Table of Contents
Episode Summary
In this episode our host Zach Malloch, is joined by Patrick Hayden and Bryan Gillilan to discuss Single Sign On options available in RecTrac. The group touches on what SSO methods are available, how to enable SSO in your database, and what the login workflow would look like once enabled.
Recording
Transcript
Zach Malloch 0:00
and we're live with this special in Vermont at least slightly brushed blustery edition of RecChat, where we're going to be discussing the Single Sign On SSO in the Next Gen interface. I'm joined today by Bryan Gillilan. And Patrick Hayden. And we have Bret Alarcon and chat, so he'll be helping out on that side of things as we go. Brian, how are you? How's it going?
Bryan Gillilan 1:08
It's going well, how are you Zach?
Zach Malloch 1:10
I'm doing pretty well. So I think, Patrick, are you there?
Patrick Hayden 1:15
I am here I can't seem to start my video it says you've stopped it.
Zach Malloch 1:19
Oh, yeah. You? You said I Yes. Yes, I decided to. There we go. Did you get anything there? There we go.
Patrick Hayden 1:28
Thank you.
Zach Malloch 1:29
You had left and your video is still going so I turned it off for you and be able to turn it back on but apparently not. Well, welcome guys to RecChat in this still at home is still physically distancing edition. And today, we have some stuff that might help if and when that has to happen again. So maybe I can start this with just asking you an initial question to you guys. Whoever would like to take this? What is SSO? I mean, I kind of let, mentioned with letters stood for but what's the benefit of that? What are we looking at here?
Bryan Gillilan 2:03
Sure is that, um, I can go and take that on. And I'm gonna share my Screen real quick here. So everybody can kind of see some content as we talk here about SSO and what it is and what it means in RecTrac. So all right, so SSO is is really kind of, it's, it's a single sign on. So it allows you to kind of tie your RecTrac users to your Windows users that that log in on your network. So it eliminates the need for your users to remember multiple account passwords, potentially multiple account usernames and also allows for kind of a more streamlined and and natural login process that users may be more accustomed to throughout their kind of Windows environment that they might operate in on a daily basis.
Zach Malloch 2:56
Okay, and I see that I mean, you're you're answering my questions here before I can ask him, Bryan. So we have kind of a version of this right now where you we can tie it into your Active Directory on your Windows network. And if you're logged into the computer, you can get directly into RecTrac. So So what's the difference here with SSO versus the Active Directory piece.
Bryan Gillilan 3:15
So So the big difference here is our new SSO solution is 100% web based SSO, so it allows for that, take the concepts of your current Active Directory and your potentially needing VIC on a computer so it can find your network and identify the user you logged in with. It's taking that concept and moving it to the web. So no longer does the user have to necessarily be logged into your network directly. As long as they have some form of web based access to your network or their credentials. They're able to log in from anywhere and have the that same functionality that currently exists with kind of the VIC Active Directory implementation or or local LAN Active Directory implementation.
Zach Malloch 4:05
So like crazy scenario, everybody has to work home for whatever reason. This will still work at home without having to get VIC installed and try to add it to your network and VPN and all sorts of extra complication.
Bryan Gillilan 4:17
Correct.
Zach Malloch 4:18
Okay, I think that's pretty easily and I see you've got Shibboleth there besides sounding somewhat Lovecraftian what is that Shibboleth doing?
Bryan Gillilan 4:27
So Shibboleth is the it was our choice for service providers to work with to implement our SSO solution. So Shibboleth is basically a service provider that's going to be loaded on on our web servers in our hosted environment. And Shibboleth is what kind of handles the communication and redirects a customer from kind of the RecTrac login process to their local identity provider login process, and handles all that SAML 2.0 communication probably won't dive into too much detail on SAML 2.0 here that can get pretty into the weeds. But that's kind of the secure communication between RecTrac and your identity provider that kind of does all the handshaking and authenticating of a user into the system.
Zach Malloch 5:14
Okay, so I guess my next question is kind of the, I apologize, I can't remember exactly the order your slides here. But I was going to ask about the difference, or the configuration piece of this kind of like, where the VSI side versus the customer side comes into play from jumping ahead. We can?
