Core Features
1. User Management
Overview
User management is the function that creates, modifies, deletes all user accounts within the organization and controls service access permissions. It supports both manual registration and external system synchronization.
User Registration Method
Manual Registration
1. Individual Registration
- Enter name, email, ID
- Specify affiliated group
- Temporary password sent via email upon registration completion
2. CSV Bulk Registration
- Download CSV template
- Enter user information
- Bulk registration via file upload
Account Synchronization
1. Microsoft 365 Synchronization
- Azure AD Group·User Automatic Linking
- Full Synchronization / Select Group Synchronization
2. SCI Server Synchronization
- Document Security Personnel Information Linking
- Automatic Email Format Conversion with Domain Settings
User State Management
| status | Explanation | Service Access |
|---|---|---|
| activation | Normal operational status | ✅ Possible |
| Deactivation | Paused State | ❌ Not allowed |
| delete | Account Deletion | ❌ Not allowed |
Password Management
Password Reset Method
| Method | Explanation |
|---|---|
| Email link | Send password reset link to user email (valid for 10 minutes) |
| Temporary Password | The administrator generates and sends a temporary password. |
Password Policy Settings
- Minimum length and required character combination settings
- Setting Change Cycle
- Reuse Limit (Prohibit Use of Recent N Passwords)
- Setting Change Extension Count and Duration
2. Group Management
Overview
Group management is a function that allows you to manage users by grouping them into organizational structures or policy application units. It provides two types: basic groups and policy groups.
Group Type
Basic Group
Purpose: Reflect organizational structure (departments, teams, etc.)
Creation methods:
- Manual registration
- CSV bulk registration
- Microsoft 365 / SCI Server synchronization
Features:
- Group composition based on organizational chart
- Automatic updates during synchronization
Policy Group
Purpose: Virtual group for policy application
Creation method:
- Manual registration
- Condition-based automatic configuration
Features:
- Designate policy targets regardless of department
- Ability to group groups to form a parent group
- Dynamic member management through condition search
Condition-Based Group Creation
The policy group can automatically set members through conditional search.
Condition Search Method
1. Select field (e.g.: User ID, Email, Department)
2. Select condition type (e.g.: starts with, contains)
3. Enter condition (e.g.: "dev", "@company.com")
4. Execute condition search
5. Add members after checking results
Condition Example
| field | condition | Conditionals | result |
|---|---|---|---|
| User ID | Starts with ~ | dev | All users starting with dev |
| including ~ | @partner.com | Partner User | |
| Department | ~ is equal to | Development Team | Entire Development Team |
3. Administrator Management
Overview
Administrator management is a function that grants management permissions to specific users and controls the administrator's access to services.
Administrator Role
| role | Permission Scope |
|---|---|
| super administrator | System-wide access, granting/revoking administrator privileges, all configuration changes |
| Editor Manager | View/Edit All Service Menus (Excluding Admin Menu) |
| Query Administrator | Only service menu view is available (excluding admin menu) |
| Log Query Administrator | Only the log menu can be viewed. |
Administrator Access Policy
Access to the admin page can be allowed/blocked based on conditions.
Configurable Conditions
| condition | Explanation |
|---|---|
| Location (IP) | Allow access only from specific IPs or IP ranges |
| time | Access allowed only during specific time zones |
| Device | Control by Device Type such as PC, Mobile |
Access Policy Options
- Access Denied
- Access Allowed
- Access Allowance + Additional Authentication (OTP / Email)
Log View Notification
This is a notification feature for monitoring the activities of the log query administrator.
Log View Admin Login/Logout
↓
Real-time email notifications to designated recipients
↓
Immediate awareness of abnormal access
4. Conditional Policy (Zero Trust Conditional Access)
Overview
Conditional policies are a zero-trust-based feature that dynamically controls user access to services based on various conditions.
Condition Items
Location Condition (IP)
Configuration Method:
- Single IP: 192.168.1.100
- IP Range: 192.168.1.0/24
- IP Scope: 192.168.1.1 ~ 192.168.1.255
Application Examples:
- Internal IP Range → Allow Access
- Unregistered IP → Block or Additional Authentication
National Conditions
Setting Method:
- Select Country Code (KR, US, JP, etc.)
Application Example:
- Korea (KR) → Access Allowed
- Overseas → Access Denied
Time Condition
Setting method:
- Start time ~ End time
- Day selection
Application examples:
- Weekdays 09:00~18:00 → Access allowed
- Night/Weekend → Access blocked
Policy Operation Flow
1. User login attempt
↓
2. Validate conditions according to policy priority
↓
3. Check if conditions are met
- IP condition ✓
- Time condition ✓
- Country condition ✓
↓
4. Apply access policy
- Access allowed → Use service
- Access allowed + additional authentication → Use after OTP/email verification
- Access denied → Access not possible
Policy Priorities
If a user is included in multiple policies, the policy with the highest priority will be applied.
