GDPR Compliance at JobTeaser
Everything you need to know about information security at JobTeaser.
User registration and de-registration is up to the users and Career Center administrators. Upon registration, the user sets their password through a link sent to their email address. Upon de-registration, the user loses access to all the resources previously available.
The JobTeaser SaaS enforces the following password security policy:
In case of failed login attempts, an exponential back off delay is inserted before enabling the user to try again to login after failed attempts.
Single sign-on (SSO) allows schools and universities partners to provide their users (students and staff) with a login solution that does not require them to enter additional credentials on the Career Center. In this case, the security of the user’s credentials is managed by the partner instead of JobTeaser. CAS, SAMLv2 and OAuth2 are currently supported.
The administration interface for Career Center administrators allows administrators to provision users according to roles they need to attribute to others.
For Career Centers, JobTeaser enables its schools and universities partners to setup an SSO integration for end-user (students and administrators). Other types of users (e.g. company recruiters) are provided with JobTeaser login (email and password credentials are managed by JobTeaser).
JobTeaser uses a central authentication solution (JobTeaser IDP - IDentity Provider) on its platform and applications. It supports the development of controls: connection attempts monitoring, 2-factor authentication, etc.
Authentication to the platform is processed through the JobTeaser dedicated OpenID module. This module can act as an Identity Provider as well as a Service Provider, depending on the partner’s needs.
JobTeaser administrators manage their own registration and de-registration. Access rights are provided to new administrators on a “least privilege” basis, according to their functional role in the company.
JobTeaser website administrator access rights are reviewed annually.
Access to the website administration interface is over HTTPS, encrypted using TLS 1.2 and 1.3 as per industry best practices.
Two-Factor Authentication is mandatory for JobTeaser website administrators.