Skip to content

Identity Provider Setup and Secure Transfer

Identity Provider Setup

Once you have configured your identity provider (Microsoft Entra ID or Google Cloud) and created the required security groups, request an identity provider setup link from support@laavat.io.

The identity provider setup is a guided wizard that securely collects your identity provider credentials and group configuration.

How it works

  1. Request a setup link: Contact support@laavat.io to request your identity provider setup invitation link.
  2. Select your identity provider: Open the link and choose Microsoft Entra ID or Google Workspace.
  3. Enter credentials: Provide the required credentials for your identity provider. The service validates them in real time.
  4. Configure security groups: Enter the writer and approver group identifiers. The service verifies that the groups are accessible.
  5. Review and submit: Confirm your configuration. The platform services pick up the new tenant configuration automatically within 15 minutes.

Note

Each setup link is single-use and expires after a limited time. Contact support@laavat.io if your link has expired.

Secure Credentials Transfer (MTLS Truststore)

This section explains how you can securely upload your MTLS truststore using a SharePoint Request File link provided by LAAVAT.

Preparing MTLS truststore for transfer

Create a .pem file with one or more complete chains of trust, each starting from the issuing CA certificate to the root CA certificate. The maximum length for any single certificate chain is four certificates.

The following algorithms are supported in the truststore:

  • SHA-256 or stronger
  • RSA-2048 or stronger
  • ECDSA-256 or ECDSA-384

Request a secure upload link from support@laavat.io.

Follow these steps to upload your files:

  1. Receive the Link: You will be sent a unique upload link via an email.
  2. Access the Link: Click the link to open a SharePoint upload page in your web browser. No Microsoft account or login is required.
  3. Upload Files: Drag and drop your files or click to select them from your device. Once uploaded, the files are securely transferred to our designated SharePoint folder.
  4. Confirmation: After uploading, you will see a confirmation message. You cannot view, edit, or delete the uploaded files, ensuring your interaction is limited to uploading only.

How Your Data Is Protected

The SharePoint Request File feature is designed with security measures to safeguard your files during transfer:

  • Upload-Only Access: The link allows you to upload files but prevents you from viewing, editing, downloading, or deleting any content in the folder. You cannot see other files or identify other contributors, protecting your privacy.
  • Temporary Link: The upload link is valid for 7 days. Once it expires, no further uploads are possible, reducing the risk of unauthorized access.
  • Secure Storage: Your files are stored in a protected SharePoint folder with strict access controls. On our side, only a small group of authorized personnel can access your data, and any interaction requires two individuals to ensure oversight and accountability.
  • Encrypted Transfer: Files are transferred over a secure, encrypted connection, protecting them from interception during upload.
  • Activity Monitoring: All upload activities are logged and audited to ensure compliance and detect any irregularities.

Best Practices

  • Verify the source of the upload link to ensure it comes from LAAVAT.
  • Upload files promptly, as the link has a limited validity period.
  • Avoid sharing the link with others, as it is intended for your use only.
  • Contact support@laavat.io immediately if you encounter any issues or suspect the link's security has been compromised.