Priority 1: Overseas IP Blocking Policy
Priority 2: Night Access Restriction Policy
Priority 3: Default Allow Policy
→ When accessing from overseas, apply Priority 1 policy → Blocked
5. Authentication Settings
Overview
Authentication settings are a feature that manages the authentication methods users will use when logging into the service.
Authentication Method
Security365 Certification
Method: Security365 own ID/password
Target: Manually registered users
Features:
- Password policy applied
- Account lock policy applied
CSP Certification
Method: Microsoft / Google Account Integration
Target: Users with the respective service account
Features:
- Display integration button on the login page
- Log in without separate registration with existing account
SSO Authentication (SAML)
Method: Integration with the organization's IdP (Identity Provider)
Target: Organizations using SAML 2.0 supported IdP
Features:
- Utilize the organization's existing SSO system
- Centralized authentication management
Account Security Settings
| Settings | Explanation |
|---|---|
| Account Deactivation Period | Automatically deactivate after a certain period of inactivity |
| Automatic Logout | Automatic logout after inactivity timeout |
| Account Lockout | Temporary lockout after exceeding the number of authentication failures |
| Recent Access Information | Display last login date/time/IP upon login |
Account Lockout Policy
Authentication failure count: 5 times / 10 times / 15 times
Lock time: 5 minutes / 10 minutes / 30 minutes / 60 minutes
Example) Account locked for 10 minutes after 5 failures
→ Automatically released after 10 minutes
6. Security Classification Label
Overview
The security classification label is a feature for systematically classifying the security level of data. It consists of a two-tier structure of grades and labels.
structure
Grade (Top Category)
├── Confidential (Red)
│ ├── Label: Personnel Information
│ ├ ── Label: Financial Information
│ └── Label: Trade Secrets
├── Sensitive (Orange)
│ ├── Label: Customer Information
│ └── Label: Project Documents
└── Public (Green)
└── Label: For External Sharing
Grade Settings
| item | Explanation |
|---|---|
| Grade Name | Security Level Name (e.g., Confidential, Sensitive, Public) |
| Color | Color designation for visual distinction |
| Purpose | Used for data classification in the integration service |
Label Settings
| item | Explanation |
|---|---|
| Label Name | Subcategory Name (e.g., Personnel Information, Customer Information) |
| Explanation | Detailed description of the label |
| Affiliation Level | Assigning Higher Grade |
7. Log Management
Overview
Log management is a function that records and queries user and administrator activities for all services.
Log Inquiry
Available Information
- Who (User ID, Name)
- When (connection date and time)
- Where (IP address, location)
- What (access service, perform tasks)
Filtering Options
- Periodical Inquiry
- User/Admin distinction
- Service-specific Inquiry
- Query by Department (Group Path)
Log Backup Settings
Backup Frequency:
- Daily: Executes at the specified time
- Monthly: Executes on the specified date and time
- Yearly: Executes at the specified month, date, and time
Collection Period:
- Includes logs from the day before the backup for the specified period
- Example) When set to 30 days, backs up logs from the last 30 days
Archive Management:
- Set maximum number of files
- Automatically deletes older files when exceeded
External Transfer Settings
Transfer Method: SSH (SFTP)
Configuration Information:
- SSH ID / PW
- Server IP / Port
- Transfer Destination Path
Operation:
- Automatic transfer after backup completion
- Validate settings with connection test
9. Inbound Provisioning (Account Synchronization)
Overview
Inbound provisioning is a feature that automatically synchronizes user and group information from external personnel systems to Security365.
Microsoft 365 Synchronization
Full Synchronization
Target: All AD groups and users of the Microsoft tenant
Method: Synchronize all information to Security365
Note: Existing manual registration information will be retained
Designated Group Synchronization
Target: Specific AD group and members selected by the administrator
Method: Only synchronize the selected group
Caution: Members of groups not selected will be deleted
(manual registration information will be retained)
SCI Server Synchronization
Settings:
- Enter SCI server IP / Port
- Run integration test
- Domain settings (email format conversion)
Example:
SCI server ID: gildong.hong
Domain settings: SOFTCAMP.com
→ Security365 ID: gildong.hong@SOFTCAMP.com
Setting Synchronization Period
| Method | Explanation |
|---|---|
| Automatic Synchronization | Automatically run every day at the set time |
| Manual Synchronization | Administrator clicks the immediate execution button |