How to comply with SAMA Cyber
Security Framework Compliance?

miniOrange provides Identity and Access Management services quickly for the management of information such as users, organizations, devices, services, etc., and in a very cost-effective manner to its customers.

With miniOrange IAM systems, you do not need to worry about administrative overheads. We provide IAM services, which take care of your security, administrative, access management and help you focus on your core business.

The identity and access management policy, including the responsibilities and accountability's, should be defined, approved, and implemented.

• An Identity and access management solution which is highly flexible to fit into any organization’s policy or workflow as per the customer requirements and existing setup.
• Centralized, simple management and synchronization of identities for users, devices, and things. Can integrate with any system and enhance authentication and authorization capabilities with multiple protocols and connectors for web apps, mobile apps, thick-client applications, etc. Highly flexible and therefore able to fit almost any use case.

Compliance with the identity and access policy should be monitored.

• miniOrange generates real-time reports for high-level usage summary, per user summary, user authentication, active usage report, etc. to monitor the user activities across the applications.
• Logs are saved for monitoring, debugging issues, recovery, etc. miniOrange can integrate with your SIEM tools for real-time monitoring of the organization’s Information security systems.

The effectiveness of the cybersecurity controls within the identity and access management policy should be measured and periodically evaluated.

• All users are given controlled access to the applications with the help of multi-factor authentication during Single Sign-on. miniOrange provides multiple parameters for adaptive authentication such as restriction based on IP, device, location, time for proper evaluation of user before giving access.
• The administrator can receive updates/ alerts for any behavior change of the user.
• You can create multiple groups for different levels of users and have access policies depending on the groups. Any new user can be added to the appropriate groups and he will be provisioned to the allowed application of that specific group.
• Any inappropriate access can be easily revoked at any point in time.

Thus, miniOrange helps businesses comply with the IAM policies and make them secure. Click to learn more.

The identity and access management policy should include:

• business requirements for access control (i.e., need-to-have and need-to-know);
• You can create user/group access policies for your applications based on the role and requirements of each user/group.
• Users can access their respective applications with one click from the miniOrange dashboard without having to log in every time.
• MFA or adaptive MFA can be enabled for required applications. Organizations will have full control of all the access rights of all users and can be changed/modified or revoked at any time. Click to learn more


• User access management (e.g., joiners, movers, leavers):

Users can be added to the system with any of the following methods -

• Manual addition of Users/Vendors.
• Bulk upload of users and groups using the CSV upload method.
• Connect to your existing Identity provider ( eg. Okta, OneLogin, Keycloak, ADFS, etc.)
• Connect to AD/LDAP
• Use your existing database as an identity store (My-SQL, MS-SQL, etc.)
• Provision your users through your HR management system.

The joiners are the newcomers in the organization. They are provisioned to the applications based on the group or role they are assigned and thus will have access to the respective applications.

The movers are those who move from one department to another or change their roles. The user will be provisioned to the respective applications of the group they are assigned to.

The leavers are the ones who leave the organization. miniOrange will disable the accounts and deprovision the users from the applications once it is updated in the HR system so that the leaver will no longer be able to access any of the organization’s resources.

• All identified user types should be covered (i.e., internal staff, third parties)

Multiple groups and policies can be created based on the business requirements and the organization’s workflow. Groups for eg. Interns, System administrators, Developers, etc. can be created for Internal staff, and groups like partners, suppliers, distributors, etc. can be created to cover the third parties.

• Changes of job status or job positions for internal staff (e.g. joiner, mover, and leaver) should be instigated by the human resources department

miniOrange can integrate with any HR management system. Any changes in the job status or position once updated in the HR system, the user will be provisioned or de-provisioned from all the applications based on the job role.

• Changes for the external staff or third parties should be instigated by the appointed accountable party

The personnel appointed for the external staff or third party can communicate with the admin for any changes required in the permissions or access. All changes are logged for monitoring purposes.

• User access requests are formally approved by business and compliance requirements (i.e., need-to-have and need-to-know to avoid unauthorized access and (un)intended data leakage)

miniOrange makes sure that the right user has the access to the right applications using group-based policies. An approval-based system for giving access rights can be set up to ensure a proper business workflow. The rights to grant or revoke access will be assigned to an authority. All reports are available at any time for monitoring of the system.

• Changes in access rights should be processed on time

All changes in access rights are instant and as soon as the job role/group of the user is changed. The user is provisioned and de-provisioned across the applications based on the change in the job role.

• Periodically user access rights and profiles should be reviewed

miniOrange uses group-based policies to ensure that the correct user gets access to the right apps. User’s access rights and profiles are periodically reviewed to reduce the risk of a security breach.

• An audit trail of submitted, approved, and processed user access requests and revocation requests should be established


• User access management should be supported by automation

To streamline the process of assigning and managing the user access rights, miniOrange provides an automated user access management system. This will aid in time management and allow administrators to take faster and quick action against any security breaches and prevent improper user activity.



• Centralization of the identity and access management function

Provisioning and de-provisioning are handled in one place using a centralized identity and access management system. IT resources are centrally controlled with miniOrange IAM services, and users can access all apps and tools from a single dashboard with the convenience of a single sign-on. Click to learn more



• Multi-factor authentication for sensitive and critical systems and profiles

miniOrange provides 15+ authentication methods and solutions for various use cases. This additional layer prevents unauthorized persons from the resources, even if they know your username and password, thus protecting sensitive and critical information. Click to learn more.



• Privileged and remote access management, which should address

The allocation and restricted use of privileged and remote access, specifying:

• Multi-factor authentication should be used for all remote access

MFA provides an extra layer of security for remote access. MFA for remote access will prevent unauthorized individuals from accessing critical data while also improving the organization's overall security strategy.

• Multi-factor authentication should be used for privilege access on critical systems based on a risk assessment

miniOrange provides the facility of multi-factor authentication to be used on privileged access. This secures your repositories, logs, and administrator account by ensuring that only authorized workers have access to your privileged account passwords.