Bryan Gillilan 5:30
Yep, no, that's all right, we can, we can certainly, we can certainly jump ahead. And we'll kind of work on this throughout. So there'll be some slides that'll maybe come into play a little later on. I guess the first thing to really talk about in conjunction with that is really kind of availability of this solution, and RecTrac. So currently, this is a Next Gen RecTrac UI only feature. And it's available to all VSI Cloud customers utilizing hosted services. And there will be a subscription fee involved, as well as a one time upfront kind of configuration fee as our hosted team gets your SSO configured in our hosted environment to be able to communicate with your identity provider. And it will also be available to any on premise customers who are currently utilizing our VIC client side Active Directory in the legacy RecTrac interface. So if you have questions on whether or not you qualify for one or the other, you want more details on pricing, you can certainly contact VSI sales, and they're ready to have those conversations. When it comes to configuration itself, and how you actually get set up with SSO. There's really kind of the two options if you're a VSI. Cloud customer, our hosted services team is going to handle all of the RecTrac configuration and web server configuration on our end that is required to get that single sign on up and running. We'll just need access to someone from your local it that has intimate knowledge of your kind of network configuration and authentication process to be able to provide us back some information that's needed for that configuration and setup. So certainly, that's something that when you contact sales to kind of start the discussion about utilizing the new SSO. Those are conversations that will all be kind of part of that initial onboarding is getting those are hosted team in touch with your local it to get kind of all the details of the SSO worked out.
Zach Malloch 7:31
Yeah. And just real quick, Bryan, that question did come up. So Keith, we don't have a firm price at the moment. But I talking to sales is going to be the way to get more of that information as far as what the individual pricing would be for you guys. And just while I have you interrupted here, Bryan, a couple of real quick questions that came in. So if a user is using a personal computer that's not part of the network, I think that's kind of exactly what this is supposed to benefit us is that as long as you get to a portal of some sort and identity provider, and you're going to kind of show that step as a little bit of a workflow. We skip past those to get to the kind of this availability piece. But jet, we'll get back to that. But I think that's a yes, that a personal computer, not part of your Windows network should absolutely be able to take advantage of this. And that's kind of the purpose of it.
Bryan Gillilan 8:19
Yes. So yeah, so basically, there's two types of kind of authentication, there's just kind of your local network authentication through Active Directory that may be happens directly on an on a local network. In order to take advantage of this SSO solution, your your kind of network authentication has to be taken a step further to allow for this kind of web based access. So for those that are using Active Directory, a lot of times that means implementing Active Directory Federated Services and the ability to kind of tie into that web hook for authentication to things like Microsoft Office Online, the same kind of authentication portal that's used to access those types of online tools and utilities is the same authentication endpoint. We're taking advantage of here with your IDP.
Zach Malloch 9:08
Great. And then just real quick, because this question is coming up a little bit, we will definitely be making a copy of these slides available afterwards as part of the follow up documentation. So this will get onto the RecChat archive portal, when we have the recording of the video posted. We'll also post this as a document attached to that.
Patrick Hayden 9:26
Alright, and I think related to that to Zach, because I'm sure there's already some questions on on cost. And maybe some more, you already alluded to us sort of following up on that. It's something we're working on now. And we'll try to make that part of the follow up as well. To give everybody some some visibility on that, you know, we are looking to make this relatively nominal cost and we're not trying to put in the big price tag on that but just kind of account for some of the ongoing work that's involved with maintaining it, especially in the host of environment.
Zach Malloch 9:54
Absolutely. And then I guess just a real quick thing. I think this could be hopefully a So Rhonda asked Sorry, hosting customers Cloud customers, yes, we have kind of rebranded hosted as VSI. Cloud. So that is part of the same thing. And then there's a question that's kind of an interesting one is the new VIC? Or is VIC to go away? It seems like we try to keep removing reliance on VIC in some ways, and it seems like something will probably have for a while. But just as a real quick, I know, there's probably a deep level that we could go with that. But
Bryan Gillilan 10:24
Sure. I can answer part of a quick question on that. So are part of the goal with implementing this new SSL solution was, obviously the primary driver was, you know, getting a more web based Ease of Access SSO solution that can integrate with more identity providers, that's a little more flexible for end users was kind of a primary driver. But the also the addition of wanting to kind of, during the authentication process for login, be able to have something that replaces the need for VIC to be installed on a local workstation for, you know, the kind of the environment we're in today where potentially people are logging in from home workstations, their own personal laptops, where they may not want to even load VIC, let alone have the requirement on them by their their kind of employer to load VIC. So by taking VIC out of play here for the login process, and made a lot of sense, just given the use case we're trying to support. As far as the VIC going away, I would say it's not going away anytime in the near future. And that's really more related to needing the ability to integrate with hardware on a local workstation. So for those Point Of Sale units that need to be able to direct print and access cameras and things of that nature, we really need that ability to kind of VIC provides that that ability for us to integrate with those local resources.
