• All network communications can be encrypted using SSL.

• Applications support user access management by allowing user accounts to be created, modified, and deactivated.

• Applications support user access management by allowing user accounts to be assigned roles (for example, roles defined in QAD Enterprise Edition).

• Users are uniquely identified by their email address, QAD username, and optionally, their Active Directory username.

• Applications support auditing by mapping user access across systems using email addresses and Active Directory usernames. All internal references use QAD usernames.

• Each QAD application is assigned a unique group within the Directory.

• Each user ID in the Directory is assigned to the appropriate QAD application group.

• Each QAD application is assigned a collection of roles (for example, roles defined in QAD Enterprise Edition) within the Directory.

• All passwords stored in the system are hashed using the PBKDF2 algorithm. Passwords are not stored when users are authenticated using LDAP.

• Native applications use LDAP authentication against a Directory service using the LDAP distinguished name associated with the user.

• LDAP connections use SSL (LDAPS).

• LDAP connections are made with a specific service account (username/password).

• LDAP queries are customizable.