Jitterbit Security¶

Overview¶

Harmony delivers powerful integration tools and services through Jitterbit's multi-tenant cloud integration platform, called Harmony. Previous versions of Jitterbit required organizations to deploy and manage Jitterbit software and integration projects on internal network infrastructure or dedicated private clouds. With Harmony, Jitterbit can now assume any or all of these responsibilities.

These pages are included in this topic:

• Jitterbit Security and Architecture White Paper
  Review the details of Jitterbit's logical, physical, and organization security.
• Jitterbit Security Features
  See a summary of security features for the Harmony cloud, data centers, and network.
• Jitterbit Password Controls
  Learn about how Jitterbit controls access to your organization via administration through the Management Console.
• Harmony Permissions and Access
  Use a matrix of organization role permissions and environment access levels to determine what areas of Harmony a member can access.
• Harmony Single Sign-on
  As an alternative to using Harmony credentials, organization administrators can configure SAML 2.0 or OAuth 2.0 to authenticate with various identity providers.
• Allowlist Information
  Find out how to use allowlisting with Agents and Design Studio.
• ISO 27001 and ISO 27017 Certification
  Read about the ISO certification of Jitterbit's Information Security Management System.
• Security Best Practices for Administrators, Project Builders, and Integration Specialists
  See recommendations and the best practices for security.

These additional resources related to security are also available:

• Jitterbit Privacy Policy
  Gain awareness of what personal data Jitterbit collects and how it is used.
• Jitterbit Trust Site
  Check real-time information on Jitterbit system performance through our Trust site. You can also subscribe to notifications by email, text, Slack, or webhook to be notified of any change in system status, maintenance, or outage.
• API Manager Security
  Learn to apply various levels of security for use with Jitterbit's Harmony API platform.
• Vinyl Security Overview
  Review security resources for Vinyl, Jitterbit's low-code application platform (LCAP).

Frequently Asked Questions¶

Q: What auditing is in place for the Harmony Portal?

A: Deployment audit is available. Jitterbit has an extremely robust logging mechanism that exposes everything along the integration path. These logs can be freely inspected by authorized users or used by a Jitterbit operation to highlight what is of interest.

Q: Do you provide message encryption?

A: Yes, two-way SSL support is provided by Jitterbit. Jitterbit also provides AES support. Additionally, Jitterbit has a PGP encryption plugin that can be used to encrypt messages.

Q: Is transport-level security with certificate validation supported?

A: Yes. This can be done via SSL.

Q: Can user authentication be performed using domain authorization, or must it be through the internal user database?

A: Jitterbit does provide domain authorization for file source/target and for database access. User authentication can be made via domain auth to access database endpoints. Domain auth cannot be used to access Jitterbit Private Agents. It is possible to do an LDAP transformation to disable users, but the password cannot be set from the operation if it is a "create" (we use our private key).

Q: What password controls are in place?

A: Passwords for Harmony are controlled within the Organizations page of the Management Console. The password control features are set for each individual organization separately. Only an Administrator for the organization has access to revise the password controls. See Organizations for specific details on password controls.