Security Managers Overview

   Journey Manager (JM) Previously known as Transact Manager (TM). |   System Manager / DevOps |   21.11 This feature was updated in 21.11.

Journey Manager is designed with a robust security architecture in mind that ensures a safe and secure foundation for users to access forms and applications hosted on the server. The security architecture is implemented using Security Managers, which are software components within Manager that handle users request access to different form spaces. Users can be external or internal, and they can require access to form spaces or a combination of form spaces and modules in different environments.

Security Managers are responsible for:

Security Manager use the latest technologies, such as TLS, SSL, SHA and AES, to allow them fulfill their responsibilities.

The security architecture enables developers and system administrators to implement best security practices, such as:

A security manager contains one or more authentication providers that can be chained. That is, if one authentication provider can't authenticate a user due to some reason, the next authentication provider is called and so on until the user is authenticated or no authentication providers are left. Providers can be local or delegated, as shown below.

An authentication provider's main job is to authenticate a user that will result in allowing or denying user access to a resource, which is often a form. Security Managers can be exported and imported across different Manager instances to make it easier to implement security requirements.

Manager comes with the following ready-to-use security managers:

  • Local Security Manager
  • LDAP Security Manager
  • Microsoft ADFS Security Manager
  • Microsoft WS-Trust Security Manager
  • SSO Security Manager
  • OAuth2 SSO Security Manager
  • Fluent Microsoft ADFS Security Manager  |  19.11 This feature was introduced in 19.11.
  • Fluent SSO Security Manager  |  19.11 This feature was introduced in 19.11.
  • Fluent OAuth2 SSO Security Manager  |  21.11 This feature was introduced in 21.11.

SSO security managers, such as Microsoft ADFS, have specific Groovy scripts, which you can configure to acquire a SSO token or call a chain of authentication providers. It allows you to create various SSO and login flows.

SSO Flow

  1. SSO Get Auth Token. The result is passed into the authentication providers. If there's no result or a local authentication provider exists, it can go to the login flow
  2. Authentication provider list
  3. SSO authentication OK response
  4. SSO re-validation

Login Flow

  1. Login page
  2. Authentication Providers, for example, WS-Trust and LDAP or Local DB

Manager controls access to the Manager Dashboard using permissions and organization based filters, whereas access to forms and content on the form space is controlled using groups, permissions, and user account based filtering.

Download the Security Managers PDF

We've replaced the Security Managers online documentation with a PDF version. Here's how you can get a copy of the PDF.

  • If you have access to the Temenos instance of Microsoft Teams, you can download the Security Managers PDF from Teams. Follow these steps to download the version you need:
    1. Login to Microsoft Teams.
    2. Select the Temenos Journey Manager (TJM) team.
    3. Select the Temenos Document Share channel.
    4. Select Files and browse to the SecurityManager (INTERNAL USE ONLY) folder.
    5. Download the Security Managers PDF for your version of Manager (Security-Managers.pdf).
  • Otherwise, contact your customer support manager (CSM) to request a copy of the Security Managers PDF.

Next, learn about organizations.