Adaxes

Strong authentication for Adaxes API ?

0 votes

Hello

We are currently building HRIS automation capabilties over the Adaxes API and it works quite well.

The main issue we have is that Adaxes API works with simple username and password authentication. Which is unsage and against our zero password policy.

The web UI is authenticated with SAML currently, and that's perfect for us.

Regarding the REST API, is there a way to improve the security by moving to one of those option (sorted from the most prefered one to the least one):

  • OAuth2 via the web UI
  • Certificate Based Authentication
  • Kerberos

Thanks

by (240 points)

1 Answer

0 votes
by (289k points)

Hello,

Unfortunately, there is no such possibility. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

0

That's a really bad news. Having the identity API supporting only weak authentication is a bit concerning…

by (240 points)
0

oov to bad

by (0 points)
0

Is this on the Adaxes roadmap? These days, companies fail audits for products that still use this security design.

by (210 points)
0

Hello,

We are considering the possibility of using other authentication methods. However, the feature is still not on the roadmap and there is not ETA.

by (289k points)

Related questions

+1 vote
1 answer
Two Factor authentication also for the Adaxes Console

HI support, We mostly use the Console. Are you think about to enable Two Factor Authentication for the Adaxes Console as well? That would increase the security level enormously. Sincerely yours, Chris

asked Feb 10, 2020 by Napoleon (700 points)
0 votes
0 answers
Does Adaxes require basic authentication in WinRM to be enabled?

Starting from Adaxes 2023.2, Adaxes uses the EXOv3 PowerShell module for all operations in Exchange Online. This means basic authentication in WinRM can be disabled on ... s OAuth token because the client-side implementation of WinRM does not support OAuth.

asked Mar 1, 2023 by Adaxes (560 points)
0 votes
1 answer
Is there a way to view AD authentication logs using Adaxes?

I am trying to view AD authentication logs to see a user account's authentication attempts. Can this be done in Adaxes?

asked Dec 30, 2021 by Tfarmer (160 points)
0 votes
1 answer
When will Adaxes support Duo push authentication?

Typing in the code constantly seems...antiquated when more modern methods are available.

asked Jun 14, 2021 by ngb (290 points)
0 votes
1 answer
Mac users using NoMad to handle AD Authentication / Management and Adaxes?

We have a fleet of Macbooks that use NoMAD to handle AD Authentiction and syncronization. How can we use Adaxes to handle the Password reset utility with these users. If they ... resync will be needed. Anybody else doing this or have a solution to the above?

asked May 13, 2020 by jcalvert (60 points)
3,549 questions
3,240 answers
8,232 comments
547,814 users