Connect your Identity Provider (IdP) using the widely used open standard SAML to enable SSO. SSO enables you to take full control of password and two-factor rules through your IdP.
When SSO is not in use, Listrak credentials are created and secured with the following protections:
Firewall clusters provide perimeter defense for the multiple 10 Gigabit feeds to our data center. Additionally, all web requests are scanned for malicious intent, such as SQL injection, bot activity and various other attacks, and blocked when detected.
Listrak APIs use an IP access list which you can manage through the admin portal. By default, all IPs attempting to access APIs are blocked until they are granted access in the system.
You can limit a user’s access to the platform using the built-in roles; select one or more roles per user to customize the access.
Listrak employees and systems are provided the least set of privileges required to complete the job. Additionally, employees use 2FA to authenticate to the platform and other business services.
The admin portal and API communications occur only over HTTPS using TLS1.2. All data, personal information or otherwise, is encrypted at rest using AES256 encryption.
All physical locations, including headquarters, data centers and cloud providers, use badge access, video surveillance, and third-party audits and protections.
Each location utilizes redundant power, air conditioning, and internet feeds. Equipment is also protected by fire suppression systems.
Platform logs are monitored for stability, performance, and security in real time to warn of attacks, failures, and pending problems. Together, this monitoring allows us to intercept pending outage scenarios before they occur. Audit logs keep track of user activity to help support company policy and promote accountability. Monthly vulnerability scans across all networks provide assurance of our security posture.
Each year, our security posture and privacy protections are audited and tested by three (3) separate third-parties.
Whether you are a Listrak client, a consumer, a vendor of Listrak, or a security enthusiast, you are an important part of this process. Accordingly, we encourage responsible reporting of any confirmed or potential vulnerabilities found within our platform or services. Please review our Vulnerability Disclosure Policy for more information.