Agrippa Improvements uses Auth0.com and Azure AD for user authentication. Some key features:

• Authorization header need to be present for correct user account.
• Connecting via https.
• API uses OAuth JSONWebToken Signature HS256
• Agrippa also support use of certificates for non-interactive end-points / API.

Agrippa Improvements supports controlling who has access to personal data. Data security is a critical requirement of the GDPR. The solution supports the following mechanisms:

• Role-based security to group together a set of privileges that limit the tasks that can be performed by a given user.
• Record-based security enables restricted access to specific records.

Agrippa is using data encryption to protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. We have also implemented data encryption in Azure Storage to secure data at rest and in transit.
Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.
Data is protected in transit between the user application and Azure so that it remains secure at all times.

Agrippa uses built-in Azure SQL security capabilities to reduce risks and achieving compliance with the GDPR.
Agrippa uses Azure SQL database features for managing database access and authorization at several levels:

• Azure SQL Database firewall restricting access exclusively to authorized connections.
• SQL Server authentication to ensure that only authorized users with valid credentials can access database server.
• SQL Server authorization to manage permissions according to the principle of least privilege.
• Row-level security (RLS) is used for restrictions on data row access.
•  GDPR requires protecting personal data against security threats. Agrippa uses built-in capabilities that safeguard data and identify when a data breach occurs:
  • Auditing for tracking database events and write them to an audit log.
  • SQL Database Threat Detection detects anomalous database activities indicating potential security threats to the database.