CS

Security and users

Home / Support / Manuals / Administrator Guide /

Security and users

CS

Security

Security and user management are among the core system principles of the NET Genium platform. NET Genium is designed for enterprise applications where it is essential to clearly determine:

  • who is working with the application,
  • what data and functions they can access,
  • what changes they performed,
  • and when those changes occurred.

The platform also reflects current security standards and recommendations, especially methodologies of the OWASP Foundation.

Authentication and access security

NET Genium supports modern authentication approaches with a strong focus on security and enterprise integration.

  • Sign-in using Microsoft accounts (Azure AD / Microsoft Entra ID) is supported.
  • Multi-Factor Authentication (MFA) can be used to significantly increase access security.
  • Authentication can be centralized and managed at the organizational level.

The use of MFA is a recommended standard, especially for applications working with sensitive or internal data.

Users

NET Genium supports several types of users that differ in access method, level of permissions, and responsibility for performed changes. From the platform perspective, there are three basic user types:

  • Standard user – works with application data and functions based on assigned permissions.
  • Administrator – has access to all data and platform tools and creates or modifies applications using the integrated designer.
  • Anonymous user – submits data through web forms embedded (typically via iframe) into web presentations.

Standard users and administrators always work within NET Genium under their own unique user account. Every action is traceable and linked to a specific identity.

Anonymous users do not enter the application as authenticated users. Their usage is limited to specific scenarios, typically data collection through public forms. In these cases, user identity and licensing of authenticated users do not apply.

Licensing model and users

The NET Genium licensing model is based on the maximum number of concurrently logged-in users.

  • Each login of a standard user or administrator consumes one license.
  • A user can log in multiple times under the same account, but still consumes only one license.
  • The total number of licenses can be increased at any time according to organizational needs.
  • Anonymous users do not require a license.

This model enables flexible application usage while maintaining clear control over resource utilization.

Permissions, user groups, and permission groups

User access to applications, data, and functions in NET Genium is controlled using permissions. Each building block of the platform (application, edit form, view page, control, and other objects) allows independent permission configuration. Permissions can be assigned to:

  • user groups,
  • or individual user accounts.

Since a user can belong to multiple user groups, manual assignment may become unclear or error-prone when creating new users. For this reason, NET Genium supports permission groups. A permission group represents a predefined set of user groups corresponding to a typical user role within an application. Within user account settings, a specific permission group can be selected. In such a case, the user's assigned groups are replaced by the set defined in the selected permission group. The list of user groups assigned to a user is always visible and can still be adjusted manually if needed.

The default NET Genium installation includes two basic user groups:

  • Users – standard users
  • Administrators – administrators

Using user groups is the recommended approach for long-term application management.

History and audit trail

One of the key features of NET Genium is the automatic tracking of change history. Every data change in the application:

  • is assigned to a specific user,
  • includes a timestamp,
  • is traceable retrospectively.

The audit trail ensures transparency of data operations, supports internal control mechanisms, and enables retrospective analysis of changes. History is not only for troubleshooting but is a fundamental tool for responsible management of enterprise applications.

Security testing and updates

The security of the NET Genium platform is continuously verified and improved.

  • During the launch of larger projects, penetration testing of the entire framework is performed.
  • Identified issues are resolved through centralized updates, which are distributed to all application instances.
  • Security and functional updates of the framework are released regularly.

This approach ensures that all platform installations continuously meet current security requirements.

Security standards

The platform is designed and developed in accordance with the principles and recommendations of the OWASP Foundation (Open Worldwide Application Security Project). This includes in particular:

  • protection against common attack types (e.g., injection, XSS, CSRF),
  • secure handling of authentication and sessions,
  • input validation and sanitization,
  • emphasis on secure application architecture design.

Adherence to these principles is essential for the secure operation of enterprise applications in NET Genium.

Administrator responsibility

The application administrator is responsible for the correct configuration of security principles within a specific solution. This includes in particular:

  • user account management,
  • design and maintenance of permissions,
  • control of access to sensitive data,
  • regular review of settings,
  • use of security mechanisms such as MFA.

A properly designed security structure protects not only data but also users and the organization as a whole.