Security & Compliance

Introduction

Travel and tourism rank third in cyber security incidents, according to the Trustwave 2020 Global Security Report.

To protect your business and ours, we enhanced our data and cyber security protocols and built new tools to help you mitigate associated risks.

With these new tools, you can better protect your company’s data and get more control over your account and security settings.

Now you can easily:

Manage who has access to your Atlas account at any time.
Protect it from unauthorized users.
Set up authentication rules in line with your company’s protocols.
Monitor and audit all activity, simplifying your compliance process.
Respond immediately to any incidents.

Access Keys (AK/SK)

AK/SK means "Access Key" and "Secret Key". These keys are used for accessing APIs or other services that require secure authentication.

Users must provide these keys when making API calls, and the system uses these keys to verify the user's identity and access privileges. Proper management of these keys is critical for account security, as anyone with access to these keys can access the associated resources.

1. Access Key (AK): This is a publicly visible identifier, like a user ID, used to identify the sender of a request. It tells the service which user or account is attempting to perform an operation.

2. Secret Key (SK): This is a private credential, like a password, known only to the user who is authorized to set up the access keys (the account administrator). It is used to verify that the sender of the request has the authority to access the service and to ensure that the request is genuinely initiated by that user.

AK/SK together are also known as ‘access keys'.

Configuration Process

How to set up your Access Keys on the ATRIP Flight Deck: 

To set up or reset your access keys, visit the Company Information* section of the ‘My Profile’ page on the ATRIP Flight Deck account and follow the instructions on the page.

Click on “New Access Key”. A slide-out window will open and click on “Confirm” to generate the new key. You can select between 3, 6 and 12 months for the validity period.

You will see a new security key on the screen. Make sure to copy it and store it securely before you complete the setup.

Then click on “Complete”. Once you complete the setup, you won’t be able to see the security key on the ATRIP Flight Deck. It protects your access keys from unauthorized users. 
Once you get a new security key, your technology team needs to reset the keys in your system immediately to complete the process.  
Each customer can generate no more than 2 AKSK at the same time.
You can delete the old AK as shown below

Note: Only Account Administrators have access to the Company page on the ATRIP Flight Deck and can issue new access keys. If it's you, please follow the instructions above. If you don’t have access to this function, please contact your account administrator when it’s time to update the keys.   

*To ensure you receive all our updates and important information, please add our email address "noreply@atriptech.com" to your trusted contacts list. This will prevent our messages from ending up in your spam folder. 

Single Sign-On (SSO)

Single Sign-On (SSO) allows your team to access the ATRIP Flight Deck with a single set of credentials – the same set they use to access your own systems.

This feature is particularly useful when you have a large team, and many people need regular access to the ATRIP Flight Deck.

Using Single Sign-On has benefits for all members of the team.

Account administrator: No need to manually add new people to your ATRIP Flight Deck and remember to remove them when they leave your company.

Technology team: Maintain centralized access control to manage and enforce security policies from a single point.

Operations and Finance teams: No need to remember or store a unique ATRIP Flight Deck set of credentials. No matter how large your team is, SSO gives them seamless access to the ATRIP Flight Deck.

It enhances security, too - the password ‘fatigue’ often leads to weaker, less secure password practices. Single Sign-on protocol mitigates this risk.

Configuration Process

We currently only support SSO via SAML.

Visit Flight Deck --> My Profile --> Authentication --> SSO.

Enable SSO and click ‘Edit’ to finish configuration.

We will generate the Entity ID, Reply URL and Logout URL automatically. Customers can configurate them in SAML.

Then customers need to upload the XML file by clicking here.

Customers need to set up the attributes as our requirements.

All users created through SSO will be assigned a default role. Customers can select the role that suits their needs here.

Click 'Save' to complete the basic configuration.

Testing and Usage

After completing the previous basic configuration, you must click this button to perform a test. If you can log in to Flight Deck after clicking, it means the configuration was successful. Otherwise, there may be an issue with the previous setup. Please check again.

It's important to note that if there are existing password-based login accounts in the customers' system, these accounts are still valid. If users need to use SSO as the sole method of login, they can disable these accounts themselves in the user management section or contact their Key Account Manager to disable them in bulk.

To facilitate the use of the SSO feature for our clients, they can click these two buttons to copy the link and embed it into their system. It is important to note that clients need to manually concatenate the booking number within the booking detail link.

Password Policy

If you prefer to use separate credentials to access the ATRIP Flight Deck, you can now set up custom password rules for your account.

Make it as long and complex as it fits you! You can adjust password requirements to your company’s standards and regulate how strong your team’s passwords should be.

