Security

4 articles

Why Smartcat is safe to use

Safety measures for translations | Smartcat Help Center At Smartcat, we are aware that linguistic resources are the core asset for translation businesses. This is why we use the most advanced technologies and practices to keep your data secure and prevent unauthorized access into your account. We don’t display, transfer or share your data with anyone unlike some other companies do. Secure cloud storage By accommodating your data in the cloud, you can be sure of its safety. Intruders wouldn’t be able to access it in the case that your computer is stolen or exposed to a virus. Even if your computer is broken, all of your data will be safe and available for you. Your data is exclusively yours We considered any improper manipulation of user data and guarantee complete confidentiality. Your data is secure in your account, and belongs fully and only to you. You control access to your data All accounts in the system are isolated, so users of one account cannot access the information in another. This means that all linguistic resources are only available to you and the users that you authorize. Your data is hosted in top-level data centers The data centers, in which your data is stored, have the strictest level of security (Tier IV) and are located in geographically diverse locations, ensuring much higher protection compared to simply using your own office servers. The data centers are SOC-1, SOC-2, and SOC-3 compliant, and staffed and monitored 24/7. Your payments are protected We don’t store your payment data; all payments are executed by our payment partners, each of them holding a certiﬁed status with Visa’s Global Compliant Provider and Mastercard’s SDP. Translator information is not visible to external users Yet we reserve the translators’ right to register on the platform as freelancers with a public profile and to use such accounts for personal purposes. Here’s some more information for our tech-savvy users: Your data is encrypted Smartcat uses an HTTPS/TLS protocol to protect data in transit between your computer and our servers, and a 256-bit Advanced Encryption Standard (AES) to protect data at rest. For transmitting payment data, we use a TLS 1.2 protocol and RSA algorithm with a 2048-bit key. Database backup Your data is continuously backed up on the database level and is replicated in real time to a Smartcat backup data center. This guarantees we can recover from a complete site failure in our main data center. All infrastructure can be automatically set up in minutes, if needed. Centralized user access You can instantly limit access to your account using our centralized user access control. Flexible assignment of access rights This allows you to authorize at different levels – down to a single document or linguistic resource. Internal security policy Smartcat employees are prohibited from unauthorized access to client data. We offer both private cloud-based and standalone enterprise solutions for any corporate customers with specific data security policies.

Ensure your accounts security

Account security | Smartcat Help Center When you enter your credit card information in Smartcat, the data is not actually sent to us but goes directly to servers of our payment service partners. All our payment partners are PCI DSS certified. Such a certificate means that the company’s security systems have passed specific individual tests. PCI DSS-certified companies have organizational and technical security policies: data is stored in encrypted form, data access is limited, and registration logs are kept safely. Data encryption Your password and personal data are not available to third parties. Access to Smartcat is carried out over a secure connection encrypted over HTTPS/TLS protocols. Your data gets transmitted to our servers by a 256-bit encrypted SSL connection. We use TLS 1.2 encryption to protect payment data at the transport level while using 2048-bit RSA keys at the application level. How do I protect my account? Never share your bank card details, such as a PIN, CVV, or CVV2 with anyone.Never give your Smartcat account password to anyone and consider changing it regularly.Make sure that you receive email notifications about money transfers to your Smartcat account, as well as payouts via your preferred method.Enable SMS alerts for transactions and other activities on your bank account. I’m still hesitant about giving my payment info to Smartcat. How do I get my earnings? Issue a separate physical or virtual bank card and use it solely for receiving payments from Smartcat. Many banks offer virtual cards, which can be used for online payments, just like an ordinary plastic card would. FAQ I have received a request for personal information from the support team. Why am I required to do this if I have provided my details? Any bank or payment provider is responsible for ensuring that its customers act within the law and do not use financial institutions for illegal activities such as fraud, money laundering, or tax evasion. To accomplish it, any regulated financial institution conducts routine checks by requesting additional information on selected payments. Additional information may include clarification of the recipient's full name, address, date of birth, citizenship, proof of residence, etc.If you receive a notification from our support team that a confirmation of your identity or other additional information is required, this means that your payment is currently being verified by our payment system. Please don’t worry, these are standard regular compliance checks. Provide us with the necessary information and we will do our best to ensure that you receive your payment as soon as possible.Please note that requests from the platform can be only sent from an email address in the @smartcat.ai or @smartcat.com domain. Do not share your details upon request from an undefined email address.

