Passport FAQs

Deployment and Installation

1. Is Passport hosted or on-premise?

Either. We can host Passport for you in our private cloud or you can install Passport on your own hardware. If you choose to deploy in our private cloud, your data will still be completely isolated from other customers and your servers will be secured and monitored by our security team.

2. What operating systems does Passport run on?

Passport will run on any platform that supports Java, including Unix, Linux, OSX, BSD and Windows. Native packages are provided for Debian and Redhat based Linux platforms and zip packages are provided for all other platforms.

3. Do you have AMIs for Passport?

Yes. Passport can be quickly deployed into Amazon’s EC2 service using our AMIs. You can follow the instructions in our documentation to install Passport into Amazon’s EC2:

http://docs.inversoft.com/display/P10/Install+Backend+in+AWS+with+local+database

http://docs.inversoft.com/display/P10/Install+Frontend+in+AWS

http://docs.inversoft.com/display/P10/Install+Search+Engine+in+AWS

4. Do you have Docker images for Passport?

Yes. You can download Docker images for Passport after you have created an account and signed up for a free Developer license. Just click the download button and select the Docker image.

5. How long does it take to install Passport?

Passport can be installed in a matter of minutes. Installation can be completed using any of our bundles including RPMs, DEBs, Docker images and ZIPs. We also provide AMIs for Amazon that make deploying Passport in EC2 very simple.

Passport also includes a simple installation wizard to help you get up and running quickly. Just provide the information for your database and license ID and Passport will be ready to go in seconds.

6. Why is Passport on-premise (or private hosted) rather than a multi-tenant solution?

If we were to store your user data along with everyone else’s, we would become a primary target for hackers. If we were hacked, your data and everyone else’s data would be compromised. Storing each customer’s data separately or on your own servers ensures that your data is as secure as possible.

We offer hosting solutions if you prefer to not install and manage Passport yourself. Regardless of the deployment, your user data will always be completely isolated from others. This ensures the highest level of security for your data.

Integration/API

1. What type of API does Passport provide?

Passport provides a RESTful API that takes and returns JSON over HTTP. You can access the Passport API from virtually any language yourself or you can use one of our client libraries to speed up your development time. See our Client Libraries documentation for more information (http://docs.inversoft.com/display/P10/Client+Libraries).

2. Can I use my LDAP database with Passport?

No. Passport becomes your centralized user database. There are a number of benefits to a centralized user database, but most importantly, you can manage all of your users from a single location.

3. How long will it take to integrate my app with Passport?

This depends on your experience integrating REST APIs, but Passport integration usually takes a day or two to get everything written, tested and working.

To make things easier for you, we have a number of client libraries for faster integrations. See our Client Libraries documentation for more information (http://docs.inversoft.com/display/P10/Client+Libraries).

4. Do you offer integration support and services?

Yes. Our professional services and support teams can help you during installation and integration. If you ever run into snags or have questions, simply email support@inversoft.com and we will assist you. You can also contact sales@inversoft.com to discuss our professional services in more detail.

5. Can I use Passport for my internal applications and users?

Yes. Passport can be used as the user management backend for any application, including internal applications. We are actively working on plugins for various 3rd party tools like Wordpress. These plugins will make it simple for you to integrate Passport with internal applications you don’t write yourself. In many cases you can also write a plugin for 3rd party applications to integrate them with Passport.

Passport does not differentiate between internal and external users in terms of functionality or pricing. You can use Passport to manage all of your users in a single location easily without worrying about whether or not they are internal or external.

Scaling

1. Passport looks good for small systems, but we have 10 million users. Will it work for us?

Yes, Passport is highly scalable. We have load tested Passport with tens of millions of users and hundreds of registrations and logins each second with great results. We can help you deploy and tune your Passport installation to ensure it will scale for your needs.  Please contact us at sales@inversoft.com and we can discuss the best solution for you.

2. Does Passport handle multiple applications?

Yes. Passport is capable of managing users across multiple applications. Passport provides a complete single sign-on solution for logging users into various applications. It also provides a flexible user database that can store general user data and application specific user data.

Single Sign-On

1. What is the difference between Passport and Google Login?

Google Login only provides a way to log users into your application using their Google email and password. However, Google Login doesn’t know anything about which users have access to certain areas of your application or certain features (Authorization). Additionally, Google Login and Google+ cannot be used to store additional user details such as the company the user works for or their username.

Passport is a complete user database and management solution. It provides registration, login, authorization, reporting and the ability to store additional user data for any user.

2. What SSO protocols do you support?

Currently, Passport supports OAuth version 2.0. This is the industry standard for SSO, provides the most flexibility and is the simplest to implement.

3. Can I still use social logins like Facebook and Google?

Absolutely. In these cases you can think about Passport as a user database rather than a login provider. After you hook up Facebook and Google via their OAuth login systems you can store the user data and roles in Passport. Passport also adds a variety of other great features like reporting, discipline, rewards and much more.

4. Can I change the appearance of Passport’s OAuth login page?

Absolutely. We provide a template to start from. All you need to do is update it to match your brand.

5. We use another SSO system that hooks up to all of our existing user backends, why should we switch to Passport?

By collapsing multiple backends into a single user database like Passport, user management, tracking and reporting becomes simple. For example, you can quickly lock a user’s account across your entire enterprise with just a few clicks. Furthermore, you’ll be able to see everything your users are doing in a single location.

6. I don’t have additional user data, why should I use Passport over Google/Facebook Login?

It is important to realize the value of owning all of your user data. When you defer to Google, Facebook or other social login providers and do not own your user database, you are losing the ability to track and report on your users. You also lose the ability to lock user accounts if necessary. Passport provides you complete ownership of your users. This allows you to track, report and manage your users in one simple web interface.

7. Can I use Passport for desktop and server logins?

Technically this is possible, however, we have not yet written any native authentication libraries to hook up Windows, Linux or Unix logins to Passport.

Migration

1. We currently have multiple user databases and login pages, how do we combine them into Passport?

Inversoft provides migration services that can help you combine all of your legacy user databases into Passport.

If you want to do this yourself, you will need to build a single list that contains all of the unique users across all of your legacy databases. You will then import this list into Passport. After this initial import you can slowly transition each application to use Passport. During the transition period, you might need to import into Passport any new accounts that were created in a legacy database.

2. If I import my users into Passport will they have to reset their passwords?

No. Passport has the ability to use custom password encryption schemes. Passport provides a plugin interface to allow you to write your own PasswordEncryptor and deploy it to your Passport installation. When you import your users, you specify the PasswordEncryptor to use for each user and Passport will use that encryption scheme to authenticate users as well as encrypt passwords during registration and profile updates. The password encryption scheme can be customized for each individual user. Inversoft can also help you write custom password encryptors if you need assistance.

Security

1. We need better security, how secure is Passport?

Believe it or not, there are still services storing your password in plain text. Worse yet, some systems will send users  an email with the plain text password in the email for everyone to read.

Passport uses a strong encryption algorithm to store user passwords. Storing passwords in this manner means that even if the user database is compromised, it will still be nearly impossible to reverse engineer a user password from the stored hash.

Passport also allows users to enable two-factor authentication. Two-factor authentication enhances user login security by requiring something the user knows (password) with something the user possesses. Using two-factor authentication allows a user account to remain secure even if their password has been compromised.

Finally, when you install Passport you can secure your servers according to your information security protocols. All of these components combine to make Passport an extremely secure solution.

See our installation guides for some suggestions on securing access to your users database (http://docs.inversoft.com/display/P10/Installation+Guide)