Xerox
®
Security Guide for Connect for DocuSign Application 2
Xerox
®
Workplace Suite/Cloud and Single Sign-On Services
The Xerox
®
ConnectKey App Single Sign-On feature integrates with the Xerox
®
Workplace
Suite/Cloud authentication solution to store user access information for SSO-compatible Xerox
Gallery Apps. After the user enters their storage service credentials the first time, the XWS/C
solution acts a storage vault where the login information is securely stored.
All content to be stored in the vault is encrypted with AES 256 by the SSO Manager server before
being given to the SSO vault that resides on the XWS/C solution. This ensures that the SSO vault
can never view or use the contents being stored in the vault. Only the SSO Manager infrastructure
knows how to decrypt the content stored in the vault and only the App knows how to use it.
The SSO Manager service manages the encryption key exchange required for secure
communications and encrypts/decrypts the content saved in the vault.
For a full description, please review the Xerox
®
Workplace Suite/Cloud Information Assurance
Disclosure: https://security.business.xerox.com/en-us/products/xerox-workplace-suite/
User Data in transit
Secure Network Communications
The web pages and app services that constitute the Xerox
®
solution are deployed to Microsoft
Azure App Services. All web pages are accessed via HTTPS from a web browser. All
communications are over HTTPS. Data is transmitted securely and is protected by TLS security for
both upload and download. The default TLS version used is 1.2.
The Xerox
®
app requires the user to provide proper/valid credentials in order to gain access to the
application’s features. Authenticated users are allowed to access the features and data using
HTTPS.
At launch, the apps must get an authentication/session token through the solution’s authentication
process. The access token acquired is used for that session of the app.
When using the ConnectKey App installed on a Xerox device, if the customer environment includes
an Authentication solution (e.g., Xerox
®
Workplace Suite/Cloud) with Single Sign-On functionality
enabled, the user can agree to have their user credentials securely stored and automatically
applied during subsequent app launches.
All communication is done via HTTPS and the data is transmitted securely and is protected by TLS
security. The default TLS version used is 1.2. Xerox App Gallery supplies a link to a Certificate
Authority root certificate for validation with the cloud web service. It is the responsibility of the
customer to install the certificate on their devices and to enable server certificate validation on
the devices.
For more information related to Azure network security, please follow the link:
https://docs.microsoft.com/en-us/azure/security/azure-network-security
Xerox
®
Workplace Suite/Cloud and Single Sign-On Services
The Xerox
®
Workplace Suite/Cloud server accepts credential storage requests from the App via the
SSO Manager service (the ConnectKey App retrieves a vault key from the SSO Manager and uses
it to retrieve login credentials from the XWS/C service). All communication is via HTTPS and the
data is transmitted securely and is protected by TLS security. The default TLS version used is 1.2.