Skip to main content

Core Features

1. User Management

Overview

User management is the function that creates, modifies, deletes all user accounts within the organization and controls service access permissions. It supports both manual registration and external system synchronization.

User Registration Method

Manual Registration

1. Individual Registration
- Enter name, email, ID
- Specify affiliated group
- Temporary password sent via email upon registration completion

2. CSV Bulk Registration
- Download CSV template
- Enter user information
- Bulk registration via file upload

Account Synchronization

1. Microsoft 365 Synchronization
- Azure AD Group·User Automatic Linking
- Full Synchronization / Select Group Synchronization

2. SCI Server Synchronization
- Document Security Personnel Information Linking
- Automatic Email Format Conversion with Domain Settings

User State Management

statusExplanationService Access
activationNormal operational status✅ Possible
DeactivationPaused State❌ Not allowed
deleteAccount Deletion❌ Not allowed

Password Management

Password Reset Method

MethodExplanation
Email linkSend password reset link to user email (valid for 10 minutes)
Temporary PasswordThe administrator generates and sends a temporary password.

Password Policy Settings

  • Minimum length and required character combination settings
  • Setting Change Cycle
  • Reuse Limit (Prohibit Use of Recent N Passwords)
  • Setting Change Extension Count and Duration

2. Group Management

Overview

Group management is a function that allows you to manage users by grouping them into organizational structures or policy application units. It provides two types: basic groups and policy groups.

Group Type

Basic Group

Purpose: Reflect organizational structure (departments, teams, etc.)  
Creation methods:
- Manual registration
- CSV bulk registration
- Microsoft 365 / SCI Server synchronization
Features:
- Group composition based on organizational chart
- Automatic updates during synchronization

Policy Group

Purpose: Virtual group for policy application  
Creation method:
- Manual registration
- Condition-based automatic configuration
Features:
- Designate policy targets regardless of department
- Ability to group groups to form a parent group
- Dynamic member management through condition search

Condition-Based Group Creation

The policy group can automatically set members through conditional search.

Condition Search Method

1. Select field (e.g.: User ID, Email, Department)
2. Select condition type (e.g.: starts with, contains)
3. Enter condition (e.g.: "dev", "@company.com")
4. Execute condition search
5. Add members after checking results

Condition Example

fieldconditionConditionalsresult
User IDStarts with ~devAll users starting with dev
emailincluding ~@partner.comPartner User
Department~ is equal toDevelopment TeamEntire Development Team

3. Administrator Management

Overview

Administrator management is a function that grants management permissions to specific users and controls the administrator's access to services.

Administrator Role

rolePermission Scope
super administratorSystem-wide access, granting/revoking administrator privileges, all configuration changes
Editor ManagerView/Edit All Service Menus (Excluding Admin Menu)
Query AdministratorOnly service menu view is available (excluding admin menu)
Log Query AdministratorOnly the log menu can be viewed.

Administrator Access Policy

Access to the admin page can be allowed/blocked based on conditions.

Configurable Conditions

conditionExplanation
Location (IP)Allow access only from specific IPs or IP ranges
timeAccess allowed only during specific time zones
DeviceControl by Device Type such as PC, Mobile

Access Policy Options

  • Access Denied
  • Access Allowed
  • Access Allowance + Additional Authentication (OTP / Email)

Log View Notification

This is a notification feature for monitoring the activities of the log query administrator.

Log View Admin Login/Logout  

Real-time email notifications to designated recipients

Immediate awareness of abnormal access

4. Conditional Policy (Zero Trust Conditional Access)

Overview

Conditional policies are a zero-trust-based feature that dynamically controls user access to services based on various conditions.

Condition Items

Location Condition (IP)

Configuration Method:
- Single IP: 192.168.1.100
- IP Range: 192.168.1.0/24
- IP Scope: 192.168.1.1 ~ 192.168.1.255

Application Examples:
- Internal IP Range → Allow Access
- Unregistered IP → Block or Additional Authentication

National Conditions

Setting Method:
- Select Country Code (KR, US, JP, etc.)

Application Example:
- Korea (KR) → Access Allowed
- Overseas → Access Denied

Time Condition

Setting method:
- Start time ~ End time
- Day selection

Application examples:
- Weekdays 09:00~18:00 → Access allowed
- Night/Weekend → Access blocked

Policy Operation Flow

1. User login attempt  

2. Validate conditions according to policy priority

3. Check if conditions are met
- IP condition ✓
- Time condition ✓
- Country condition ✓

4. Apply access policy
- Access allowed → Use service
- Access allowed + additional authentication → Use after OTP/email verification
- Access denied → Access not possible

Policy Priorities

If a user is included in multiple policies, the policy with the highest priority will be applied.