Zach Malloch 11:49
I think that was a good answer to that. So VIC will be around for a little bit. There's really only going to be the one VIC for right now. But I think it's probably fair to say that when we have the opportunity to make something work without using VIC, that we probably will go in that direction. Now, Bryan, to swing back to this, you had some slides to kind of like demonstrate the process. And I think that would be really useful. So perfect login workflow. Yes, yes.
Bryan Gillilan 12:14
So just to give you everybody a kind of sample of what this is going to look like once you've implemented the SSO solution, and it'll look a little bit different for every implementation of it just based on your identity provider and the work they provide. But essentially, this starts with a user connecting to a secure login URL that will replace the current URL, you give your folks access to an RecTrac. Now, which could be the exact same URL you're offering. Now it doesn't have to be a different URL. So that initial connection will get kind of grabbed by Shibboleth on our on our web server, and will redirect that user to your identity provider to perform the authentication. So we kind of pass off the authentication to the identity provider. The identity provider does that authentication, whether that's selecting a user entering a password, whatever the case is, and that identity provider passes back to us through Shibboleth kind of a key that shared kind of private key that we know what the identity provider means that this this information is protected, and it came from where we requested it from. And it'll pass back kind of a unique identifier for that user that authenticated that users then kind of looked up in the RecTrac database via that unique identifier. And that's how we get you into RecTrac. So I'm gonna, I'll show you guys this little kind of preview of what it kind of looks like. And then we'll go through the process. So it really is pretty much as simple as user hits the RecTrac icon or goes to the URL, they're going to get redirected to the local identity providers. So this is an example of our kind of VSI local identity provider. So it's going to grab based on my history, it knows this is who I am. So I can select that account to log in with provide my credentials, my identity provider is going to do all that authorization. And then it's just going to drop me into RecTrac. No login Screen. No stopping anywhere at that point. And then part of the log out process. Once you've implemented SSO is you'll have some some options that you'll discuss with our hosted team. Or if you're on prem with the VSI team that helps you configure this, you'll have some options as to where you want to be dropped on log out whether you want to be dropped back on a regular RecTrac login Screen whether you want it to end your session with your identity provider or leave it open. There's a few options there in terms of logout. So, this is just one example of those options. So if we will go through this Same process here. Bear with me one second. Here we go. So I just hit my RecTrac Link, everybody should be able to see now, I am at my kind of account selection for my identity provider. So this is not RecTrac. But RecTrac is what got me here. And I'm going to go ahead and login with that identity provider may take just a moment. And I will provide my password.
Bryan Gillilan 15:40
Again, bear with me here takes it a few seconds with our identity provider with our remote access.
Zach Malloch 15:48
So that is actually maybe a question that we can answer. While this is happening. So keeps asking, if you still have errors, it looks like you still have to have at least some sort of a login. So right now, if you had Active Directory and you're logged into your Windows computer, basically, what it gets to do is recognize that you're logged into your work computer on the network. And then it'll just automatically pass those credentials to RecTrac without having to go to your identity provider.
Bryan Gillilan 16:14
Yep, so we'll get there in just a second. So bear with me, so, so I'm currently signed out of everything with my identity provider. So that's why I was prompted with this login piece. So this is how I would go through my normal login, and provide my oops, jump back here.
Bryan Gillilan 16:41
Okay, had a blip there, my network, jumped back to where I left off here. So ultimately, that's gonna land me here and logged into the application log into my network account. So what I was going to show after that is, if I were to, let's say, browse away from RecTrac At this point, or go anywhere else, and not actually ended my my login session that I just started. So let's say I browse away leave, do whatever. If I were to come back to my Secure Login link later in the day, let's say, or at any other point in time. Looks like I've got a problem accessing our network at the moment.
Zach Malloch 17:35
Yeah, I guess what your if I can get
Bryan Gillilan 17:37
what I'm trying to show here is that during that login process, instead of getting these screens here, where I pick my account and provide a password if I'm already authenticated with my identity provider, so assuming I had to log into my network account to get in to begin with, if I'm already authenticated through that network provider, I will actually just get the RecTrac login Screen and it'll say authenticating, it'll automatically basically, that Screen will just pop up for a quick second, while it actually goes out and verifies that I'm already authenticated. And then it'll let me right into RecTrac without providing any additional credentials.
