Lab539 AiTM Feed

We support both Google and Microsoft as identity providers enabling you to authenticate to the portal using either a Google or a Microsoft account. We take advantage of OAuth functionality in order to do this. This gives you a central place where you can manage authentication rather than having "yet another account" that you need to use to store credentials for. It means that we never hold any credential material for you, and that you can benefit from the security controls that your identity provider offers, such as MFA, without having to go and set these up again.

We request the absolute minimum permissions required from your identity provider in order to confidently authenticate you to the portal. This means we will have access to your basic profile information, which includes your name and email address. If the information matches that which you used when subscribing to the service you are authenticated, if not you are not.

When you first authenticate your identity provider will display a consent screen highlighting the permissions that are required in order for you to access the portal allowing you to accept or decline these.

Once authentication has occured we do not hold onto any information your identity provider may have shared with us, and we do not access any further information within your account profile once authentication is complete. In case you are interested, here are example responses we receive from both Google and Microsoft (this is the same information that you will be sharing with other apps you use which request the same permissions):

Microsoft: { "sub":"aBCDefGh12345678egldOBGIo6mlEMB8Ufy7HnqN539", "name":"Firstname Lastname", "family_name":"Lastname", "given_name":"Firstname", "picture":"https://graph.microsoft.com/v1.0/me/photo/$value", "email":"[email protected]" }

Google: { "sub":"123456789012345678901", "name":"Firstname Lastname", "given_name":"Firstname", "family_name":"Lastname", "picture":"https://lh3.googleusercontent.com/some/path-/img", "email":"[email protected]" "email_verified":true }

We do not maintain access to your Google/Microsoft profile and do not access your profile other than during authentication.

If you ever believe that your account has been compromised you should log out of your account and contact us.

If at any time you want to disable your account from being able to authenticate to the portal you can remove the app registration within your identity provider. This will be called "Lab539 AiTM Feed Portal" (Microsoft app ID: 915bba4f-677e-4b17-bd7c-456a2c1a8427). Doing so will mean that your account cannot authenticate with the portal until you chose to go through the consent process again

We do not use any form of tracking cookies or make any attempt to track a users activities within the portal. We do hold web server logs of activities for security reasons.

We never share any of your information information with any third parties, nor make it accessible in any way to any third parties.

If you have any further questions or concerns with regards this privacy policy you should contact us at [email protected]