Cardo AI’s IDP System

Cardo AI's IDP System

Cardo AI’s IDP System

At Cardo AI we recently built and implemented our own IDP (Identity Provider) system. Read more to find out what it is, how it benefits our platform and the work behind it!

What is the IDP

The IDP refers to ‘Identity Provider’. It is a service that handles user Authentication & Authorization for applications – it creates and manages identity information, access privileges while guaranteeing a high level of security. 

Cardo AI’s IDP

In order to explain how our IDP system works, we need to take a step back and talk a bit about our infrastructure, which consists of multiple macro and micro services which are deployed in a Kubernetes Cluster. 

This means that we have several applications/services running at the same time that can be, however, accessed by different users and that may require different levels of permissions. 

How we faced the authentication and authorization problem before implementing IDP

Initially, every service in our cluster handled the authentication & authorization separately. 

This type of setup however had several disadvantages:

  • Each service had extra code that handled authentication & authorization
  • Each service had its own user base
  • The same user had to use different credentials when accessing different services

In addition, some of the services inside our cluster needed an authorization mechanism that was a bit more complex than the solutions offered by third parties. 

The standard, out-of-the-box solutions were not able to meet our needs, as the permissions were assigned based on the group the users belonged to. 

This means that if a user is assigned to two permission groups, their permissions are joined (an additive mechanism). Therefore, the user can perform an operation if any of the groups he is assigned in has permission to do so.

At CARDO AI, we needed a mechanism that could work with “exclusive groups”. We wanted a given user to have specific permissions in one role, but not in another. 

This type of setup would work as follows: 

  • A user can operate in different roles inside the system while having different permissions for each role.
  • If there are two roles, Role A and Role B, and a specific user has the right to perform operation X when acting as Role A, he should not be able to perform that same operation when acting as Role B
  • Previously, to handle this type of scenario, we had to create two accounts for the same user: one with the permissions of Role A and another with the permissions of role B.

We searched the web a lot, and we did not manage to find an existing solution that could solve this issue. So we decided to build it ourselves. 

A Cardo AI’s solution for a common problem

We needed to build an IDP system that could work in a centralized fashion, allowing us to have a single User Base, and allowing the applications/services inside the cluster to focus only on providing features and functionalities. 

With Cardo AI’s IDP, a user, using the same account, with the same credentials, can: 

  • Access different services in the cluster
  • Operate in different roles inside a service

How the IDP works now

There is a central Ingress that is accessed before any request is forwarded to the respective service. This Ingress performs a request to our IDP service, to make sure that the provided JWT token is valid. Once this is verified, the username of the user is included as a request header. 

On the other hand, we have used OPA (Open Policy Agent) for authorization purposes, to implement permissions and security groups for different services. The user information and rights are declared in the IDP application, which automatically updates OPA.

When one of the services receives a request, it contacts OPA to make sure that the user (who is now authenticated) has the permission to perform the operation that he is requesting. The logic behind this interaction is generalized and written in a library that all the applications use.

In this manner, each service contains almost no code related to authorization & authentication purposes. 

Benefits of the IDP

We think that we have provided a new solution for the problem of Authentication & Authorization in a cluster.

Some of the main benefits that the solution offers are:

Single Sign-on

This feature improves the end users’ experience, as it allows them to access multiple applications in the cluster with the same set of credentials. This means they don’t have to remember several passwords to access our services (‘password fatigue’) and reduces the chance that they will have account-related issues.

The Single Sign-On also drastically increases the security of our platform and mitigates the risk of attacks, as it allows much more visibility and control over the environment compared to standard solutions. 

Granular permissions structures

Roles, Functionalities, Permission. For every endpoint accessible in the cluster, there is a permission controlling the access to it. 

Temporary user access

This feature allows the creation of temporary tokens, which offer the possibility to give someone access to the cluster, without a set of username and password, for a limited amount of time. This can become very useful in cases where temporary access is needed.

Nowadays, when microservice architectures and the use of clusters, such as Kubernetes, are becoming more and more popular, we believe that many software companies have similar needs to us, with regards to the process Authorization & Authentication. 

More efficiency and security with Cardo AI’s IDP

Cardo AI’s is a full-fledged solution that has a lot of potential advantages for organizations. 

On one hand, it can solve problems related to security risks while enhancing overall efficiency. On the other hand, it allows saving time that developers can spend on focusing on the development of features for their products. 

Do you want to know more about how our platform works? Contact us for a Demo today!

About the author

Klajdi Caushi Author

Klajdi Çaushi

Klajdi is the Tech Lead of our Equalizer Platform at CARDO AI. Prior to joining Cardo, Klajdi has worked as a Software Engineer at Excel Labs, contributing to building an ERP system for one of the biggest TV Broadcasters in Albania. He holds a Master’s Degree in Computer Science from the University of New York Tirana, and participated in the ICT Awards Albania for Diploma of the Year 2019.

