The information in this page is for guidance only. It is not a complete list of all security measures you should take, and should not be taken as definitive advice.
Manage access to your applications with appropriate Identity and Access Management (IAM) practices:
-
Role-based access control to define access permissions based on user roles or functions.
-
Single sign-on for streamlined and secure authentication.
-
Multifactor authentication to enhance authentication by requiring an additional form of verification.
Requirements
Before you begin, check if the information on this page applies to you.
Requirement | Description |
---|---|
Integration type | The information on this page is relevant for all Adyen integrations. |
Role-based access control
Role-based access control (RBAC) is a security model that assigns permissions to users based on their roles within an organization. Roles can broadly relate to functions, job profiles, or departments. Or roles can relate to a segregation of duties based on access permissions.
Implementing RBAC ensures that users only have access to what is necessary for their role. This aligns with the "need to know" and "least privilege" principle of various compliance standards.
You should document and regularly review your RBAC implementation.
In the Adyen Customer Area you can set up your account structure with accounts, roles, and user permissions in accordance with RBAC.
Single sign-on
Single sign-on (SSO) is a user authentication process that allows a user to access multiple applications with a single set of login credentials.
The Customer Area supports SSO based on the Security Assertion Markup Language (SAML) 2.0 protocol. SSO solutions that use the SAML 2.0 protocol include Okta, Azure, and Microsoft AD FS.
Extending your SSO solution to the Customer Area provides improved security for your Adyen integration through controlled user access. For example, when an employee leaves, you can remove their Customer Area access through the SSO solution.
Multifactor authentication
Multifactor authentication (MFA) adds an extra layer of security on top of login credentials, by requiring an additional form of verification, for example through SMS, email, or biometrics. This helps prevent unauthorized users from accessing an account, even if they have obtained the username and password.
The Customer Area supports MFA with an authenticator app or with SMS. Each user can set up one authentication method per device and register two devices through MFA.