4. Access Control

4.1      User authentication and authorization

Thru utilizes robust identity management capabilities to enable secure access control across the system. Specifically, the solution leverages the following components:

       (i.)    Authentication – Thru portal users are authenticated through support for standards-based single sign-on (SSO) via SAML 2.0. This allows seamless integration with existing identity providers to validate user identities.  Thru’s products deployed on customer networks (Thru Node) and Thru’s EiPaaS connectors use OpenID Connect (OIDC).

      (ii.)    Authorization - Authorization decisions are enforced through role-based access control (RBAC). Roles are defined with specific permissions and users are assigned to roles based on the principle of least privilege. Signed JSON Web Tokens (JWT) are used for integrity protection. This ensures users only have access to the system functions and data they require, and that the claims cannot be modified.

     (iii.)    Audit Logging - Events related to access control, such as user login, permission changes, and role assignments are logged for auditing and visibility into security-related activities.

4.2      Role-Based Access Control (RBAC) 

Thru enables role-based access control (RBAC) to restrict system access and functionality according to defined user roles. RBAC configurations can be administered through the graphical user interface in the admin console and via application programming interfaces (APIs).

The RBAC implementation features:

• Custom roles creation

• Granular permissions control

4.3      Authentication

Thru provides several methods for explicit authentication for users, systems and APIs that access Thru.

Please refer to the following table.