Jitterbit security¶
Overview¶
Harmony delivers powerful integration tools and services through Jitterbit's multi-tenant cloud integration platform, called Harmony. Previous versions of Jitterbit required organizations to deploy and manage Jitterbit software and integration projects on internal network infrastructure or dedicated private clouds. With Harmony, Jitterbit can now assume any or all of these responsibilities.
These pages are included in this topic:
- Jitterbit security and architecture white paper
Review the details of Jitterbit's logical, physical, and organization security. - Jitterbit security features
See a summary of security features for the Harmony cloud, data centers, and network. - Jitterbit password controls
Learn about how Jitterbit controls access to your organization via administration through the Management Console. - Harmony permissions and access
Use a matrix of user role permissions and environment access levels to determine what areas of Harmony a member can access. - Harmony single sign-on
As an alternative to using Harmony credentials, organization administrators can configure SAML 2.0 or OAuth 2.0 to authenticate with various identity providers. - Allowlist information
Find out how to use allowlisting with agents and Design Studio. - ISO 27001 and ISO 27017 certification
Read about the ISO certification of Jitterbit's Information Security Management System. - Security best practices for administrators, project builders, and integration specialists
See recommendations and the best practices for security.
These additional resources related to security are also available:
- Jitterbit privacy policy
Gain awareness of what personal data Jitterbit collects and how it is used. - Jitterbit Trust Site
Check real-time information on Jitterbit system performance through our trust site. You can also subscribe to notifications by email, text, Slack, or webhook to be notified of any change in system status, maintenance, or outage. - API Manager security
Learn to apply various levels of security for use with the Jitterbit Harmony platform. - App Builder security overview
Review security resources for App Builder, Jitterbit's application for creating web and mobile apps.
Frequently asked questions¶
Q: What auditing is in place for the Harmony portal?
A: Deployment audit is available. Jitterbit has an extremely robust logging mechanism that exposes everything along the integration path. These logs can be freely inspected by authorized users or used by a Jitterbit operation to highlight what is of interest.
Q: Do you provide message encryption?
A: Yes, two-way SSL support is provided by Jitterbit. Jitterbit also provides AES support. Additionally, Jitterbit has a PGP encryption plugin that can be used to encrypt messages.
Q: Is transport-level security with certificate validation supported?
A: Yes. This can be done via SSL.
Q: Can user authentication be performed using domain authorization, or must it be through the internal user database?
A: Jitterbit does provide domain authorization for file source/target and for database access. User authentication can be made via domain auth to access database endpoints. Domain auth cannot be used to access Jitterbit private agents. It is possible to do an LDAP transformation to disable users, but the password cannot be set from the operation if it is a "create" (we use our private key).
Q: What password controls are in place?
A: Password policies for Harmony are controlled within the Organizations page of the Management Console. The password control features are set for each individual organization separately. Only an Administrator for the organization has access to revise the password controls. See Organizations for specific details on password controls.
Note
Password controls for organizations using single sign-on are managed through the Identity Provider.