The process of authentication is fully managed by the Thinkwise Platform

Administrators configure user accounts in the Intelligent Application Manager, the management tool for production environments built using the Thinkwise Platform. There are various supported authentication types. Most types rely on external user stores to verify the user:

• Windows Active Directory
• Azure Active Directory
• Accounts managed by the database.

Mechanisms such as SSPI, Kerberos and OpenID are used by the runtime components to ensure this is done securely. Logging in through Single sign-on is supported out-of-the-box. The Thinkwise Platform can also act as an OpenID provider itself, allowing users to identify themselves to 3rd party applications using the account in the Intelligent Application Manager.

Role-Based Access Control grant users access to different features of the developed application

Roles are a part of the application model. They are coarse-grained bundles of rights on certain model objects. A single role is designed to fully support a certain business activity within the system that can be granted or revoked without side effects.

Furthermore, data filters can be configured for a role that limits the data available to the user. This can be in a static manner (for example, limit Sales invoices to only those with status draft) or in a dynamic manner (limit Sales invoices to only those assigned to the current user).

The Software Factory ensures each individual role is a consistent bundle of model objects. For example, the menu item Approve sales invoices may not be granted to the role while the Sales invoice entity has not been authorized to the role. To achieve this, roles are not limited to CRUD rights on data entities but include rights on UI model objects and process model objects as well. Built-in validations assist the developer in configuring a consistent, secure, and powerful set of roles.

Role-Based Access Control grant users access to different features of the developed application

Roles are a part of the application model. They are coarse-grained bundles of rights on certain model objects. A single role is designed to fully support a certain business activity within the system that can be granted or revoked without side effects.

Furthermore, data filters can be configured for a role that limits the data available to the user. This can be in a static manner (for example, limit Sales invoices to only those with status draft) or in a dynamic manner (limit Sales invoices to only those assigned to the current user).

The Software Factory ensures each individual role is a consistent bundle of model objects. For example, the menu item Approve sales invoices may not be granted to the role while the Sales invoice entity has not been authorized to the role. To achieve this, roles are not limited to CRUD rights on data entities but include rights on UI model objects and process model objects as well. Built-in validations assist the developer in configuring a consistent, secure, and powerful set of roles.

The Thinkwise Platform allows customers to deploy their applications as they prefer

The platform is not exclusive to a certain cloud provider or operating system. You can choose to deploy on-premise on Linux servers, in AWS, Azure or Google cloud using their PaaS services or IaaS services. Or simply install the full Thinkwise Platform on your own Windows desktop.

This freedom allows providers of large enterprise systems to satisfy very specific SLA demands of their users. On the flip side, this comes with significant ramifications for the security of your environment. The infrastructure is not the responsibility of the Thinkwise Platform as it is not provided as an aPaas environment.