home

Discover

DiscoverStartExploreModelIntegrateEngage
DiscoverStartExploreModelIntegrateEngage

Accelerate the Value of Data

Show Contents

thumbnailDiscover

Enhance your security with Single Sign-On (SSO) and prepare for Multi-Factor Authentication (MFA)

Migrating service accounts from password to client credentials authentication

Learn how to migrate your service accounts from password-based authentication to client credentials authentication.

Service accounts automatically authenticate with an API for machine-to-machine (M2M) communication. According to the OAuth 2.0 standard, client credentials are the recommended authentication method for these service accounts. Migrating service accounts from password to client credentials in Reltio enhances security and streamlines authentication processes. Here's an overview of key concepts, the migration process, and its implications.

Passwords vs. Client credentials

Password-based service accounts: These accounts are regular non-SSO Reltio users who use single-factor authentication to log in. They adhere to your organization’s password policy, including requirements for password complexity, rotation, and other security measures.

Client credentials service accounts: Often referred to as Client IDs and secrets or API Keys, these aren't user accounts and aren't subject to your organization’s password policy. Secrets are randomly generated long and complex strings, making them intrinsically more secure than passwords created by humans.

Impact of not migrating

As Reltio enhances the security posture for all customers, Single Sign-On (SSO) becomes the default recommended authentication method. In scenarios where SSO is not enabled for certain users, Multi-Factor Authentication (MFA) becomes mandatory. This enhanced security pattern requires manual intervention to authenticate and obtain access tokens, making these methods unsuitable for machine-to-machine operations.

Client credentials are the only single-factor authentication method allowed for machine-to-machine communication.

Migration to client credentials

Here are the steps to migrate:

  1. Identifying Service Accounts: Identify existing service accounts that need to be migrated.

  2. Creating client credentials: Follow the process to create new client credentials in Reltio.

  3. Changing authentication at the origin: Update the authentication mechanisms in your systems to use the new client credentials.

  4. Monitoring: Implement monitoring to ensure the new client credentials function correctly and securely.

Temporary exemption

Immediately after releasing the MFA capabilities, Reltio will make a best-guess effort to automatically identify your service accounts and include them under the SERVICE_ACCOUNTS group. This group will be automatically excluded from MFA, allowing quicker adoption of the MFA feature without disrupting existing automated processes. However, this process is not deterministic. Reltio uses behavioral analysis to identify these service accounts, so you will still need to manually analyze them.

Important: After the end of October 2024, the exemption process will expire, and all non-SSO users will be required to use multi-factor authentication.

Need Help?

If you encounter any issues or have questions during this process do contact us, see topic Need some help?.

Updated on August 9, 2024

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

Company

Leadership

Careers

Awards

Contact Us

Reltio Newsroom

Press Releases

Media Coverage

Media & Analyst Resources

Customer Support

Support

Reltio Learn

Community

Developer Portal

100 Marine Parkway, Suite 275

Redwood Shores, CA 94065

USA

North America: +1(855)360-3282

Europe: +44(800)368-7643

Email: sales@reltio.com

© 2022-2024 Reltio Intellectual Property. All rights reserved.

Terms, Policies & Cookie Preferences