Priority 1: Overseas IP Blocking Policy  
Priority 2: Night Access Restriction Policy
Priority 3: Default Allow Policy

→ When accessing from overseas, apply Priority 1 policy → Blocked

5. Authentication Settings

Overview

Authentication settings are a feature that manages the authentication methods users will use when logging into the service.

Authentication Method

Security365 Certification

Method: Security365 own ID/password  
Target: Manually registered users
Features:
- Password policy applied
- Account lock policy applied

CSP Certification

Method: Microsoft / Google Account Integration  
Target: Users with the respective service account
Features:
- Display integration button on the login page
- Log in without separate registration with existing account

SSO Authentication (SAML)

Method: Integration with the organization's IdP (Identity Provider)  
Target: Organizations using SAML 2.0 supported IdP
Features:
- Utilize the organization's existing SSO system
- Centralized authentication management

Account Security Settings

SettingsExplanation
Account Deactivation PeriodAutomatically deactivate after a certain period of inactivity
Automatic LogoutAutomatic logout after inactivity timeout
Account LockoutTemporary lockout after exceeding the number of authentication failures
Recent Access InformationDisplay last login date/time/IP upon login

Account Lockout Policy

Authentication failure count: 5 times / 10 times / 15 times  
Lock time: 5 minutes / 10 minutes / 30 minutes / 60 minutes

Example) Account locked for 10 minutes after 5 failures
→ Automatically released after 10 minutes

6. Security Classification Label

Overview

The security classification label is a feature for systematically classifying the security level of data. It consists of a two-tier structure of grades and labels.

structure

Grade (Top Category)
├── Confidential (Red)
│ ├── Label: Personnel Information
│ ├── Label: Financial Information
│ └── Label: Trade Secrets
├── Sensitive (Orange)
│ ├── Label: Customer Information
│ └── Label: Project Documents
└── Public (Green)
└── Label: For External Sharing

Grade Settings

itemExplanation
Grade NameSecurity Level Name (e.g., Confidential, Sensitive, Public)
ColorColor designation for visual distinction
PurposeUsed for data classification in the integration service

Label Settings

itemExplanation
Label NameSubcategory Name (e.g., Personnel Information, Customer Information)
ExplanationDetailed description of the label
Affiliation LevelAssigning Higher Grade

7. Log Management

Overview

Log management is a function that records and queries user and administrator activities for all services.

Log Inquiry

Available Information

  • Who (User ID, Name)
  • When (connection date and time)
  • Where (IP address, location)
  • What (access service, perform tasks)

Filtering Options

  • Periodical Inquiry
  • User/Admin distinction
  • Service-specific Inquiry
  • Query by Department (Group Path)

Log Backup Settings

Backup Frequency:
- Daily: Executes at the specified time
- Monthly: Executes on the specified date and time
- Yearly: Executes at the specified month, date, and time

Collection Period:
- Includes logs from the day before the backup for the specified period
- Example) When set to 30 days, backs up logs from the last 30 days

Archive Management:
- Set maximum number of files
- Automatically deletes older files when exceeded

External Transfer Settings

Transfer Method: SSH (SFTP)  
Configuration Information:
- SSH ID / PW
- Server IP / Port
- Transfer Destination Path

Operation:
- Automatic transfer after backup completion
- Validate settings with connection test

9. Inbound Provisioning (Account Synchronization)

Overview

Inbound provisioning is a feature that automatically synchronizes user and group information from external personnel systems to Security365.

Microsoft 365 Synchronization

Full Synchronization

Target: All AD groups and users of the Microsoft tenant  
Method: Synchronize all information to Security365
Note: Existing manual registration information will be retained

Designated Group Synchronization

Target: Specific AD group and members selected by the administrator  
Method: Only synchronize the selected group
Caution: Members of groups not selected will be deleted
(manual registration information will be retained)

SCI Server Synchronization

Settings:
- Enter SCI server IP / Port
- Run integration test
- Domain settings (email format conversion)

Example:
SCI server ID: gildong.hong
Domain settings: SOFTCAMP.com
→ Security365 ID: gildong.hong@SOFTCAMP.com

Setting Synchronization Period

MethodExplanation
Automatic SynchronizationAutomatically run every day at the set time
Manual SynchronizationAdministrator clicks the immediate execution button