Continue reading

Cardo AI launches the Hyper Data Room

Cardo AI Hyper Data Room

At Cardo AI we have a brand new product: the hyper data room. Keep reading to find out more about our new groundbreaking data room system and how it can help asset managers and institutional investors manage their private debt investments. 

Organizations operating in the private debt market need to be able to analyze investment opportunities and deals, estimate their potential value, and prioritize the best options. In addition, asset managers and investors have to provide data, information, and attention to various stakeholders, which means they need a way to securely store and share critical information. 

Cardo AI hyper data room enables our clients to do just that. 

What is Cardo AI’s Hyper Data Room?

Virtual data rooms are online repositories of information that allow multiple agents to view, analyze and collaborate on critical data and documents. As our platform holds important information regarding transactions, loans, and securitization activities, the VDR system will make it very easy for our users to access sensitive documents, contracts, and any other type of data they are ready to share with a third party, in a very secure, cost-effective and efficient manner.

But Cardo AI’s Data room doesn’t stop there. You will also gain a deep understanding of the risks associated with your investments, identify and focus your efforts on the most promising opportunities, and track your estimated performance with the help of powerful summary statistics our system dashboard provides.

Furthermore, as VDRs use encrypted web connections, the storage of all sensitive data and distribution of documents is completely secure. You will never have to worry about the safety of your data again!

Benefits of a hyper data room with Cardo AI

There are several benefits of implementing a data room solution. Let’s look at some of the main advantages of a VDR system and how specifically Cardo AI’s hyper data room can bring value to your organization!

Advanced analytics

In order to support the assessment and analysis processes, the data room offers advanced analytic tools and detailed views on your operations, which allows you to gain even more insights into your business and increase the accuracy of your decisions. 

A high granularity means that you can dive into your data at an individual deal or transaction level.

For example, from your portfolio view, you can have a 1 click drill-down to single loan data, or 2 clicks drill-down to cash flows view. 

Cardo AI’s hyper data room will enable you to quickly answer questions such as:

  • What is the estimated value of this investment opportunity?
  • What are the potential upside/downside scenarios for these investments?
  • What has been the past performance for my target sectors? 
  • And much more!

Accessibility and reliability

With our hyper data room, investors have a centralized point of access for their existing and potential transactions, which reduces errors and time spent crunching data. It becomes very easy to navigate information and streamline workflows, as data rooms ensure the quality, accessibility, and reliability of data in all stages of the transaction. 

Furthermore, agents are able to keep data always updated thanks to an automatized sync process, that provides powerful, real-time insights. 

Fully Digital and Fast Due Diligence

The due diligence process can be complex and challenging, as a lot of sensitive data is handled through it. This usually results in slow operations and a lot of time spent managing documents. 

With Cardo AI’s hyper data room, you can facilitate the due diligence process or audit process by digitalizing and speeding up significantly all operations. 

What you can do with our Hyper Data Room

Here are some of the main actions that the data room enables you to do very quickly:

  • Easy retrieval of data: with our user-friendly and intuitive dashboard, you need just a few clicks to get the insights and documents you need. 
  • Advanced Filtering: Do you want to analyze a certain pool of assets from selected industries? Or filter up data based on deal size? With data rooms, users can quickly select and filter specific pools of assets, according to their needs. 
  • Data stratification and aggregation: according to different dimensions such as geography, sector ecc.
  • Quick calculation of summary statistics

Complete transparency

Transparency is essential as market agents have to analyze great volumes of data and often need to create, organize and exchange a variety of sensitive documents. 

With data rooms, you can easily keep data always up-to-date to grant full transparency and comply with regulatory requirements from external parties. 

How do we ensure complete transparency?

A dedicated help module inside the data room allows the user to know exactly how the algorithms work and what is the logic behind the displayed data. 

Secure access to the information you need, anytime and anywhere

Gain secure access at any time and from any location worldwide with a web browser.

Enable different authorizations and security levels

Multi-layered permissions can ensure that external parties only access the information they need. Options for restricting what users can do with files can also be defined, while new members and external parties can be quickly added to the data room with one click. Granting temporary or permanent access to selected users becomes easier than ever, allowing you to always detain maximum control over sensitive and confidential information. 

Are you ready to revolutionize the way you manage your private debt investments? Discover more about our hyper data room system and request your demo today!

About the author

Alessandro Catalano

Alessandro is a Senior ABS analyst at Cardo AI and currently focuses on our Equalizer platform.

Continue reading

Subscribe to our Newsletter

The ability to operate with technology and true intelligence at speed can be the deciding factor in success or failure in private market investments.

Start lowering your costs, scale faster and use more data in your decisions. Today!

Our Offices
  • Milan:
    Via Monte di Pietà 1A, Milan, Italy
  • London:
    40 New Bond St, London W1S 2DE, UK
  • Tirana:
    Office 1: Rruga Adem Jashari 1, Tirana, AL
    Office 2: Blvd Zogu I, Tirana, AL

Copyright Cardo AI 2021. All rights reserved. P.IVA: 10357440964