Secure the Platform
The Identity module provides proactive security tools to protect the GlobalAI platform from unauthorized access, brute-force attempts, and credential compromise. These features are essential for maintaining security in air-gapped and private cloud deployments.
Monitor Reputation Scores
GlobalAI automatically tracks the health of login attempts using a Reputation Score. This score is calculated based on the combination of the client IP address and the user identifier.
- Positive Score: Each successful login increases the score by 1 (up to a maximum of 5).
- Negative Score: Each failed login attempt decreases the score by 1 (down to a minimum of -5).
Create a Reputation Policy
To use these scores for security, you must create a policy that gates the authentication flow.
- Navigate to Policies > Reputation Policy.
- Select Create.
- Set the Threshold. For example, setting the threshold to
0ensures that any user with a negative score triggers the policy. - Save the policy.
Apply the Policy to a Flow
- Navigate to Flows and Stages > Flows and select your active login flow.
- Go to Stage Bindings.
- Find a high-friction stage (such as a CAPTCHA or Multi-Factor Authentication stage).
- Bind your Reputation Policy to this stage.
- Set the policy to Evaluate when stage is run.
Execute Emergency Access Revocation
In the event of a security breach or suspicious activity, deactivating a user profile may not be enough if they have an active session. To immediately boot a compromised user from the platform, you must invalidate their active tokens.
- Navigate to Directory > Users.
- Select the specific user account.
- Go to the Sessions/Tokens tab.
- Identify the active Refresh Token and select Delete. This terminates the session and forces the user to re-authenticate immediately.
Configure Notification Rules
Administrators can set up automated alerts for critical system events. These notifications ensure that security incidents are addressed immediately.
- Navigate to System > Notification Rules.
- Select Create Rule.
- Choose the Trigger Event (for example,
Failed Login,Secret Rotation, orCertificate Expiring). - Select a Transport to define where the alert is sent:
- Local: Alerts appear in the GlobalAI notification drawer.
- Email: Sends a direct message to configured administrator emails.
- Webhook: Sends data to external platforms like Slack, Microsoft Teams, or Discord.
Transport Setup Before creating a rule, verify that your global SMTP settings or Webhook URLs are configured in the System Settings menu.
Review Audit Logs and Impersonation
The Identity module maintains a comprehensive record of all platform activity. This is your primary tool for forensic investigation and compliance auditing.
- Navigate to Events > Logs.
- Review the recent activity, which includes:
- Login Success/Failure: Tracks who accessed the platform and from where.
- Policy Denials: Shows which security policies blocked a specific login attempt.
- Impersonation Events: Records when an admin logged in as another user.
Administrative Accountability
When an administrator uses the Impersonate feature (found in the User Directory) to troubleshoot permissions, the platform requires a Reason. This reason is permanently recorded in the logs. Periodically review these logs to ensure administrative tools are used only for authorized support tasks.
Manage SSL Certificates
To ensure encrypted communication throughout the platform, you must keep your SSL certificates up to date.
- Navigate to System > Certificates.
- View the list of current certificates and their expiration dates.
- When a certificate is updated, use the Rotate Secret action. This pushes the new certificate to the relevant platform components.
Related articles
Now that you have secured the platform, you can finalize your setup by reviewing your identity architecture.