PoolParty 2022 Release 1: With an Eye for Security, Scalability, and Speed
PoolParty 2022 Release 1 is here and it’s packed with exciting features and improvements.
We have rehauled the PoolParty authentication service and integrated Keycloak, a Swiss army knife of digital identity and access management. This integration brings you multiple features aimed at strengthening user account security and scalable user management that works for small projects as well as large knowledge graph initiatives. We have also teamed up with our strategic partner, Oxford Semantic Technologies, to bring you a graph database (RDFox) that delivers on its promises and works at remarkable speed.
User management for big and small
Adding new users into an application can be a daunting task. You need to collect all the personal data in advance and even if you manage to get past the onboarding, you still need to administer them in the long run.
Helene got promoted and will leave the project? You need to delete her account. Frank needs write permissions ASAP so that he can carry on with his tasks? You have to change his role.
That’s why we sat down and took a closer look at the user management flows in PoolParty. The result: a new, more intuitive design of the User Management module in PoolParty 2022 Release 1.
However no matter how well-designed the user interface is or how simple the workflows are, manual user provisioning works best only if the number of users is limited to a few dozen. But what if you want to scale up and give hundreds or even thousands of your employees access to PoolParty? The whole process quickly grows tedious and expensive.
You are eventually left with two options here: either you hire somebody to keep track of all the updates, or you integrate PoolParty into your existing identity and access management infrastructure. If your company uses an OpenID Connect, SAML 2.0, LDAP or Active Directory IAM system to centrally manage the employees’ identities (some of the well known identity and access management solutions include Okta, OneLogin, Ping Identity, or Azure AD), you can configure it to serve as a single source of truth from which PoolParty pulls user data. You will also need to do some configuration at the PoolParty’s side but the integration with Keycloak has made the whole process smoother than ever.
User account security that’s stronger than ever
Password-based authentication has been around for a while and it’s the default authentication method for PoolParty’s user interface. Even though it is the most common form of identity verification in modern software applications, it’s definitely not the safest one, as user passwords can get easily compromised as result of brute force attacks or phishing. You might have already asked yourself what you can do to prevent this from happening and PoolParty 2022 Release 1 has an answer.
Single sign-on and social login in PoolParty 2022 Release 1
Did you know that an average person needs to remember around 100 passwords? Just for comparison, that’s 23 more than the total number of words in the previous paragraph. Not to mention that a password by itself is of little use if you don’t know your username. Many companies take this weight off their employees’ shoulders by enabling them to use single sign-on or social login.
Both single sign-on and social login rely on a trust relationship between PoolParty and a third-party identity provider. In PoolParty 2022 Release 1, this relationship is mediated by Keycloak. Keycloak’s identity brokering functionality supports numerous social identity providers (such as Google, Github, LinkedIn, Microsoft, or StackOverflow) out of the box. It also provides built-in support for OpenID Connect and SAML 2.0 enterprise identity providers such as Okta, Auth0, Oracle Access Management, or another Keycloak instance.
Users can access PoolParty by logging in to the respective social network or your corporate IAM system. Or even better, if they have already authenticated against the IdP, they can proceed without any additional steps. It’s like having a single key that can open multiple doors and makes everybody’s life easier:
- The employees are less likely to use weak passwords or resort to dangerous practices such as reusing or recycling their old passwords, putting the whole company at risk.
- They are also more productive because instead of typing their credentials over and over again they can focus on getting things done.
- Enabling single sign-on or social login in PoolParty 2022 Release 1 also means that employees are less likely to forget their credentials and that your IT department gets fewer support tickets to reset forgotten passwords.
Configurable password policies
Even if single sign-on or social login is not an option for you, you can still encourage safe password practices by configuring a custom password policy. In PoolParty 2022 Release 1, you have more options than ever before. Administrators can enforce a minimum password length, mixed cases, digits, and special characters. They can also control password hashing and prevent users from reusing their previous passwords or using passwords matching their email address, username, or words from a custom blocklist.
Another good news is that you no longer need to edit the poolparty.properties file for that. You can do the configuration in the Keycloak’s admin console instead and benefit from its user-friendly interface and intuitive workflows.
Image courtesy of Keycloak
Multifactor authentication is an easy, yet effective way to keep your PoolParty instance safe even if your user credentials get compromised. Easy because PoolParty 2022 Release 1 supports two-factor authentication out of the box.
All you need to do is to access Keycloak’s Admin Console and then it’s just a matter of a few more clicks. Next time the user logs in, they will be asked to set up their mobile authenticator by scanning a barcode. Once this is done, they will authenticate to PoolParty with their usual password and a one-time password generated by FreeOTP or Google Authenticator.
It’s also effective because it adds an extra layer of security that cybercriminals are unlikely to break through even if the first line of defense is breached. In this case, intruders would have to get their hands on both your PoolParty password and your mobile phone. But even if they got them, they would still need to bypass the screen lock of your phone.
A graph database that delivers
Different PoolParty components have different requirements when it comes to graph databases they integrate with. Yet it seems that the common denominator is their need for a fast high-performing semantic reasoning engine. RDFox triplestore can deliver that and much more.
PoolParty 2022 Release 1 made the configuration of a connection to an RDFox graph database a walk in the park. Once configured, you can use it in combination with various PoolParty components in numerous use case scenarios, such as to build a semantic search engine to offer your customers intelligent search results humans expect.
Altogether, our 2022 release of PoolParty ensures an overall better user experience. With this release, we deliver stronger security, easier user management, and the tools to build semantic search and recommender systems.