Zach Malloch 18:18
So the question for you, then, Bryan, if you're using your work portal, let's say to access your web based email, you've already logged in through that portal? And if that is your identity provider, and then you Click on your RecTrac. Link, would you have to do anything? Or would it kind of carry over you're logged in already?
Bryan Gillilan 18:37
It'll carry over your login already.
Patrick Hayden 18:39
Perfect. Maybe I can, I can show that real quick. If you want, Bryan, I think I gotta add a little value here. The only reason I'm on this call is in case Brian has network issues. So I can I can show that real quick. Stop sharing, Bryan.
Bryan Gillilan 18:54
Yep. Let me just this thing it should be all set.
Patrick Hayden 19:03
Okay, so if I share real briefly here. And if I go to kind of a situation where Bryan just was there, if I'm already authenticated, and do that kind of same SSL link, like Bryan talked about? Kind of to keep the question, I'm just going to get automatically brought beyond the login, because I'm already authenticated. Whereas if like Brian was saying, if I'm logged out, and I actually do choose to log out. Now, I'm signed out to that single sign on signup page. And if I access that same link at that point, like Bryan was going through, I'll be prompted for my account. Again, it knows my account because I use it on this machine regularly. And then on login, I'll be brought straight into RecTrac.
Zach Malloch 19:50
All right, perfect. So a couple of quick questions coming in around this. And I think this is going to be maybe back to that availability piece, Bryan. So Frank is asking Will the other 3.1 Active Directory integration be going away?
Bryan Gillilan 20:05
Yes, so the current VIC client, Single Sign On capabilities are not part of the Next Gen UI, and we have no current plans to move them forward into the Next Gen UI was really trying to put our resources towards a more future proof proof, more, more all encompassing solution that will satisfy kind of all scenarios, and not just the local LAN implementation.
Zach Malloch 20:33
Perfect.
Patrick Hayden 20:34
And I think that this, you know, to the point earlier, just to kind of tie it together the, like Bryan talked about earlier, and Zach having a solution that isn't dependent on VIC. Again, we're an example right now of everyone having to work from home of why that's a good thing. And some of the sort of unanticipated benefits of moving to a more kind of industry standard, best practice kind of solution. These are some of the gains we get from it is having that access, regardless of VIC, and regardless of the actual network, your computer is on because it's all it's all web based. So we didn't know COVID was coming. But this is everyone working from home is a great example of why this is a better solution.
Zach Malloch 21:14
So once you have authenticated, you know, we have our RecTrac session cleaner stuff that controls kind of like how long your session can be up there. But is there any other influence as far as how long your session will live? Once you've done your authentication, you've logged in?
Bryan Gillilan 21:32
Yeah, I can kind of answer that. So your RecTrac session cleaner will still handle all of your RecTrac session information. So as far as the RecTrac session, you get post authentication, that session will only live as long as RecTrac allows it to live for your authentication session, however, is all entirely managed by your identity providers. So your local it configures, how long those sessions are valid for how frequently you have to renew those sessions, for example, you know, I think my session with our identity provider can last for 30 days. So I might only have to log in once every 30 days. And that goes for RecTrac and my Windows credentials and everything else in terms of, of accessing any web based content that I need to access. It's a one time deal, and then I might have to re supply my credentials 30 days from now, to re up that session. So But that again, that's all based on your identity provider and not controlled by RecTrac.
Zach Malloch 22:35
Speaking of identity providers, because I think that we might end up getting some of these questions about the individual different sorts. So if a specific one is has this been tested with Azure integration, but I guess the broader answer would be, which provider? How? What qualification? Would you be looking for for a provider to understand that they are compatible with us?
Bryan Gillilan 22:55
Yep. So, you know, the first place to look is really on. Really, we should be able to integrate with any provider that accepts SAML 2.0 authentication communication, if you have questions about whether or not your provider is would be supported. If you go to the Shibboleth dotnet Web page, which will be provided as part of the follow up, there's a lot more details on what providers are supported. We've kind of got our basic configuration set up to work for most single identity providers out there. But Shibboleth can also be configured in a much more complex manner, if there's additional needs. So multiple organizations tied to one account. We can kind of handle all of that through Shibboleth if we need to. So there are a lot of configuration capabilities. We could try to start listing off individual identity providers, but I probably don't know enough of them to list them off all manually and we could probably supply or we're will work with far more than I could ever think to list.
