Upcoming deadlines and exceptions in security rollout - Sep 2024
Learn about the deadlines and exceptions in the security rollout of September 2024.
The security and privacy of your data is our highest priority at Reltio and we will continue to uphold the highest standards of data protection and information security to safeguard your tenants and data. In the coming months, we would like to partner with you on important steps to enforce additional authentication security measures. This will require your support to implement these measures by taking the following actions within the timelines outlined below.
Important: In November 2024, we updated the rollout plan:
- SSO/MFA enforcement on human users, the rollout will be phased and we'll coordinate a date with you.
- Service accounts / users for system integrations must still migrate to client credentials. A new deadline will be assigned to you along the human user enforcement coordination.
Human Users: Implement Single Sign-On (SSO) or Multi-Factor Authentication (MFA)
- Single Sign-On (SSO) - Preferred Option
- Implementing SSO with your enterprise identity provider (IdP) is an industry-standard best practice for enhancing the security and efficiency of your user management. These guides provide step-by-step instructions on seamlessly integrating your IdPs (e.g. Okta) with Reltio.
- Multi-Factor Authentication (MFA)
- Implement MFA for any human users who cannot be on SSO. MFA is now available to all customers. Customers can choose between app-based or email-based MFA.
Enable MFA with one click on the Reltio Console.
Enrollment in app-based MFA | email-based MFA will take less than a minute for users.
System Users: Identify all service accounts and migrate to Client Credentials
- Client Credentials
- All customers must use Client Credentials for any system-to-system integration or API usage with Reltio. Client Credentials authentication is the secure, standards-compliant method to access Reltio’s platform that provides granular control and audit trails for services.
Migrating service accounts from password to client credentials authentication
Important: Service or application identities that currently exist under the User Management console will be affected by the MFA requirement. - Requesting an extension for specific Service Accounts
As an exception, extensions can be requested to migrate specific Service Accounts to client credentials.
Important: We have received exception requests from multiple customers with a list of users to exclude from the MFA requirement. However, we identified several hundreds of potential additional users. To ensure a smooth rollout, Reltio will share with you via email the specific accounts we identified for which there is no exception in place. Once you get this list, please review and respond promptly to avoid any disruptions.To request the extension:- Identify all Service Accounts (usernames) that should be exempted. We'll only grant exemptions on the usernames listed in the email.
- Coordinate with a security stakeholder in your organization on this extension request and your timeline for migration. This should be someone from Security, Risk, or Compliance.
- Send an email to your Customer Success Manager (CSM), either from the security stakeholder or with them copied, including the list of usernames to be exempted and the specific extension date for the associated accounts to be migrated to client credentials.
We appreciate your partnership and support as we continually work to ensure the safety of your information. If you have any questions or need assistance, don’t hesitate to reach out to your CSM or Support, see topic Need some help?.