×
[searchandfilter taxonomies="search"]
Home / Blog / University of Minnesota made PeopleSoft truly accessible. Here’s how.

University of Minnesota made PeopleSoft truly accessible. Here’s how.

By Chris Heller • August 6, 2017

Leveraging GreyHeller’s PeopleUX technology platform, our customer – University of Minnesota – made its Student Self-Service, Faculty, Job Applicant components accessible and Section 508/WCAG 2.0 compliant.

The University set the PeopleSoft Accessibility bar at providing parity of access for its visually impaired students. It therefore needed to satisfy these critical requirements:
• All functionality had to be available if the keyboard was the only means of interaction
• All functionality had to be easy to use – versus merely render-able – on accessibility devices
• Functionality could not be disabled because rendering on accessibility devices was problematic.

Semantic HTML
The structure of the PeopleSoft HTML was transformed into proper semantic structure for use with accessibility devices.

Navigation and Taxonomy
To assist with end-user navigation through the dozens of elements on a PeopleSoft page and between the hundreds of pages a user may have access to, attributes were set and HTML was transformed using PeopleMobile®.
End-User Interaction
As an end-user reads and updates information in PeopleSoft, form and AJAX processing cause screen readers to lose track of where an end-user is in the page, causing significant productivity and usability issues. PeopleMobile® addressed this in the following ways.

• Highlighting focused content– content currently being updated

• Remembering scroll position after returning from prompts, AJAX updates, or
other processing

• Remembering the end-user’s focus on page load

Project Approach
The University prioritized the self-service functions into a list of 71 Use Cases and divided them up into 5 phases. Only users registered as Accessibility users have access to the PeopleMobile® product, so the focus of the implementation was to provide a screen reader user experience. The University deployed 10 Use Cases at a time – introducing functionality in phases rather than waiting until all Use Cases had been approved. Each month UMN went live with a new group of Use Cases, and each go live was accompanied by communications to the user group.

White Paper
To get a copy of our University of Minnesota White Paper, email us at info@devappsian.wpengine.com

Related Articles.

AHG 2017 Conference: University of Colorado’s session about making PeopleSoft accessible
The 2017 Accessing Higher Ground conference focuses on the implementation and benefits of: Accessible media, Universal Design and Assistive Technology…...
August 6, 2017
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Why the 2017 Anthem Healthcare breach matters to PeopleSoft customers

Why the 2017 Anthem Healthcare breach matters to PeopleSoft customers

By Chris Heller • August 6, 2017

A GreyHeller customer – one of the largest financial services firms in the US – licensed and implemented our ERP Firewall layered security platform specifically to put in place detailed logging and analysis to prevent the same type of breach suffered by Anthem Healthcare in 2015. Anthem settled that breach for $115 million.

On July 31, 2017 it was reported that Anthem suffered another breach. This breach involved a malicious insider – one of the hardest situations to track down.

If you as a PeopleSoft customer are concerned about your PeopleSoft sensitive data being exfiltrated, our ERP Firewall software solution can help.

By layering:
• Multi-Factor Authentication to prevent a phished employee’s credentials being used to use Query to download sensitive data
With:
• Data Masking to redact sensitive data

You can prevent cyber criminals from stealing your PeopleSoft sensitive data.

How does it work and how easy is ERP Firewall to implement?

ERP Firewall plugs into your PeopleSoft webserver and is delivered with a pre-configured set of the most commonly used rules (based on implementing ERP Firewall for nearly 100 customers). Our highly automated install process takes a couple of hours after which you will be invoking MFA, masking data and logging transactions at a highly granular level. Many of our customers actually go-live within 30-days of installation.

Related Articles.

8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
Data privacy is often associated with how companies are allowed to collect and handle customer data. Lost in the data…...
April 6, 2022
Learn More
Transform Your PeopleSoft Application Logs
Transform Your PeopleSoft Application from a Mysterious Black Box to an Actionable White Box
Every day, countless people have access to your PeopleSoft application, where they perform a variety of transactions and access critical…...
April 5, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / SAML and PeopleSoft Security – Why you should care

SAML and PeopleSoft Security – Why you should care

By Greg Wendt • June 7, 2017

SAML. ADFS. Shibboleth. Your network team may be bringing up these terms as they relate to your organization’s security initiatives and all you may know is that PeopleSoft doesn’t support them natively. Even if your organization isn’t bringing up these terms, you should start thinking about them, because they enable your organization to do 3 important things:

  • Securely control access to all your corporate systems
  • Widely adopt fluid and mobile solutions
  • Adopt cloud technologies

SAML / ADFS / Shibboleth Primer

Before getting to the meat of the matter, let’s provide a quick overview on what we’re talking about. SAML is a protocol for safely sharing a token of a person’s identity between systems. This protocol has a number of safeguards against hacking and spoofing and is used as the communication mechanism for identity providers to share that information.

