Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X
Hi All, I have some questions that were brought from a customer cybersecurity team, hope you could help me clarify..
Based on the document “FAD_ChalkSecurityOverview_Apr_2020”, this looks like PTC built a SaaS solution on AWS. However:
Hope somebody could help me.
Regards
VF
Solved! Go to Solution.
Hi @victor1790
I've asked for clarification on number 1 from our product team. I'll do my best to answer the rest:
2. Chalk user authentication and user identity is managed by Amazon Web Services (Cognito). Additionally, different roles are assigned to users within the Chalk application for managing access. Chalk offers SAML-based SSO if the customer prefers to manage user authentication themselves. Vuforia Chalk admins invite users to the system by email, both for direct and single sign-on (SSO) authentication. Access to any user data requires successful authentication. When using the Vuforia Chalk SAML-based SSO capability, customers can rely on their own Identity Management System (IdMS) for User Identity Authentication. User management (granting SSO-federated users access to Chalk, removing users from Chalk access, modifying their personal information, etc) is managed through the Chalk Admin Center, irrespective of the authentication provider (SSO or direct with Chalk). There are authorization rules to restrict based on role-based privileges.
3. Yes, vulnerabilities are scanned as part of internal and third-party penetration testing which has been performed for all software components.
4. Customers can enable MFA, enforce password limits, etc by using federated authenticaion (SSO). I think the answer to #2 covers this question as well.
Hi @victor1790
I've asked for clarification on number 1 from our product team. I'll do my best to answer the rest:
2. Chalk user authentication and user identity is managed by Amazon Web Services (Cognito). Additionally, different roles are assigned to users within the Chalk application for managing access. Chalk offers SAML-based SSO if the customer prefers to manage user authentication themselves. Vuforia Chalk admins invite users to the system by email, both for direct and single sign-on (SSO) authentication. Access to any user data requires successful authentication. When using the Vuforia Chalk SAML-based SSO capability, customers can rely on their own Identity Management System (IdMS) for User Identity Authentication. User management (granting SSO-federated users access to Chalk, removing users from Chalk access, modifying their personal information, etc) is managed through the Chalk Admin Center, irrespective of the authentication provider (SSO or direct with Chalk). There are authorization rules to restrict based on role-based privileges.
3. Yes, vulnerabilities are scanned as part of internal and third-party penetration testing which has been performed for all software components.
4. Customers can enable MFA, enforce password limits, etc by using federated authenticaion (SSO). I think the answer to #2 covers this question as well.
Hi @tmccombie,
thank you very much for your help. With regards to your answers:
3.- Can PTC share this reports (PEN) or provide a document where the PEN test are referenced?
4.- What happens when a customer ends its subscription? How is their information handled? Does PTC delete it? Is there any document referring this?
Thanks again!
VF
Hi Victor
1. We use AWS as a PaaS and IaaS provider with Chalk being SaaS
3. You can email VuforiaComplianceTeam@ptc.com for a copy of our SOC 2 report
I'm getting clarification on 4 and will update you once I have it.
For number 4, please see below.
When a customer's subscription ends, their account will go into “Suspended” where they would no longer have access to the Chalk Admin Center. Their data footprint is low (i.e., Company Info, User List and Session Activity) - but we can purge the data and export that data if requested by the customer.