Written by Robin Hermans | May 18, 2022 10:00:00 PM
To enhance security, Maxxton provides a single point of entry using a self-hosted identity and access management system. This ensures that access to your system is secure, user-friendly, fast, and centralised.
- OpenID Connect
- OAuth 2.0
- SAML 2.0
- Social login providers (e.g., Google, Microsoft, etc.)
- Active directories using LDAP
How does the authentication setup work?
To access the software environment, the authentication server issues a JSON Web Token (JWT) through an Identity and Access Management system built on Keycloak.
Key Features
- The JWT token is required for software access and can be used independently of the server (stateless authentication).
- No session management is required, reducing vulnerabilities.
- Access is automatically revoked when the token expires, preventing unauthorised entry.
Flexible Authentication Methods
Maxxton provides multiple authentication options to enhance security and usability:
- Single Sign-On (SSO) – Seamless access across multiple systems with one login.
- Two-Factor Authentication (2FA) – An extra layer of protection to verify identity.
- Authentication Keys – Secure physical or software-based authentication.
- Temporary Access for Staff – Designed for temporary employees, such as cleaners and maintenance staff, using Time-Based One-Time Passwords (TOTP) to grant controlled access to accommodations.
By implementing these authentication solutions, Maxxton offers a robust, flexible, and secure way to manage system access—protecting both business operations and user data.
Single-Sign on
Maxxton’s authentication server can easily connect to third-party user databases, ensuring a secure and efficient login process.- No Credentials Stored in Maxxton – The username and password of an external third party never pass through Maxxton’s system. Instead, users enter their credentials directly on the third party’s login page (e.g., Google, LinkedIn, Facebook, Twitter).
- Token-Based Access – Once authentication is confirmed by the third party, Maxxton’s system is granted access to the user’s details stored in the external database. The authentication server then verifies user requirements and issues a token, granting access to the system.
- Automatic Recognition of Logged-In Accounts – If a user is already logged into their browser with an email address linked to their company account (e.g., @mycompanyaccount.com), Maxxton automatically recognises the session and grants a token, providing direct access to the software.
- New User Creation & Account Management – If a user does not yet exist in the Maxxton database, the system automatically creates a new user and links them to the external provider. If the external provider account is closed, the connection is revoked, preventing further access to Maxxton Software.
By integrating third-party authentication and automating user management, Maxxton ensures a secure, seamless, and efficient access experience for all users.
Two-factor authentication
Two-factor authentication (2FA) is highly recommended to prevent unauthorised access to your software environment. By adding an extra layer of security, 2FA significantly reduces the risk of breaches.
Flexible 2FA Methods
- Verification Codes – Sent via email or text message for added protection.
- Authenticator Apps – Use free OTP/Authenticator apps such as Google Authenticator or Microsoft Authenticator for secure, time-based codes.
Reducing Login Friction
To minimise disruption while maintaining security, the second verification step can be:
- Required only periodically (e.g., once a month or once a quarter).
- Triggered by suspicious activity, ensuring extra protection only when needed.
By implementing flexible and intelligent 2FA settings, Maxxton ensures strong security without unnecessarily burdening users.
Authentication keys
In addition to standard two-factor authentication (2FA), authentication keys provide an even more secure way to access the software environment.
- USB Security Keys – Devices such as FIDO2 and WebAuthn serve as a physical authentication factor, ensuring that only authorised users can access the system.
- Phishing-Resistant Authentication – Unlike traditional 2FA methods (e.g., SMS or app-based codes), authentication keys eliminate the risk of phishing attacks by requiring physical possession of the key.
- Passwordless Authentication – This method supports password-free login, offering both enhanced security and faster access—one of the safest ways to protect your system while keeping the login process efficient.
By incorporating authentication keys, Maxxton provides an ultra-secure yet user-friendly authentication solution, further safeguarding access to critical systems.
Time-Based One-Time Password
Time-Based One-Time Passwords (TOTP) provide a secure and efficient way to grant temporary access to accommodations.
- Manager-Controlled Access – A manager, connected to the central Authenticator Server, can generate time-limited access tokens (e.g., valid for half a day) via an app. These tokens are then sent directly to the temporary employee’s mobile phone.
- Smart Lock Integration – With Smart Lock technology, doors can be opened using a mobile device, eliminating the need for a manager to physically accompany temporary employees.
- Shared Access via Generic Accounts – For added flexibility, non-personal user accounts can be used by multiple temporary employees when individual access is not required.
By implementing TOTP-based access, Maxxton enables a secure, automated, and hassle-free solution for managing temporary accommodation access.
