1
0
-1

Hi Avoka Team,

I'm trying to provide an audit trail for an OAuth/OpenID SSO authentication that allow us to have traceability from a tracking code back to a successful Security Manager authentication.

This is possible using the existing UI in Avoka Transact, however the data retention settings do not allow us to persist the data for 7 years (required for our use case), so we will need to export data from Transact into our own data warehouse.

Is there any advice on the best way to achieve this?

So far I have considered using the Txn object provided in the Transact SDK, but it's unclear from my testing:

  1. How to persist the token in the Txn (I've looked at the TxnUpdater.setProperty method but unsure if it will work)
  2. How to pass the token to the Txn from the Security Manager

Thanks,

Sean

    CommentAdd your comment...

    2 answers

    1.  
      1
      0
      -1

      Hi Sean,

      We are currently implementing an AWS SQS System Event publisher which could support this use case.  This is targeting the Transact 18.5 release.  What version of TM are you using, or what is your target date for this project.

      regards

      1. Sean Colyer

        Hi Malcolm,

        That sounds promising. We are currently on 17.10 and wouldn't be able to put this particular feature into our production system until at least August/September - so 18.5 will probably work for us (assuming it's due this month?).

        I am preparing some technical design documentation for our solution to be reviewed by our Cyber Sec team - would you mind sending through some draft documentation for the System Event publisher?

        Thanks,

        Sean

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Which part of Transact do you want to create an audit log for?

      • User Login History
      • Security Manager Log
      • Form Transactions

      regards Malcolm

      1. Sean Colyer

        Ideally a combination of the three - We need to have proof of identity at the time the transaction was completed/submitted. So, for a submitted form, we need to show:

        • Who was logged in
        • How we authenticated them (e.g. what token we received from our OpenID Identity Provider)
        • When we authenticated them
        • A way to associate the above with a tracking code (as we will store the PDFs in a document storage system)
      CommentAdd your comment...