The application consists of the following components:
Azure SQL Databases: we maintain two SQL databases, an Application Database and a Customer Database. The Application Database is for maintaining data that is consistent for all users, the Customer Database is used to store specific customer content. See below in this document for a description on which data this concerns;
Azure Web App: we use an Azure Web App to deploy our website https://login.2-control.nl. This website is secured with our company certificate and communication (and mutations) to the Azure SQL Databases is only established through this web application;
Azure Relay Service: inside the Azure Web App we have created a web service endpoint which can communicate with the Service Bus. This web service cannot be reached from the outside internet. The communication protocol is WCF Relay (see https://docs.microsoft.com/en-us/azure/service-bus-relay/relay-what-is-it);
Azure Service Bus: we use an Azure Service Bus as communication bus. This service bus receives and distributes all messages from our web app and from the customer;
Authorization Box Connector: this is the other end of the WCF Relay implementation. The Authorization Box Connector is a Windows Service which communicates with the Azure Service Bus in a one way construction: the service only pulls messages from the service bus. The service bus does not know where the WCF Relay is located and cannot push any data. The communication for a specific customer is secured by a unique customer security id;
Dynamics NAV / Dynamics 365 Business Central web service: in the Dynamics environment there is a web service which can be called by the Authorization Box Connector. This web service is used to retrieve data related to permissions and to perform mutations in the authorization setup;
Dynamics NAV / Dynamics 365 Business Central database: the web service can retrieve and modify authorization related data in the Dynamics NAV / Dynamics 365 Business Central database;
End users: end users can access the web application through https://login.2-control.nl and only use the functionality the application provides;
2-Controlware support users: every 2-Controlware employee can access the web application through https://login.2-control.nl and access the environment for support reasons. We only connect to your environment after your consent;
2-Controlware administrators: 2-Controlware administrators can access the Azure management environment and maintain the technical aspects of the Azure deployment. Only the managing directors of 2-Controlware can access this environment. Access to the Azure environment is based on the Microsoft Entra Application security settings which is default two-factor authentication.
All communication between the Authorization Box Azure environment and the customer site is securely established through the earlier described WCF Relay mechanism. Communication between the web application and end users is always via https secure communication.
We maintain two databases :
On September 4, 2023, 2-Controlware received the SOC 2 type 1 Assurance Statement about our security and availability.
This means we had our services with the Authorization Box and Compliance Essentials apps audited by an independent auditor.
Should you want to view the report, you can send a request to info@2-control.nl.