Configuration Process

Visit Flight Deck --> My Profile --> Authentication --> Password

Click "Edit" to configure the password. The option are as below:

Password Length: Default 12 characters, selectable 8-16.
Complexity: Includes uppercase letters, lowercase letters, numbers, special characters; default all selected.
Expiration Period: Default 90 days, input range 0-999 natural numbers.
Password History Non-Repetition: Default 5 times, selectable 0-10.
Account Lockout: Default 5 failures, selectable 0-10; default lockout duration 30 minutes, input range 0-999 natural numbers.

Click ‘Confirm’ to complete the configuration.

Multi-Factor Authentication (MFA)

You can protect your account even further by enabling Multi-Factor Authentication (MFA).

MFA requires users to set up an extra verification method to gain access to the ATRIP Flight Deck or to use specific features (ex., payments and balance top-up).

MFA significantly decreases the chance of unauthorized access to your account and protects your data.

Configuration Process

Visit Flight Deck --> My Profile --> Authentication --> MFA (Multi-Factor Authentication)

Click "Enable" to activate MFA feature. Configuration options appear (all are selected by default). Click "Confirm" to apply.

After saving, all users of this customer will need to go through the initial MFA binding process after password login.

Other steps invoke MFA verification based on user configuration.

SSO login users do not require MFA verification during login.

User Binding Process

Initial MFA Binding

Display QR code for binding.
Enter identity verification code.
Click "confirm" to see success or failure result.
Click "Back" to return to the previous page.

Rebinding

For security reasons, we currently do not support individual users re-binding MFA. Please contact the administrator to perform this operation.
Admin can visit ‘User Management’ and select the user to unbind.

IP Whitelisting

IP whitelisting is a security measure that allows access to the Atlas API only from specified IP addresses. By restricting access to specific, approved IP addresses, you can significantly reduce the risk of unauthorized access and potential cyber-attacks.

We upgraded this feature to make it more convenient. You can now add an unlimited number of IP addresses using netmasks to specify ranges and include notes for easier identification.

Visit Flight Deck --> My Profile --> Company Information

Customers can find all the whitelisted IP addresses here. The IP addresses can be deleted, if required.

Click the ‘Add’ button to slide out a right sidebar to add IP addresses.

IP addresses standards:

Each entry is on a separate line, separated by a line break.
IP Address/Netmask range and remark for each entry are separated by "|” ， for example "192.168.1.0/24|Remark".
A maximum of 50 entries can be added.

Click ‘Confirm’ to save.

Audit Log

The Audit Log on the ATRIP Flight Deck provides a comprehensive report on all system and user activities. Detailed records of user activities enable your company to stay compliant with regulatory requirements, simplify reporting and support internal audits.

The audit log also helps investigate incidents and verify data integrity on a regular basis.

Visit Flight Deck --> My Profile --> Audit Log

Customers can enter filtering and search criteria based on their needs to perform a search.

We only retain the audit log data from the past year
We only allow each download for up to 1 month.
Sensitive information cannot be logged, such as passenger details, payment, and card information.

Click "view" to find out more details.

PreviousSecurity NextSandbox and Production Credentials Creation via ATRIP

Last updated 4 months ago

Was this helpful?

Security & Compliance

Introduction

Travel and tourism rank third in cyber security incidents, according to the Trustwave 2020 Global Security Report.

To protect your business and ours, we enhanced our data and cyber security protocols and built new tools to help you mitigate associated risks.

With these new tools, you can better protect your company’s data and get more control over your account and security settings.

Now you can easily:

Manage who has access to your Atlas account at any time.
Protect it from unauthorized users.
Set up authentication rules in line with your company’s protocols.
Monitor and audit all activity, simplifying your compliance process.
Respond immediately to any incidents.

Access Keys (AK/SK)

AK/SK means "Access Key" and "Secret Key". These keys are used for accessing APIs or other services that require secure authentication.

1. Access Key (AK): This is a publicly visible identifier, like a user ID, used to identify the sender of a request. It tells the service which user or account is attempting to perform an operation.

AK/SK together are also known as ‘access keys'.

Configuration Process

How to set up your Access Keys on the ATRIP Flight Deck: 

To set up or reset your access keys, visit the Company Information* section of the ‘My Profile’ page on the ATRIP Flight Deck account and follow the instructions on the page.

Click on “New Access Key”. A slide-out window will open and click on “Confirm” to generate the new key. You can select between 3, 6 and 12 months for the validity period.

You will see a new security key on the screen. Make sure to copy it and store it securely before you complete the setup.

