DubLabs’ turnkey managed solution consists of the app you create and publish, native integrations to your school’s systems and app management portal. Learn more about the native integration technology, Single Sign On approach and security features that make DubLabs’ platform stand apart.
The DubLabs integration server resides in DubLabs’ Virtual Private Cloud in Amazon. The DubLabs team configures and sets up the cloud-based environment for your school’s integration server. Mobile client access to your enterprise systems (AD/LDAP, SIS, LMS) is done through the integration server, meaning you don’t have to open these systems to the public internet.
The DubLabs server receives web service requests for services such as Login, Course Info, Directory, Notifications. Enrollment, Financial Aid and more from your school’s DubLabs mobile app. In turn, our integration server communicates with the school’s personnel directory (LDAP/AD) for authentication, SIS and LMS. Upon accessing the information, the integration server returns data specific to the request to the mobile app. The exchange of private information, including user IDs and passwords between the Mobile Client and the DubLabs Integration Server, uses standard SSL methods.
Integration server access summary
Whitelist DubLabs’ IP address
Access is only open to DubLabs’ Virtual Private Cloud in Amazon and not the public internet.
Mobile apps only access DubLabs’ integration server. DubLabs’ integration server accesses school’s environment. School environment is only open to DubLabs and not all mobile apps.
User Authentication and Single Sign On
DubLabs uses several methods to authenticate app users to the app.
SSO (CAS, SAML, ADFS and Shibboleth)
DubLabs supports two-factor authentication if it is required, and it is tied into your single sign-on system. The user experience is similar to regular SSO login except with an additional ‘send token’ screen after entering credentials.
When a user needs to access private features in the application (e.g., Courses), s/he must log in using their school-supplied credentials.
The Mobile Client login uses HTTP basic authentication over SSL (HTTPS).
The DubLabs Integration Server validates the client’s credentials and returns HTTP 200 on success or 401 otherwise.
With a successful login, the user’s basic profile is returned as part of the response.
In summary, the DubLabs Integration Server takes the credentials contained in the request from the Mobile Client and compares them against either the LMS, LDAP or SIS, depending on the active configuration.
DubLabs does not store any user data. The Mobile Client relies on a secure HTTPS communication channel to the DubLabs Integration Server for authentication. A hashed User Id and Password are sent in the HTTP header for every private request to the server allowing the server to securely determine the requester and filter responses.
DubLabs Security FAQ*
Where will the system, application, or service be housed? Integration server is hosted on our Virtual Private Cloud in Amazon
What authentication is required for the system, application Service? LDAP/AD, SIS, Single Sign-On (CAS, SAML, ADFS, Shibboleth) are all available.
Do you store any school or student data? No
What system or application security controls are in place to ensure the system and data are protected? All data is sent over https. We also have a Virtual Private Cloud and user credentials are stored on the device and only accessible to the app
How are confidential data encrypted in transit/rest? HTTPS
What is the security plan for the application, service, infrastructure and data? All data is sent over HTTPS. We also have a Virtual Private Cloud on Amazon and user credentials are stored on the device and only accessible to the app
What is the business continuity or disaster recovery plan? The plan ensures customer access to the service/information in the event of a loss or disruption of services. We have a mirrored environment on the east and west coast and systems on hot standby