k points)

Related questions

0 votes
1 answer
Does Adaxes support any other API authentication Methods

Hello, Is there any other authentication methods we can use besides basic authentication for the REST API? We would like to integrate the rest API into a federated environment but from the ... if this is possible and if not if it is on the road map. Thanks.

asked 7 hours ago by KoleArmstrong (140 points)
+1 vote
1 answer
Two Factor authentication also for the Adaxes Console

HI support, We mostly use the Console. Are you think about to enable Two Factor Authentication for the Adaxes Console as well? That would increase the security level enormously. Sincerely yours, Chris

asked Feb 10, 2020 by Napoleon (700 points)
0 votes
0 answers
Does Adaxes require basic authentication in WinRM to be enabled?

Starting from Adaxes 2023.2, Adaxes uses the EXOv3 PowerShell module for all operations in Exchange Online. This means basic authentication in WinRM can be disabled on ... s OAuth token because the client-side implementation of WinRM does not support OAuth.

asked Mar 1, 2023 by Adaxes (560 points)
0 votes
1 answer
Is there a way to view AD authentication logs using Adaxes?

I am trying to view AD authentication logs to see a user account's authentication attempts. Can this be done in Adaxes?

asked Dec 30, 2021 by Tfarmer (160 points)
0 votes
1 answer
When will Adaxes support Duo push authentication?

Typing in the code constantly seems...antiquated when more modern methods are available.

asked Jun 14, 2021 by ngb (350 points)
3,635 questions
3,323 answers
8,399 comments
548,823 users