The security is an important aspect of every software. This document explains the important security features such as authentication, authorization, data security, network security, and more provided by Bold BI Software to the customers.
Authentication verifies the user’s identity. Anyone who wants to access and manage the resource such as dashboards and data source must be an user of the Bold BI Server. Bold BI server can be configured to use local authentication or external authentication to validate the authenticity of the users.
In local authentication, Bold BI server validates the user authentication by comparing the provided credentials with the details stored in Bold BI database.
Bold BI server can be configured with external authentications such as LDAP, Azure ADFS, OpenID, and OAuth.
Bold BI server can be configured to use LDAP for user authentication. Users are authenticated by submitting their credentials to Bold BI server, which will then attempt to bind to the LDAP instance using the user credentials. If the bind works and the credentials are valid, the server grants the user a session.
Bold BI server can be configured to use Azure Active Directory for importing users into Bold BI server and validating their authentication. Users will be logged into Bold BI server after validated and authenticated by the Microsoft by providing their credentials.
OpenID connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows client to login to Bold BI application after logged into their identity provider. You should configure the OpenID connect with Bold BI application to use OpenID connect with Bold BI Server.
Bold BI supports OAuth 2.0 authorization code workflow for authorizing the third-party application users logging into Bold BI application. It allows client to login to Bold BI application after logged into their identity provider. You should configure OAuth 2.0 in Bold BI application to use OAuth connect with Bold BI server.
Authorization refers to which resources such as dashboards or data sources, the users can access on Bold BI server after authentication has been verified. Authorization includes:
Bold BI provides support to control which users can see the dashboards and data sources. For data sources that are connected to live databases, you can also control the users based on their permissions. There are read, write, create, and delete permissions that can be assigned to users and groups. Without the read permission, no user could see your data source and dashboards.
Bold BI server provides the flexible permission system. Using this, you can control the access to dashboard and data source.
Every tenant user can only login to their tenant and access the resource. Each tenant has been deployed with its own database and resource, which ensures that one tenant data is not shared with other tenant. Also, users belong to one tenant can only see the users belong to the same tenant and share a dashboard to that tenant users. Users must have permissions to view and access the dashboard and resources created by another user on same tenant.
Every Bold BI product installation will generate unique private keys in customer machine. These private keys will be used to encrypt and store the sensitive data such as password and database details. Bold BI server uses the following encryptions to encrypt the secure information such as user password and database details.
Rijndael Encryption (256 bits)
RSA Cryptography (1024 bits)
AES Cryptography (128 bits)
Bold BI server provides the following network security.
By default, the Bold BI server is configured with HTTP protocol, you should change the protocol to HTTPS by configuring SSL in Bold BI server. We recommend configuring Bold BI server for HTTPS for all communications. When Bold BI is configured for SSL, all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses.
Bold BI server make the internal API call to access resource in web and mobile apps. The Bold BI server will accept all the connections that uses Transport Layer Security (TLS 1/1.1/1.2) encryption, but we recommend mandatory use of TLS 1.2 in Bold BI installed server.
Bold BI server can be connected to the database without SSL, but all the database connections support SSL offer encrypted data transfer. We recommend enable the SSL connection to your database while configuring the Bold BI server.
We will do the regular penetration testing to identify the potential security issues and fix them. We perform this testing on Bold BI Software for at least every release update.
Bold BI server will generate log files when user interacts with the Bold BI application or an exception occurs.
These logs will only include event performed, error occurred, and other operational logs, and will never collect any confidential information such as user password and database details. These logs will be requested by our support team to check the customer reported issue and provide the solution.
Bold BI Software is included with various open source components, which are licensed under the terms of applicable open source license agreements. Our legal team will verify and approve the use of such components in Bold BI software and also the usages are revisited and reviewed before every release.