Impacted Use Cases if the Customer's Master Key is Removed

Overview

If the customer's Master Key in the HSM is removed and the AppViewX MEK is purged from AppViewX's in-memory cache, logging into AppViewX using LDAP/SSO and local accounts with multi-factor authentication (MFA) will be disabled.
Note: Multi-factor authentication (MFA) is planned for a future release.

For users currently logged/users logged in using a local account without MFA, the functions listed in the following sections will become unavailable. Additionally, personally identifiable information such as the user's first and last name, email address, and phone number will be displayed as ciphertext in the product's user interface.

User Management

  • Login as local user when MFA is enabled
  • Change Password for local account
  • Create service account
  • Authorize service account
  • Change Client ID/ Secret for service account
  • Configure LDAP
  • Login with AD
  • Configure TACACS
  • Login with TACACS
  • Configure RADIUS
  • Login with RADIUS
  • Configure SAML
  • Login with SAML
  • Configure OIDC
  • Login with OIDC

Vault

  • Add credential in AppViewX vault
  • Add credential with Other vaults
  • Integrate vaults
  • Add device using credential in vault
  • Perform other operations in device with credential in vault
  • Perform operations in cloud account using credential in vault
  • Perform operations in CA using credential in vault

HSM

  • Add HSM
  • Delete HSM
  • Configure Private KEY in HSM
  • Configure All encryption in HSM
  • Change default HSM
  • Enable CSR in HSM
  • Rotate HSM key

Log Forwarding

  • Configure log forwarding with Splunk HEC
  • Forward logs using Splunk

Alerts

  • Configure alerts
  • Send alerts

License

  • Apply License

Mail Server

  • Configure mail server using SMTP
  • Configure mail server using oAuth
  • Send email using SMTP credentials
  • Send email using oAuth credentials

Certificate Management

  • Upload CA certificate
  • Generate custom CA certificate
  • Add MDM devices to inventory
  • Update MDM device(s)
  • Import MDM Devices
  • Save intermediate and root cert in DB if new certificate
  • Create client certificate
  • Upload client authentication json into CA settings
  • Symantec CA: Challenge password functionality
  • API to persist credentials of certificates in the Vault
  • Update CA connector info with challenge password during revoke
  • Auto enrollment: Create/Update agent settings
  • Encrypt the intune client secret: update agent setting
  • Auto enrollment create certificate: Perform Client Authentication
  • Save external vault details in inventory
  • Save HSM settings
  • Update CA settings: secret access key in VendorSpecific Settings
  • Retrieve CA specific values from certificate authority
  • Authenticate vendor for server
  • Update GCP cloud connector
  • Cloud vendor details in view device
  • Get vendor details for AWS, Azure, GCP
  • Misc: Fetch credentials from credential store
  • Encrypt device password or get access details from the credential store for device
  • API to encrypt plain text using HSM Utimaco
  • HSM Thales encryption service
  • HSM SafeNet encryption service
  • Upload certificate via holistic view
  • Upload client authentication certificate
  • Upload server certificate
  • Discovery via upload
  • Bulk upload
  • Application connector: Profile and user preference properties
  • Discovery: Password protected certificate parsing

AppViewX Cloud Connector

  • Add a cloud connector