Skip to main content

SecureAuth non-production environment policy

The SecureAuth standard, non-production instance of the SecureAuth® Identity Platform is for testing, maintenance, and support of a customer’s production deployment. This limited, non-production environment (NPE) consists of all the features licensed for the production environment, with the specific limitations described below.

In addition to the base services, SecureAuth offers additional services that can be discussed, scoped, and priced individually with your SecureAuth representative.

This policy applies to all supported SecureAuth IdP and Identity Platform versions.

Function

The NPE operates as a test environment for the following functions:

  • New applications

  • System integrations

  • Validating configuration changes and policies

  • Security test environment for the product and integrations

Additionally, for on-premise or hybrid instances, the NPE serves as a staging environment for patches and upgrades.

Features

The NPE comprises all of the features licensed for the Secure, Protect, and Prevent packages, including:

  • Availability of add-on modules

  • Messaging service integration

  • Ability to export event log data

  • NPE SecureAuth Support services

Limitations

The NPE is limited in the following ways:

  • Production environment support service-level commitments and remedies, service availability guarantees and remedies, and similar support-level agreements (SLAs) do not apply.

  • The NPE is limited to the number of users licensed for the production environment. If additional user licenses are needed for specific tests, make special arrangements by submitting a support ticket.

  • Transactions are limited to 5 transactions per second where a transaction is a login attempt or a password reset. If a higher transaction rate is needed, contact your SecureAuth representative to discuss your specific requirements.

  • Penetration testing is expected and supported, but you must notify SecureAuth five business days in advance by submitting a support ticket. This is primarily to avoid confusion concerning whether the solution is under attack.

    • Penetration testing of on-premise components is limited only to the impact the test has on the load generated for the SecureAuth hosted components.

    • Penetration testing of the hosted component APIs is expected and supported but restricted to the transaction per second limitation.

    • If there is a need to run a more intensive test, contact your SecureAuth representative to discuss the specifics.

  • Load testing is expected and supported. Special arrangements must be made with SecureAuth by submitting a support ticket if testing is expected to exceed the user count and transaction per second limitation.

Enhanced, non-production support services

A number of use cases exist where enhanced NPE services might be required. The following is a non-exhaustive list of additional services you can purchase. If you are interested in exploring any of these additional services, contact your SecureAuth representative to discuss your specific requirements and availability of the services for your NPE.

  • Production-level SLAs for the NPE

  • Production data processing to provide security and privacy compliant test data in the NPE

  • Load testing assistance services

In this section: