{"title":"Identity and access management","category":"default","creationDate":1779620072,"content":"<div class=\"notices yellow\">\n<p>The information in this page is for guidance only. It is not a complete list of all security measures you should take, and should not be taken as definitive advice.<\/p>\n<\/div>\n<p>Manage access to your applications with appropriate Identity and Access Management (IAM) practices:<\/p>\n<ul>\n<li>\n<p><strong>Role-based access control<\/strong> to define access permissions based on user roles or functions.<\/p>\n<\/li>\n<li>\n<p><strong>Single sign-on<\/strong> for streamlined and secure authentication.<\/p>\n<\/li>\n<li>\n<p><strong>Multifactor authentication<\/strong> to enhance authentication by requiring an additional form of verification.<\/p>\n<\/li>\n<\/ul>\n<h2>Requirements<\/h2>\n<p>Before you begin, check if the information on this page applies to you.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">The information on this page is relevant for all Adyen integrations.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Role-based access control<\/h2>\n<p>Role-based access control (RBAC) is a security model that assigns permissions to users based on their roles within an organization. Roles can broadly relate to functions, job profiles, or departments. Or roles can relate to a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Separation_of_duties\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">segregation of duties<\/a> based on access permissions.<\/p>\n<p>Implementing RBAC ensures that users only have access to what is necessary for their role. This aligns with the \"need to know\" and \"least privilege\" principle of various compliance standards.<\/p>\n<p>You should document and regularly review your RBAC implementation.<\/p>\n<p>In the Adyen Customer Area you can set up your <a href=\"\/account\/account-structure\">account structure<\/a> with accounts, roles, and user permissions in accordance with RBAC.<\/p>\n<h2>Single sign-on<\/h2>\n<p>Single sign-on (SSO) is a user authentication process that allows a user to access multiple applications with a single set of login credentials.<\/p>\n<p>The Customer Area supports SSO based on the <a href=\"https:\/\/en.wikipedia.org\/wiki\/SAML_2.0\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Security Assertion Markup Language (SAML) 2.0 protocol<\/a>. SSO solutions that use the SAML 2.0 protocol include Okta, Azure, and Microsoft AD FS.<\/p>\n<p>Extending your SSO solution to the Customer Area provides improved security for your Adyen integration through controlled user access. For example, when an employee leaves, you can remove their Customer Area access through the SSO solution.<\/p>\n<h2>Multifactor authentication<\/h2>\n<p>Multifactor authentication (MFA) adds an extra layer of security on top of login credentials, by requiring an additional form of verification, for example through SMS, email, or biometrics. This helps prevent unauthorized users from accessing an account, even if they have obtained the username and password.<\/p>\n<p>The Customer Area supports MFA with an authenticator app or with SMS. Each user can set up one authentication method per device and register two devices through MFA.<\/p>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"\/account\/define-account-structure\"\n                        target=\"_self\"\n                        >\n                    Defining your account structure\n                <\/a><\/li><li><a href=\"\/account\/single-sign-on\/set-up-sso\"\n                        target=\"_self\"\n                        >\n                    Set up single sign on\n                <\/a><\/li><li><a href=\"\/account\/multifactor-authentication\"\n                        target=\"_self\"\n                        >\n                    Set up multifactor authentication\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/development-resources\/security\/iam","articleFields":{"description":"Authentication best practices for a secure implementation.","feedback_component":true,"filters_component":false,"decision_tree":"[]"},"algolia":{"url":"https:\/\/docs.adyen.com\/development-resources\/security\/iam","title":"Identity and access management","content":"\nThe information in this page is for guidance only. It is not a complete list of all security measures you should take, and should not be taken as definitive advice.\n\nManage access to your applications with appropriate Identity and Access Management (IAM) practices:\n\n\nRole-based access control to define access permissions based on user roles or functions.\n\n\nSingle sign-on for streamlined and secure authentication.\n\n\nMultifactor authentication to enhance authentication by requiring an additional form of verification.\n\n\nRequirements\nBefore you begin, check if the information on this page applies to you.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nThe information on this page is relevant for all Adyen integrations.\n\n\n\nRole-based access control\nRole-based access control (RBAC) is a security model that assigns permissions to users based on their roles within an organization. Roles can broadly relate to functions, job profiles, or departments. Or roles can relate to a segregation of duties based on access permissions.\nImplementing RBAC ensures that users only have access to what is necessary for their role. This aligns with the \"need to know\" and \"least privilege\" principle of various compliance standards.\nYou should document and regularly review your RBAC implementation.\nIn the Adyen Customer Area you can set up your account structure with accounts, roles, and user permissions in accordance with RBAC.\nSingle sign-on\nSingle sign-on (SSO) is a user authentication process that allows a user to access multiple applications with a single set of login credentials.\nThe Customer Area supports SSO based on the Security Assertion Markup Language (SAML) 2.0 protocol. SSO solutions that use the SAML 2.0 protocol include Okta, Azure, and Microsoft AD FS.\nExtending your SSO solution to the Customer Area provides improved security for your Adyen integration through controlled user access. For example, when an employee leaves, you can remove their Customer Area access through the SSO solution.\nMultifactor authentication\nMultifactor authentication (MFA) adds an extra layer of security on top of login credentials, by requiring an additional form of verification, for example through SMS, email, or biometrics. This helps prevent unauthorized users from accessing an account, even if they have obtained the username and password.\nThe Customer Area supports MFA with an authenticator app or with SMS. Each user can set up one authentication method per device and register two devices through MFA.\nSee also\n\n\n                    Defining your account structure\n                \n                    Set up single sign on\n                \n                    Set up multifactor authentication\n                \n","type":"page","locale":"en","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Development resources","lvl2":"Security resources","lvl3":"Identity and access management"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/","lvl1":"https:\/\/docs.adyen.com\/development-resources","lvl2":"https:\/\/docs.adyen.com\/development-resources\/security","lvl3":"\/development-resources\/security\/iam"},"levels":4,"category":"Development Resources","category_color":"green","tags":["Identity","access","management"]}}