The Olah EAS software is a web based SaaS application which is hosted within the AWS infrastructure.  The application is accessed using the latest versions of these supported browsers:

Since Olah is a single tenant application and Verisma strives to secure client data at all levels, the application is not accessible to the entire internet.  Client's are required to select one of the following connectivity options to allow their staff to access the application. Verisma encourages our clients to review these options and discuss them with their internal network and security teams in order to fill out and return the required information quickly to eliminate any delays in Olah deployment.

Verisma can configure Olah to be accessible to client staff via the internet.  This connectivity is secured by white-listing only those public IP addresses the client owns and/or controls.  This prevents access from the rest of the world as well as greatly decreasing the time needed to configure the application for access by the client.  

Verisma can build a dedicated IPSEC VPN to connect the client's network to the VPC hosting Olah.  Traffic will only be accepted by those subnets specified in the tunnel and all traffic is encrypted in transit.  Building and testing the VPN tunnel increases the time needed to deploy the Olah application.  Note that use of a VPN tunnel may increase the response time of Olah due to the extra encryption performed on the network traffic.

To begin implementation of the VPN configuration, the client needs to fill out and return the Olah VPN information request form.

Olah validates users and applies security roles by connecting to the client's Identity Provider (IdP) using either OAuth2 or LDAPS protocols.  This allows the client to authorize users and grant permissions based on group membership in their IdP.  Password and MFA requirements are then maintained by the client using their existing security policies.  As stated above, one of these methods must be chosen by the client and the related information returned to Verisma in order to expedite deployment of the application.

Verisma recommends this user authentication method as it allows more control over the information presented back to Olah and allows more fine tuned configuration on the client side.  OAuth2 allows for MFA enforcement by the client (depending on IdP) and offers increased logging capabilities.  OAuth2 is also required in order to utilize the white-listed IP configuration above.  Information required to configure Olah for OAuth2 is on this form.

LDAPS is an older user authentication method and most times requires a dedicated VPN tunnel (see above) to access as the data is usually stored within the client's network.  Most IdPs do not support MFA via LDAPS, so client's will need to verify with their security team if LDAPS can be used to access Olah.  Note that a service or non-staff account is required to be created in order for Olah to authenticate against the LDAPS server.  The information required to configure LDAPS is on this form.