Security and Data

Integration Hub makes integrating different services, apps, and systems easier. Maintaining the integrity and confidentiality of data transferred between linked systems depends critically on the security and appropriate management of data within the Integration Hub.

User Provisioning and Authorization

To reduce the risk of data exposure, SymphonyAI Integration Hub implements a roles, adhering to the principle of least privilege when granting system access.

Controlling User Access Through Roles

Workspace admins utilize roles to assign collaborators to projects and folders, allowing them to view, edit, create, or delete assets. SymphonyAI Integration Hub comes pre-configured with Admin, Operator, and Analyst system roles, each providing the necessary permissions for users to perform tasks relevant to their role.

System Roles

SymphonyAI provides predefined system roles that can be assigned to workspace collaborators, tailored to the level of access each user requires.

The available system roles in SymphonyAI are Admin, Analyst, and Operator.

Admin

The Admin role is usually assigned to users who manage the SymphonyAI workspace and is the most permissive system role. It provides the ability to manage workspace settings and includes special permissions for handling advanced settings like key management, debugging, notifications, and secrets management. These privileges are exclusive to the Admin role and are not available in any other system or custom roles.

Analysts generally focus on creating and testing recipes or custom connectors.

Operator

Operators are users dedicated to maintaining and validating existing recipes, and this role has the fewest permissions. 

This role provides read-only access to all folders and all projects. 

Access and Authentication

The Integration Hub's security relies heavily on access and authentication to make sure that only approved users and apps may communicate with the platform. This is a synopsis:

• TLS and HTTP Standards

  The Integration Hub API Platform feature supports these TLS (Transport Layer Security) and HTTP ( HyperText Transfer Protocol) standards:

  • API Platform endpoints support TLS versions 1.2 and 1.3, with a minimum HTTP version of 1.0 or above.

• Session Timeout

  Integration Hub supports automatic session logout after a specified period of inactivity. Organizations can configure the session timeout duration based on their security requirements. The default timeout is set to seven days, but it can be adjusted to anywhere between 15 minutes and 14 days, depending on the organization's security policy.

• Connecting to External Systems

  Integration Hub customers can combine many apps and service through a simplified approach for connecting to external systems.  

• OAuth 2.0

  When Integration Hub recipes connect to remote systems using user-provided credentials, OAuth 2.0 is used whenever possible. This approach eliminates the need to store credentials within the Integration Hub system. However, if credentials must be stored for a remote system, they are encrypted with a 256-bit key.

• Custom OAuth

  Custom OAuth profiles allow recipe builders to create personalized application profiles on supported connectors and link them to Integration Hub. This provides greater control over the application's branding, permission scopes, and OAuth settings.

• Data Protection

  In Integration Hub, data protection refers to various tactics and procedures used to protect user information and respect privacy.

• Data Encryption

  All data stored within the Integration Hub system, including recipes, connections, lookup tables, user profiles, job history, and audit logs, is encrypted at rest using a strong encryption algorithm (AES-256). Job history data is further protected through double encryption, utilizing both a global key managed by our cloud providers and a tenant-specific key.

• Data Retention

  Integration Hub temporarily stores transaction-related data to offer visibility into system activities, support testing and debugging, enable the re-execution of failed transactions, and manage long-running transactions.

• Compliance 

  Integration Hub compliance includes following several rules and guidelines to guarantee data security, privacy, and operational integrity. 

• SOC-1 and SOC-2 Audited

  Integration Hub has successfully passed a Service Organization Controls 2 (SOC-2) Type II audit conducted by a third-party evaluator certified by the American Institute of CPAs (AICPA). This audit assesses the effectiveness of a service organization's controls related to security, availability, processing integrity, privacy, and confidentiality, based on the Trust Services Principles established by the AICPA.

• HIPAA

  Integration Hub is HIPAA (Health Insurance Portability and Accountability Act) compliant as a Business Associate and can enter into a Business Associate Agreement (BAA) with customers. It receives an annual HIPAA compliance attestation from an external auditing firm.

• PCI

  Integration Hub utilizes Stripe, a PCI (Payment Card Industry)compliant Level 1 audited payment processor, to handle credit card payments related to its services.