ADFS and Shibboleth are identity management solutions that leverage SAML in this manner (and instances of ADFS and Shibboleth that store user information are called Identity Providers – or IDPs). ADFS (and/or Azure Active Directory) is Microsoft’s implementation of this, whereas Shibboleth is an open source Identity Management solution.

Controlling access to all your corporate systems

The first benefit of utilizing this technology is to provide a single control point for authentication in your organization. Gone will be the days where your end-users will have 17 different passwords that expire at different times and have different password controls (which causes significant help desk calls, causes your employees to write down passwords because they can’t remember them, and makes it difficult to provision and terminate accounts appropriately).

Two years ago, I wrote a blog post that goes into more detail on these topics https://www.appsian.com/blog/idm-for-peoplesoft-security/

Adopting Fluid and Mobility widely

Another challenge facing PeopleSoft customers is deploying Fluid and Mobility, and facilitating the authentication process. Because deploying PeopleSoft in this manner often requires providing access to PeopleSoft outside the organization’s network, on-premise Identity Providers are generally not available, which means that authenticating a user to PeopleSoft becomes a big challenge.

Single Signon via SAML allows organizations to properly authenticate regardless of the location or device from which they’re accessing PeopleSoft content.

Adopting cloud technologies

Finally, as organizations begin to adopt cloud technologies, they are being driven to SAML to provide a safe means of authenticating to systems that they don’t directly control or have running inside their network. Implementing a single singon solution utilizing SAML allows all of these disparate systems to play together nicely giving your end-users a safe and cohesive solution that give you flexibility in your cloud deployment.

GreyHeller’s SAML Single Signon for PeopleSoft

To address these needs, GreyHeller has extended its security suite to provide native SAML support to PeopleSoft. Single Signon customers need only install our plug-in, register the identity provider(s), and the solution will automatically accept SAML tokens – from ADFS or Shibboleth – to get end-users seamlessly into PeopleSoft.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Heartbleed, Ticketbleed… When Network Infrastructure Security Lets us Down

Heartbleed, Ticketbleed… When Network Infrastructure Security Lets us Down

By Chris Heller • February 15, 2017

When securing enterprise systems every PeopleSoft customer knows they need strong passwords and secure networks. A good firewall is a critical first line of defense. But is your firewall as secure as you think? Ticketbleed, the latest network infrastructure vulnerability, was all over the news today. A quick internet search will turn up several valuable responses, but just for context, Ticketbleed, reminiscent of Heartbleed, is a vulnerability in the SSL/TLS layer of a wide variety of F5 firewalls and load balancers. Today’s news reminds us that even the best network and security infrastructure is vulnerable to compromise. Ticketbleed, Heartbleed, and other vulnerabilities make it very clear: network security infrastructure is not enough.

Assuming a bad actor breaches your network security infrastructure, that actor still has to authenticate, right? Maybe. Remember the days of distributed computing where a hacker might use idle capacity of many computers to attempt to brute-force crack a password? Today there is a much easier way: targeted spear phishing. Through deceptive, socially engineered e-mails, today’s attacker can actually coerce unsuspecting professionals into giving up their credentials. JP Morgan Chase, eBay, Target, Ubiquity, Anthem (Blue Cross), and Sony all trace significant, highly publicized breaches to spear phishing attacks. Kaspersky Labs has traced over a billion dollars in international bank losses to highly sophisticated spear phishing attacks.

If you are following this scenario, the bad actor now has access to your enterprise system through a security vulnerability in your network infrastructure and has acquired the credentials of a highly privileged or highly compensated individual. What next? The attacker just “Hit pay dirt.” It is time to log in and start stealing. An educated PeopleSoft attacker is going to hit one (or all) of the following places:

  • Direct deposit: change bank account information to an off-shore account to steal the next payroll,
  • Personal data > Additional information: this page contains enough personally identifiable information (PII) to steal a compromised user’s identity,
  • HR back-office employee personal information pages: harvest PII,
  • Query: one-stop shopping – all PeopleSoft PII in one location.

Step 1: gain access to the system. Step 2: obtain credentials. That should be enough security, shouldn’t it? It is not. Every day we read about another big-name breach. What is the solution? A product that adds multiple layers of security inside your ERP system:

  • Data masking to prevent harvesting information that users don’t necessarily need to see,
  • Click-to-view masking that logs attempts to access privileged information,
  • Location-based menu pruning to ensure external users won’t have access to back-office, high privileged information,
  • Two-factor authentication to confirm the identity of a user attempting to access or change privileged information.

GreyHeller’s ERP Firewall offers all of these benefits and more. Without making a single modification to your PeopleSoft system, you will obtain piece of mind knowing that your data, your money, and more importantly, your people are safe from cyber threats. Today’s network infrastructure and authentication mechanisms may not be strong enough to keep all the bad actors out of your ERP house, but with a product like GreyHeller’s ERP Firewall, you can choose what a bad actor sees upon gaining entry.

