Security Aspects for Administration
The administration of the Kofax Search and Matching Server is restricted to Windows users that are members of the "KSMS Administrators" user group configured during installation. This user group can either be a domain or a local user group. A local user group is created during installation if it does not yet exist. Optionally, for a local group installation the installer can add the current user to the local user group. A domain user group must always be created by the domain administrator. For both cases the system or domain administrator is responsible for adding and removing users to the "KSMS Administrators" user group to grant or deny access to the Kofax Search and Matching Server configuration.
The communication between the Administration application and the Kofax Search and Matching Server is always encrypted. The Kofax Search and Matching Server uses Windows Communication Foundation (WCF) in order to encrypt the communication, which is based on the Transmission Control Protocol (TCP). The encryption is provided by using the Transport Layer Security (TLS) over TCP. The TLS implementation is provided by the operating system.
The Administration application can connect to the Kofax Search and Matching Server using single sign-on if the current user is a member of the "KSMS Administrators" user group. In this case the user does not need to type the password, instead the Administration application sends the current user token directly to the Kofax Search and Matching Server. If the current user is not a member of the "KSMS Administrators" user group it is also possible to type in a different user name and password. In this case the user name and password are sent to the Kofax Search and Matching Server using the encryption described above.