Secure access ensures that you have a secure connection to the Mojo cloud for whatever you need, and that any given account can be easily and granularly controlled to prevent users from accessing that which they do not or should not require.
Profile-Based Account Management
Mojo One is a single sign-on platform used across the Mojo cloud to provide access to any number of services and applications from a single pane of glass. In order to ensure that any given user has correct access and that permissions are consistent across similar user types, Mojo One supports a profile-based approach to account management.
- Profiles contain a standard set of permissions to be used by any individual within a specific identity group
- Role-based access controls enable administrators to determine the following characteristics of any given profile
- Which services within the Mojo cloud are available
- Which permissions within a specific service are granted
- Which location or group of locations within Mojo Navigator users can access
- Profiles are applied to new user accounts, and user accounts cannot fall under two different profiles simultaneously
- This profile-based approach governs both user and API accounts
All communication to the cloud is handled over HTTPS using secure TLS 1.2 256-bit encryption.
Administrators can enact a number of password policies including:
- Maximum failed login attempts
- Lockout period timeframe
- Minimum password lengths
- Forcing 2-factor authentication
The Mojo cloud platform supports two-factor authentication, leveraging something the user “knows” in the form of their password and something the user “has”. To accomplish this second factor, we have designed a one-time password (OTP) system.
- Users receive a randomly generated one-time password on demand from the Mojo cloud while they are logging in
- This OTP is sent via email and is only valid for ten minutes
- After the intial login, users can generate a shared key (if desired) to be used by any time-based TOPT generator app (like Google Authenticator) for future OTP generation
The Mojo cloud supports Federated Login, allowing administrators to integrate any identity provider for account management outside of the Mojo cloud directly. We support the SAML 2.0 protocol and use a SHA256 secure hash algorithm to establish a secure connection with the remote identity provider.