Vince Live is a modern, serverless SaaS application providing a secure, scalable, and easy to use platform for running workflows in the cloud.
Vince Live - the Software as a Service that processes workflows.
VXL Live - the Excel Add-in that uses an Excel spreadsheet as input and output data to Vince Live workflows.
As a SaaS solution, Vince Live follows the Shared Responsibility Model (external link). It is important that customers’ understand this model and their respective security responsibilities within Vince Live.
It is essential that customers are aware of their security responsibilities within the Vince Live environment and take the necessary steps to secure their data and user access. By adhering to the shared responsibility model, customers can help to minimize security risks and ensure the overall security and availability of the Vince Live SaaS solution
Vince Live supports strong authentication with MFA, and can be integrated with most third-party Identity Providers (IdP) for Single-Sign-On (SSO) using the OpenID Connect (OIDC) protocol.
API clients using the OAuth 2.0 protocol is supported, allowing for secure machine-to-machine communication and automation.
For authorization Vince Live uses a Role-Based Access Control (RBAC) system, allowing for fine-grained access policies.
All data stored in Vince Live is encrypted at rest using AES-256. Whenever possible customer specific encryption keys are used. All encryption keys are stored securely on FIPS 140-2 compliant Hardware Security Modules (HSM).
In transit data is protected using TLS 1.2+
Vince Live integrates with the ION API gateway (both M3CE and on-premises), with a service account, for access to the M3 rest APIs. This allows for a secure, easy to implement integration between Vince Live and the Customers’ M3 environment.
The service account user has permissions to run as another user, which it does by default in M3 CE.
In Vince Live, every user can be tagged with their M3 User ID. This means that every M3 transaction can be done using that user’s ID and permissions. Subsequently, API permissions configured in M3 will be applied, and workflows will fail if the user does not have the required permissions.
If the Vince Live user is not tagged with a M3 User ID, the ION API Gateway service account will be used as fallback. The service account is also used for non-interactive workflows.