Customer credentials are stored securely in cmpute.io data infrastructure. The credentials are hashed to ensure that they cannot be retrieved in its original form. The password is one way hashed and cannot be decrypted. Cryptography implements a password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA256. The 128 bit Salt uses a 256 bit sub key and generates the hash by iterating 10,000 cycles.
The platform also allows a non-credential stored approach towards authenticating users. The platform can integrate with any SAML based identity provider for authentication. The Identity Providers holds the credentials and allows secure access to the platform by creating a signed SAML response that authenticates the user. Internally within the pla*tform, the users are given a random password for storing in the data store. The identity provider can also ensure access restrictions to preventing users from accessing the system by explicitly rejecting their request.
The platform offers three pre-built roles that authorizes access to different features and actions. The roles and the authority are given below:-
Administrator: Has full access to perform all operations including User management, Api key management, Authentication options, Cloud Account management and billing.
Creator: Has full access to manage jobs and schedules
Reader: Has read only access to manage jobs and schedules
User- Role management can be done by using the simplified web console user interface.
The platform offers granular permissions to access cloud account and related resources by associating users/teams to specific cloud resources. Users can be grouped by teams to simply access to resources. Cloud accounts use tags to identity resources and associate them with teams. Users/Teams can also be associated with same tags which allows granular access controls to limit resources from showing up in user interfaces.