Hello
Since IFS is supporting OATH2, have they IFS folks publish the OATH2 configuration tech note for azure office 365? On the 365 side, all that is needed is a security skus in 365 - EMS or MS 365 suite.
IFS folks - have you published an additional support note on the integration to Azure or is the developer link all you have
OAuth2 Authentication - Keap Developer Portal ?
This would fix the big security hole on IFS, and we could force MFA on our access and block the legacy password model (include down rev version of office 2013 and earlier) that IFS allows to be used and are being hacked by the ransomware folks.
IFS folks - Please advise to when you will be fixing your security hole in your SAAS product?
There is no “integration” to 365/Azure. Using OAuth doesn’t automatically provide that.
IS has it’s own OAuth use and 365/Azure has their use of OAuth. But they’re still two separate logins and products and an integration between the two would have to be built.
Clearly you do not have a clue the way OAUTH2 works, along with what it means for better client experience. if IFS did, I suspect it would be resolved. You currently have Shield law in NY (which means that you need to be NIST 800-53 compliant. And in turn we need to get access to the internal audit logs so we can be compliant using IFS. (so you will have to export the logs to a third party tools such as a cloud access security broker - things that you get with OAUTH2 etc)…
But what can I say, I am just a user using IFS with a legacy 1990’s security model and suggesting to a company how to plan for security and to fix the poor security and support modern authentication (keep in mind, you have until 13 oct 20 - when legacy authentication will be disabled to Office 365 - so no more sync tool). In November 2020 you will need to support OAUTH2 for outlook clients to work with Office 365. (which also means office 2013 and earlier will not longer work with office 365 email services after Oct 13, 2020)
But who am I to tell you what you need to do, because clearly IFS know better then the rest of the security industry. IFS has not rolled out MFA, IFS does not provide any security alerts on conditional access for impossible travel, IFS seems to hold them self harmless that the laws in CA, AZ and now New York don’t apply to them… And IFS soon to be out of compliance with the CMMC level 1 requirements that will effect all government contracts and grants.
After All, I am just a business owner (or as IFS thinks a dumb user) that wants to use a product (IFS), and use it in a secure way with the necessary audit controls so I can meet my client requirements.
@Matt_Katzer,
You may wish to redirect your ire.
I do not work for Infusionsoft. I spend my time free of charge to help people here so they have made me a moderator but your ‘quam’ is not with me as I don’t work for them.
I do understand how OAuth works. You may be “just a business man” but I am a programmer and know the back end of it. The way IS has to use OAuth is different than the way others often do. OAuth is not an authentication protocol…at all. It simply helps people create custom work flow for their authentication, meaning, someone implementing OAuth may have different methods and requirements.
That is not to say they couldn’t use other logins that use OAuth but it is less practical here. There is not a huge benefit either. Mild convenience at best, but someone is not seriously “put out” if they don’t have it.
Still, that’s all just a matter of opinion and preference. Either way, it isn’t something that has been in “high demand” so it’s not likely (though not impossible) to be implemented that way.
Finally, if you do wish to request this as a feature, doing so through a focus support group probably isn’t the most direct way. I’d suggest making the recommendation on their feature request page at https://keap.com/tellus