Zach Malloch 24:01
All right, and then I've got kind of two different versions of what I think effectively is going to be kind of the same answer. So Darla is asking they have potentially a single Windows account that shared between multiple users within those users have individual RecTrac accounts, so that it's not going to be tied necessarily to the Windows login. And then David is asking, How does RecTrac handle users with multiple profiles with using SSO. So kind of the same thing that there might not be a direct tie between the Windows user and the RecTrac user?
Bryan Gillilan 24:35
Now it's a it's a very good question and a pertinent one. So once you implement SSO, you'll have the option to have both your kind of secure single sign on URL, as well as a private URL. And the private URL is designed to be able to access RecTrac with RecTrac user credentials separate from your Windows users credentials so allows for access to both on the same RecTrac application. So if you have a scenario where you have a shared Point Of Sale workstation that has its own generic Windows Logon account that it always is logged on with. And you might have multiple users that you want to track separately and RecTrac, that workstation would want to be configured with a URL that is using the private URL, and then those users with that URL will hit the standard RecTrac login page and be able to provide RecTrac Username and credentials to access the system. And the same thing is is the same way we would currently handle the scenario of a single user with multiple RecTrac profiles, your single sign on would have to be tied to a single one of those user accounts. And then accessing an alternate user account would require using that private sign on link to gain access via RecTrac user credentials.
Patrick Hayden 25:53
Those in those cases, probably and again, reading into the question a little bit, it kind of depends on probably the best scenario there is to have take advantage of some of our options to have a single RecTrac user associated with multiple user groups, you know, to allow them some of that flexibility where they only need one RecTrac credential, which then means they can take advantage of SSO. But there may be user who works at multiple locations, let's they're associated with multiple user groups, and they get that prompt on login, whether the login is via SSO or via, you know, the kind of private login. So I think that's, that's the best direction to go there. And there certainly could be some use cases where that doesn't quite work. But a single RecTrac user with multiple user groups would be kind of preferred there and let you take advantage of SSO.
Zach Malloch 26:39
Yeah. So I guess the the key kind of like distilling that down is that we're really looking for a user to user match. And if that doesn't exist, then maybe SSO as its, as its only solution is not the best one for that you need to have a different process in place. All right. Okay. Let's see, I'm gonna go through a couple of their questions. But we are getting about to the end of the session. So I will ask if either of you guys have kind of any closing comments, while I'm looking through some of this?
Patrick Hayden 27:10
I get through your whole PowerPoint, Bryan? Or was there anything else you wanted to cover there? Okay.
Bryan Gillilan 27:13
Nope.
Zach Malloch 27:14
Yeah. So there are some questions still coming in where people are. So David was saying that he was talking about with multiple Profile, or actually, maybe David, you are, it is the same question. But if you have multiple user groups associated to your user than the the SSO will work, that's fine, you get, you get authenticated in and then you choose admin, Menu Group or front desk, Menu Group, or whatever. But if you have different logins to RecTrac, I think that's maybe what the the key is, if the if the login to RecTrac, you have multiple of those and you only have one login to your Windows network, then that's where you're, you're not really getting that one to one match that we're looking for.
Patrick Hayden 27:54
I think any prompts that you would get post login, you're gonna get whether it's logging in via SSO or not. So whether that's resuming a RecTrac session or multiple user groups, you're gonna get all that as you normally would, regardless of the authentication option.
Zach Malloch 28:09
And so there are a couple of questions that have been addressed. And I apologize, we're not going to re answer those, but we will respond to them in the follow up doc, things related to pricing things related to on prem versus hosted. The option will be available for both depending on premise, we'll need to talk to sales a little bit more and kind of determined some of that sort of stuff. Once again, we will be following up with a little bit more of that. After that. Patrick, do you have a personal request for an email from Gary so we can get in touch with Gary he saw his email right on the Screen that whole time he was doing the Single Sign On demonstration for us. We did have a request to walk through the process of logging out of RecTrac again, and then logging in with SSO.
Patrick Hayden 28:54
I don't know. Bryan, are you
Bryan Gillilan 28:56
go ahead, Pat, just just in case, mine doesn't play nice. I guess while while Pat's bringing that back up, it's probably one. One thing we didn't really call out explicitly in the PowerPoint. But we'll be a part of this is really the only ongoing maintenance part of the SSO for customers is going to be when you add new user accounts, you will need to provide that kind of unique identifier on the user account in RecTrac. That ties them back to your network. So there's a single sign on cross reference Field right on the user record and RecTrac that will need to get populated and that's what we're using to kind of tie the RecTrac user back to the Windows User we're authenticating to.
