Xiid.IM Agent Components
Xiid has created a variety of technical components for ensuring maximum security as well as creating a fluid integrated system. Each component has its own relative purpose but works in tandem with other components to build a secure user experience. Understanding these components individually will help system administrators manage and interact with the Xiid ecosystem.
Authenticators
Xiid Authenticator components connect Active Directory Agents to LDAP Directories. They are also used to separate SSO Portals and Applications for various Security Groups within those directories. For each Security Group, you can create an Authenticator to your LDAP Directory with specified included Security Groups (to grant access to the SSO Portals) as well as excluded Security Groups (to deny access to the SSO Portals). You may create an unlimited number of Authenticators with any number of connections to any number of LDAP Directory Services within the same subnet as the LDAP Agent.
Firewalls
Xiid offers an additional layer of application security to ensure that unauthorized access will not be granted, and that integrated services and systems can communicate while restricting outside actors from gaining access. This added layer of security comes with Xiid Firewalls. Using Xiid’s Firewall component, users can whitelist or blacklist IP addresses, allowing communications that need to happen while blocking potential risks. Users can create and use as many Xiid Firewalls as they see fit to secure their connections. Xiid Firewalls operate across the Secured Channel, meaning that authentication requests from IP addresses that are whitelisted or blacklisted will be accepted or rejected from the Agent when polling against the Request Collector. Users may still attempt to sign in from a blacklisted IP address, but the authentication request will be ignored by Xiid.
Translators
Translators are a component within the Xiid Active Directory Agent which allows administrators to convert incoming authentication requests into particular formats for the local domain. You can choose to convert domains, usernames, or User Principle Names (UPN) to something that can be understood by the Active Directory Service locally.
For instance, if an employee uses their email address for authentication, such as user@example.com, but the Active Directory Service uses a local domain name, such as example.local, you can configure a domain translator to translate example.com to example.local when querying the directory.
Secondary Authentication
Xiid supports 2-Factor Authentication for accessing the Single Sign-On Portal. You can choose from Legacy Multi-Factor Authentication (a one-time-password system), which is not recommended as it provides less security, but is still supported. You can also create XOTC Authenticators to bind to your SSO Portals. When the XOTC Authenticator is bound to an SSO Portal, a code will generate and rotate on the SSO Portal for use by the XOTC Mobile App users on your domain.
SSO Portals
Xiid allows system administrators to set up different SSO Portals for different groups of users. When you create a new SSO Portal, you will provide an ID which will be used in the SSO Portal’s URL. It is recommended that system administrators set up multiple SSO Portals for Security Groups that reflect different permission levels, such as an SSO Portal for IT with specific RDP access to remote machines on the network that should not be accessible to other users in the domain.
Applications
Xiid Applications are configurable components that allow System Administrators to integrate various external applications into your SSO Portals. For each application that you would like to provide access to, you would create an Application Component within the Xiid.IM Agent defining how to integrate with the external application. Xiid currently supports 5 types of applications in the Xiid.IM Agent: RDP, RDP Apps (VDI), Office 365, Google Workspace, and any external application that supports SAML2.0 authentication. When you configure Xiid Applications, you can choose which SSO Portal the application will be assigned to, as well as some additional parameters to make your apps work exactly how you would like.