Ensure personal data protection

Personal data protection | Smartcat Help Center What is GDPR? On May 25, 2018, the General Data Protection Regulation, abbreviated as the GDPR, has come into force. The law has established general rules regarding data protection in the European Union for international companies that process personal data of EU citizens. The main goal of the law is to give users the opportunity to learn about their data, which is stored by the company, and if the user wants to, manage it. GDPR & Smartcat Smartcat is very serious about storing the personal data of its customers, and protecting this information. In fact, we’ve always been, and after the enactment of the new law, that didn’t change. User data Storage We have updated our Terms of Use and published the Privacy Policy. The new version of the Terms of Use describes in more detail and with improved clarity what user data we store, for what purposes, and how we guarantee security. Management You can still control the visibility of your profile to search engines and within Smartcat’s Marketplace. If you decide to stop using Smartcat, we will, at your request, delete your account and all associated information, including files and projects. You may delete the personal data you’ve added to your freelancer profile or corporate profile, such as your name, photo and phone number, by yourself at any time. Protection Smartcat employees who have access to your data are thoroughly checked by our security team and can only use your data as part of their work. In addition, access is limited by authorization procedures and infrastructure, which does not allow employees with insufficient rights to access information. Your data is stored in data centers with the strongest, strictest security level, Tier IV. This is a much higher level of protection than conventional office servers provide (Learn more about Smartcat security measures ). Privacy We do not share any user information we have with third parties. Your data is stored on one of three servers located in Europe, the US or Asia and does not go outside of them. When you sign up with Smartcat, your information will go to one of the three servers, depending on the region in which you are located. Smartcat’s partners In the terminology of the GDPR, Smartcat is a “data controller”, because we collect and use information about our users. We carefully select partners to help process our payment orders, and enter into agreements with them that detail points concerning the safety of user data. Smartcat does not store your bank card details; they are stored on our payment partner’s side, which has all the necessary infrastructure to ensure the safe storage of this type of information, which is confirmed by the availability of a PCI DSS certificate. Any new solutions we design will take into account the new requirements for data security. At the same time, we are looking for the latest solutions in the field of data protection, and will apply them to our processes, infrastructure solutions and partner selection.

Manage users via Single Sign-On (SSO)