Ensure your organization is in the most secure position possible by scheduling your assessment with GreyHeller today.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Make The Most of Campus Solutions 9.2 & Fluid

Make The Most of Campus Solutions 9.2 & Fluid

By Chris Heller • November 14, 2016

July 26, 2016 marked the release of Campus Solutions 9.2 bundle image 2 and the introduction of Fluid self-service transactions. In this demo-intensive session, we will outline the Fluid functionality and deployment options included in this release.

We will cover:

  • Navigation
  • Self-service functions delivered within Fluid
  • Co-existence with Classic and transactions not yet delivered in Fluid
  • Managing and minimizing customizations
  • Use within Native mobile and 3rd party portal frameworks

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Gartner response to Yahoo breach – why it matters to PeopleSoft customers

Gartner response to Yahoo breach – why it matters to PeopleSoft customers

By Chris Heller • September 23, 2016
“All organisations should now assume that they are in a state of continuous compromise,” Rajpreet Kaur, Senior Research Analyst at Gartner. Gartner believes the main challenge organisations are facing these days is the increasing gap between time to compromise vs time to discover. Organisations need to invest more on breach detection and response. The Yahoo breach happened in 2014. The disparity between the speed of compromise and the speed of detection is one of the starkest failures discovered in breach investigations. The average targeted malware compromise was present for 205 days before detection, the longest presence was 2982 days, and 69 per cent were discovered by external parties, not internal IT security functions. Additionally, the 2015 Verizon Data Breach Investigations Report highlighted that, “in 60% of cases, attackers are able to compromise an organization within minutes”. Why should this matter to PeopleSoft customers? If you believe Gartner, Verizon, et. al., then a key security use cases should be around narrowing the gap between compromise and discovery. How can GreyHeller help? Implement GreyHeller’s Logging and Analysis as part of an ERP Firewall implementation. Our customers are integrating our logs with their existing SIEM systems to leverage real-time notification of security events.  Logging data has been used to reduce false positives, uncover suspicious behavior, identify brute force attacks and track malicious insiders. Our customers use this data to quickly research breaches in near real-time versus taking months or days after their PeopleSoft systems being compromised.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / 500 million Yahoo accounts breached – state sponsored actor

500 million Yahoo accounts breached – state sponsored actor

By Chris Heller • September 22, 2016
Today Yahoo Chief Information Security Officer Bob Lord released this – “We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our networks in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers.” Why should this matter to PeopleSoft customers? You might think that this wouldn’t affect your organization directly. But you could be horrifyingly wrong. With a US population of a little over 300 million people, you can almost guarantee that a significant number of your end-users have had one of their commonly-used passwords compromised. The bad guys now have two things that can help them attack your organization (and probably already have since the breach occurred in 2014):
  1. Knowledge of ID and password combinations that are likely in use at your organization (since you can’t prevent people from re-using passwords across systems)
  2. Rich repository of passwords people use (500 million).  This can be fed into cracking algorithms to shortcut brute force attacks against your PeopleSoft systems
There are a number of things you can do to protect yourself. GreyHeller recommends:
  • Immediately require all your users to reset their passwords
  • Log all attempted logins from untrusted locations to detect an attack
  • Implement 2FA so that a compromised password would have limited value to the bad guys
How can GreyHeller help?
  • Engage Greg Wendt, Exec Director Security Solutions, to perform an in-depth Security Readiness Assessment on your PeopleSoft systems. Email us at info@devappsian.wpengine.com
  • Implement our ERP Firewall with Multi-Factor Authentication, Data Masking, Detailed Logging, High Privilege User Access Control and Location-based Access Control. Email us at info@devappsian.wpengine.com

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Getting the Most Out of PeopleSoft: PeopleSoft Fluid User Interface (OpenWorld 2016)

Getting the Most Out of PeopleSoft: PeopleSoft Fluid User Interface (OpenWorld 2016)

By Chris Heller • September 22, 2016

Our customer – Florida State University – and our partner – Oracle – presented at OpenWorld this week. The components of FSU’s solution are:

  • Enterprise Portal: MyFSUPortal
  • Mobile Platform: ModoLabs
  • UI Optimization Layer: PeopleMobile (that’s us!)
  • Security Layer: ERP Firewall (that’s us!)

If you’d like a copy of the OpenWorld deck, email me at info@stgappsian.wpengine.com

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Want to know what our secret weapon looks like?

Want to know what our secret weapon looks like?

By Chris Heller • September 20, 2016

Jim Marion’s PeopleTools Tips & Techniques session at Oracle OpenWorld 2016 was standing room only.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 16
  6. 17
  7. 18
  8. 19
  9. 20
  10. 21
  11. 22
  12. ...
  13. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands