Privacy; “My Profile” data vault
J
Jan Holländer
Sensitive data can be viewed in the personal area under “My Profile”. Here, some colleagues expressed the wish to be able to secure this area with a second password request.
The reason for this is that prjo should be open and accessible to many employee concerns without having to log in again during the day. In this case, personal data may not be protected from access by third parties. If this area is additionally secured (perhaps even as 2FA in perspective), this, albeit theoretical, possibility would not exist.
It would also be good if every user could choose whether to activate this additional security level permanently. But these are details that may depend on your specific concept.
In principle, we plead for the topic of data protection and 2FA to be examined in more detail and perhaps also to provide information about your roadmap. Greetings! Jan
Arne Semmler
Merged in a post:
Multi-factor authentication (MFA)
E
Edler, Christoph
Hi
I think it should be possible to secure your own user account with multi-factor authentication (MFA), especially because of the very sensitive data that is stored in Projo.
Arne Semmler
Merged in a post:
2-factor authentication
l
le Coutre, Luca
A 2-factor authentication would be desirable due to the sensitive data. Colleagues may also (undesirably) access projects from private devices...
Thank you!
E
Edler, Christoph
Hi Arne Semmler, perfect! That would of course be much better... I had already switched on the request for the AzureAD connection... I think the AzureAD connection could make another real leap, because then I could easily think about integrating Projo as a “web app” into teams without much effort.
Arne Semmler
Edler, Christoph: Cool idea with the web app. I wouldn't have thought of this use case at all...
E
Edler, Christoph
Arne Semmler: Well, with its simple web interface, Projo is just too predestined to run in teams. I've already had it running, but since the new Teams version, it doesn't work anymore. Otherwise I could gladly show it to you
E
Edler, Christoph
I'll correct it, it's still running on an old version of Windows. Book working hours in teams... hit. The only thing missing is the SSO
Arne Semmler
Edler, Christoph: And that's failing now because of Auth? Or have you not yet been able to fathom what it depends on?
E
Edler, Christoph
Arne Semmler: Yes, he's stuck on the login screen since the new team. Unfortunately I can't judge where it fails. Regardless of this, you currently have to register regularly in Projo. With AzureAD as a login, you just have to log in to teams once and everything runs including a project
Arne Semmler
Edler, Christoph: Got it. That was also the reason why I was more in favour of outsourcing the auth rail in our technology department, as it was more convenient and safer for most customers anyway. It also has only one disadvantage, namely that it will be more difficult for us to secure certain pages (e.g. personal data) again. But AD administrators could also regulate this differently, for example by using policies that computers lock themselves after a short period of inactivity. It would just be about someone going to an unlocked computer with an unlocked project and then switching the page - e.g. to the colleague's salary data...
E
Edler, Christoph
Arne Semmler: good point. But I would actually also see the individual company or employee in the area of responsibility. I'm excited. It would be cool if we could see integration next year
Arne Semmler
Hi Edler, Christoph! Until now, we had considered implementing this feature by connecting to SSO authentication services such as AD. The decision as to whether a company account is then secured via 2FA or not would then be up to the customer via the appropriate Active Directory configuration. Would that also meet your requirements?
R
Ruben Hauser
According to BSI requirements, the computer must always be locked as soon as someone is not in place > so that shouldn't really be a problem.
Regardless of this, it is a great function to additionally secure sensitive information with a PW query. And absolute +1 for MFA (or much better SSO/SAML).