Then click on “Complete”. Once you complete the setup, you won’t be able to see the security key on the ATRIP Flight Deck. It protects your access keys from unauthorized users. 
Once you get a new security key, your technology team needs to reset the keys in your system immediately to complete the process.  
Each customer can generate no more than 2 AKSK at the same time.
You can delete the old AK as shown below

Single Sign-On (SSO)

Single Sign-On (SSO) allows your team to access the ATRIP Flight Deck with a single set of credentials – the same set they use to access your own systems.

This feature is particularly useful when you have a large team, and many people need regular access to the ATRIP Flight Deck.

Using Single Sign-On has benefits for all members of the team.

Account administrator: No need to manually add new people to your ATRIP Flight Deck and remember to remove them when they leave your company.

Technology team: Maintain centralized access control to manage and enforce security policies from a single point.

Operations and Finance teams: No need to remember or store a unique ATRIP Flight Deck set of credentials. No matter how large your team is, SSO gives them seamless access to the ATRIP Flight Deck.

It enhances security, too - the password ‘fatigue’ often leads to weaker, less secure password practices. Single Sign-on protocol mitigates this risk.

Configuration Process

We currently only support SSO via SAML.

Visit Flight Deck --> My Profile --> Authentication --> SSO.

Enable SSO and click ‘Edit’ to finish configuration.

We will generate the Entity ID, Reply URL and Logout URL automatically. Customers can configurate them in SAML.

Then customers need to upload the XML file by clicking here.

Customers need to set up the attributes as our requirements.

All users created through SSO will be assigned a default role. Customers can select the role that suits their needs here.

Click 'Save' to complete the basic configuration.

Testing and Usage

Password Policy

If you prefer to use separate credentials to access the ATRIP Flight Deck, you can now set up custom password rules for your account.

Make it as long and complex as it fits you! You can adjust password requirements to your company’s standards and regulate how strong your team’s passwords should be.

Configuration Process

Visit Flight Deck --> My Profile --> Authentication --> Password

Click "Edit" to configure the password. The option are as below:

Password Length: Default 12 characters, selectable 8-16.
Complexity: Includes uppercase letters, lowercase letters, numbers, special characters; default all selected.
Expiration Period: Default 90 days, input range 0-999 natural numbers.
Password History Non-Repetition: Default 5 times, selectable 0-10.
Account Lockout: Default 5 failures, selectable 0-10; default lockout duration 30 minutes, input range 0-999 natural numbers.

Click ‘Confirm’ to complete the configuration.

Multi-Factor Authentication (MFA)

You can protect your account even further by enabling Multi-Factor Authentication (MFA).

MFA requires users to set up an extra verification method to gain access to the ATRIP Flight Deck or to use specific features (ex., payments and balance top-up).

MFA significantly decreases the chance of unauthorized access to your account and protects your data.

Configuration Process

Visit Flight Deck --> My Profile --> Authentication --> MFA (Multi-Factor Authentication)

Click "Enable" to activate MFA feature. Configuration options appear (all are selected by default). Click "Confirm" to apply.

After saving, all users of this customer will need to go through the initial MFA binding process after password login.

Other steps invoke MFA verification based on user configuration.

SSO login users do not require MFA verification during login.

User Binding Process

Initial MFA Binding

Display QR code for binding.
Enter identity verification code.
Click "confirm" to see success or failure result.
Click "Back" to return to the previous page.

Rebinding

For security reasons, we currently do not support individual users re-binding MFA. Please contact the administrator to perform this operation.
Admin can visit ‘User Management’ and select the user to unbind.

IP Whitelisting

We upgraded this feature to make it more convenient. You can now add an unlimited number of IP addresses using netmasks to specify ranges and include notes for easier identification.

Visit Flight Deck --> My Profile --> Company Information

Customers can find all the whitelisted IP addresses here. The IP addresses can be deleted, if required.

Click the ‘Add’ button to slide out a right sidebar to add IP addresses.

IP addresses standards:

Each entry is on a separate line, separated by a line break.
IP Address/Netmask range and remark for each entry are separated by "|” ， for example "192.168.1.0/24|Remark".
A maximum of 50 entries can be added.

Click ‘Confirm’ to save.

Audit Log

The audit log also helps investigate incidents and verify data integrity on a regular basis.

Visit Flight Deck --> My Profile --> Audit Log

Customers can enter filtering and search criteria based on their needs to perform a search.

We only retain the audit log data from the past year
We only allow each download for up to 1 month.
Sensitive information cannot be logged, such as passenger details, payment, and card information.