IQService Security Considerations

For communication between IdentityNow (VA) and IQService, every incoming request from IdentityNow is authenticated before executing it on the target system. To ensure the authentication works correctly, IQService expects the client (IdentityNow here) to send, with every request, the credentials of a user that is already registered with IQService. Before processing every request the IQService first confirms that the passed user is registered with it and then authenticates the credentials with the Windows system it is running on. Client Authentication is mandatory when the TLS communication is enabled for IQService.

To secure the communication between IQService (Client) and UpdateService (Server), TLS communication can be configured. It is not mandatory to have Client Authentication for this communication channel. To further secure the communication channel, Certificate based Client Authentication can be configured.