User Management via SSO | Smartcat Help Center SSO is an authentication process that allows users to log in to multiple applications and services with a single set of credentials, irrespective of the platform, technology, or domain used. The advantages of SSO are many, the most valuable being: Secure handling of multiple accounts and related user dataImproved security capabilities, especially if combined with multi-factor authenticationStreamlined user experience: the elimination of repeated logins increases employee satisfaction and productivityAbility to ensure that corporate compliance rules are being followed Smartcat provides Corporate customers with the ability to manage their users via their company’s Single Sign-On (SSO) provider. Smartcat supports four major authentication systems: ADFS, Azure AD, Okta, and DUO. How to set up SSO for your Smartcat Workspace? If your company uses one of these systems: ADFS, Azure AD, Okta, and DUO, you’ll need to provide our team with some basic details while raising a support ticket with Smartcat support here. The name and software version of your SSO technology or provider, including software versions. For example: Azure AD or ADFS 4.0 on MS server 2016. The OAuth 2.0 server endpoint is the URL where this authorization server is hosted. This is where the application will send requests to initiate the authentication process. The public URL of your OAuth 2.0 or the ADFS server endpoint. The ADFS server endpoint is a URL that corresponds to a specific ADFS server within an organization. It is used to handle requests related to authentication, federation, and identity management. When setting up OIDC for Azure or custom OIDC providers, you may need to provide multiple endpoints. If you're using SAML, you might also need to provide a certificate, especially when working with Azure AD or Entra ID. Also indicate the clientId and clientSecret, if applicable. The clientId is a public identifier for the application that’s trying to access an API or service on behalf of a user. Think of it as the "username" for your app when it communicates with an OAuth 2.0 authorization server.The clientSecret is a confidential value that the application (client) uses to authenticate itself to the authorization server. It’s like a password for the app. What Web domain should email addresses originate from, so that they are redirected to your SSO provider.A test user email address to verify the SSO configuration. After our Support team receives the ticket with all these details, our team of developers will set up the SSO on Smartcat’s end, our team will provide callback URLs to be added on your server/provider side to return Smartcat requests. When SSO is configured and connected, users from the specified Web domain will be immediately redirected to your login URL instead of accessing the Smartcat login form. FAQs What is the process for a user to set up their Smartcat account with SSO? Users should receive an invitation to set up their Smartcat account. During setup, they will be redirected to the SSO provider (e.g., Okta) for authentication. If authenticated, they will be logged in automatically. What happens if a user tries to log in without an account in Smartcat? If a user tries to log in without an existing Smartcat account, they will be redirected to the sign-up page to finalize their registration. Once registered, the user will either: 1. Automatically join an existing workspace if domain joining and JIT provisioning are enabled. 2. Be able to create a new workspace if no existing workspace is available to join. Can users create their own workspaces in Smartcat? Currently, users can create their own workspaces, but this feature is planned for removal. Workspace creation should be managed by admins, and users should be invited to existing workspaces. Does Smartcat support multiple domains for SSO? Yes, Smartcat supports multiple domains for SSO. Domains must be unique and not used by other clients. Provide a list of domains to the Smartcat team for configuration. What is required to enable SSO for all users in the organization? Provide the list of domains for federation to the Smartcat team. They will update backend configuration to enable SSO for all users under the specified domains. Will users need to authenticate via Okta during the invitation process? Yes, users will be redirected to Okta for authentication during the invitation process. If already authenticated, they will be logged in automatically. What is the process for a user to set up their Smartcat account with SSO? If a user is not in Okta and tries to log in, they will not be able to authenticate or access Smartcat. They must exist in the Okta database for the SSO process to work. What role do users get assigned when they join a workspace in Smartcat? Currently, users are assigned the Project Manager role by default. This may change in the future to assign a more limited default role. How can we ensure users are invited to the correct workspaces? Admins must manage invitations and workspace access settings. User guidance should emphasize starting from an invitation rather than accessing Smartcat directly. How do we manage the domains and user access for SSO in Smartcat? Provide the list of domains to the Smartcat team. Ensure all users are added to Okta for successful authentication. What are the next steps to implement SSO for our organization? 1. Provide the list of domains to the Smartcat team. 2. Close all workspaces to prevent unauthorized access. 3. Set a go-live date and align corporate communications. 4. Perform smoke testing to confirm the setup works. Can we test SSO with specific users before enabling it for the entire organization? Yes, you can provide specific user details to the Smartcat team to test SSO with individual users before full implementation. Can we use just-in-time (JIT) provisioning with Smartcat? Yes, JIT provisioning works with Smartcat, provided the necessary security steps are completed on your end. Specifically, your Smartcat workspace must have the setting enabled that allows new users within your domain to automatically join the workspace. Once this is configured, users can be provisioned just in time and will automatically be added as managers. Please ensure domain joining is properly set up to maintain security. Can we leverage group claims or IdP Groups to assign roles? No, Smartcat does not support role assignments based on group claims or IdP Groups. Role configuration is managed internally using basic user information (ID, email, name, surname). Can Smartcat support multiple domains per IdP? Yes, as long as the domains are unique and not used by other clients. Does Smartcat provide auditing and logging of actions? Audit Logs can be pulled via API. Smartcat aggregates application logs and traces, but they are not directly available to customers. For investigations, Smartcat can provide internal reports. Can the system be configured to require multifactor authentication (MFA)? Yes, MFA can be enforced via SSO. What will the end-user experience be like when using SSO with Smartcat? Users will receive an invitation to join a workspace. During setup, they will be redirected to IdP for authentication. If authenticated, they will be logged in automatically. Unauthorized users will be redirected to Sign-In page. What are the best practices for managing user access and workspace invitations? 1. Add all users to IdP before enabling SSO. 2. Provide clear guidance for users to start from an invitation. 3. Prevent unauthorized workspace creation. 4. Regularly review and update access permissions and settings. What SSO claims will the application leverage (first name, last name, email, etc)? Make sure your SSO application provides information about following scopes and claims: 1) scope: openid2) scope: email, claims: email3) scope: profile, claims: given_name (or firstname), family_name (or lastname) What user provisioning is leveraged SCIM – System for Cross-Domain identity Management? Current SSO implementation does not provide full SCIM capabilities, i.e. you can manage users data on your IdP end, but it won’t be propagated to Smartcat system, we do not support group provisioning, etc. Smartcat SSO supports automatic provisioning of new accounts from Smartcat side and will allow you to deny user access to Smartcat based on your IdP’s user access list for your IdP’s app What API permission are required by the app (company enforces a Zero Trust policy)? We need application to provide us permissions to read users’ profile and allow sign-in. I.e. based on Microsoft Graph API permissions these are profile and User.Read permissions. re: Zero Trust policy - we advise Smartcat account admins to configure access rights for their users in web portal and as for access restrictions on IdP side, we are not able to any write operations. What is the front-channel logout URL used by the App? We are not using logout URL in our SSO configuration Will there be more instances for integration (DEV, UAT, TEST, etc)? This is not planned at the moment - all testing takes place in production based on test user(s). Then we enable SSO for the whole domain(s). Is user access granting and lifecycle managed by roles or groups that can be linked to Azure AD Groups? No, we do not use Azure AD or similar directory systems to mange user permissions or access lifecycle. Does smartcat supports IdP initiated login attempts? No. Does the SSO works when users select the Sign in with Google or any third party sign in option in the Login screen? When SSO is enabled for Enterprise account users of this account can only login via configured custom SSO configuration. Google or any third party sign in options will no longer work for this user.