Patrick Hayden 29:41
So I guess just to start back from the beginning, I'm going to that that single sign on link that we visited earlier. Again, I had explicitly logged out before so I'm being prompted for my user signing in
Patrick Hayden 30:04
Now I'm into RecTrac as my Patrick Hayden user. And I think to maybe just clarify the different sorts of directions, we can take their different paths, if I were to, let's say, leave this up and still remain kind of authenticated here, and launch that, again, whether I had navigated away from it, or whatever the case may be. I'm just gonna go straight into RecTrac without being prompted for authentication, because I'm already authenticated. And I'm getting a resume session prompt here, because I already had a session open, we'd get any other prompts that were applicable there. Now, if I do explicitly log out, which it sounds like, this may be what the question was related to, I'm gonna get sent to that SSO sign out. Now at this point, I have kind of gotten rid of that authentication that had occurred. And if I were to go back to that same SSO link, at this point, instead of automatically logging in, I'll be prompted for those credentials again, because I guess it's a question.
Bryan Gillilan 31:04
And there's a distinction there to make as well, the configuration of how that logout gets handled, there are multiple different configurations. And one of those configurations is to not actually end the the identity provider session. So you can just have your logout from RecTrac. log you out of RecTrac, but not actually end your service provider session, like like we're showing here. So you can't have it, leave that session remaining open, in which case, you could log out of RecTrac. You could wish it wasn't explicit logout, which will rent end that RecTrac login session. But the next time you hit that link, you'll still be authenticated with your identity provider. So you won't be asked to provide RecTrac credentials. But you will start a new RecTrac session.
Patrick Hayden 31:55
Yeah. And then if it gets in that regard, Bryan, I think to really assuming that folks are already using this identity identity provider for other single sign on other applications, it's going to behave similar lays out how those do assuming that they have it configured, you know, similar right across the different applications for that one identity provider.
Zach Malloch 32:13
Yeah, and I think that's that's actually something we talked about in our preparatory sessions for this is that it's very possible that some of this identity provider stuff has already been set up, either prior to or as a response to some of the COVID in the work from home stuff. So it might not need all that much more integration. And it can probably tell you some of that. We had a couple of quick questions. I think that these are really good. So one is SSO all or nothing? Will you have a Do you have to use the SSO link, if you have that configured? Or can you just use your RecTrac land and still provide your credentials? If that was? Can you give that as an option as well?
Bryan Gillilan 32:49
Yep, absolutely. So that's kind of the crux of that private versus public URL. So for those that want to be able to have, you know, potentially administrative users who are frequently working from home, or are doing things on the network, or that just they have a lot of users that are logged into the network, and maybe they have some temporary users who are not, we don't have Windows credentials, all of those scenarios. That is the reason why we have the kind of the private URL option and the public URL option. So really, what it boils down to is if you want to allow or have specific workstations, login without the SSO. They're just provided with a different URL to access RecTrac. It's accessing the same application. It's just keeping the authentication piece and RecTrac and not passing it to the Single Sign On provider.
Zach Malloch 33:42
Okay, and then I think probably the last one that we can get to with with the time that we have is whether what Type of an agreement we have with Shibboleth. The question is basically if we have all of this configured and then Shibboleth changes something on their side, how much is that going to impact us are the customers that have decided to start using this process?
Bryan Gillilan 34:01
Yep. So can speak to that a little bit. So one of the reasons we chose Shibboleth is it is a pretty industry standard and well adopted service provider and it is an open source solution. So there's no cost to our customers for Shibboleth no cost we have to pass on from our hosted environment to our customers for Shibboleth. It's an open source solution that is constantly being kind of monitored for security updates and kind of keeping with industry best practices and standards. So anything that changes with Shibboleth over time, we're naturally going to evolve with that VSI and be kind of one step or two steps ahead of kind of anything that would affect people's production environments in terms of access to RecTrac through their identity provider.
Zach Malloch 34:51
Okay, well, that's great. So I think the only other questions that I'm see kind of hanging out here are ones that have been kind of answered a little bit earlier in the session, and then a couple that are going to be more kind of pricing related, which we'll try to follow up with. So we're just a little bit past time. And I think that that's a probably a good place to end things up. Sorry to leave a couple of things hanging. But once again, we will have that document and hopefully that will help to answer some of those remaining questions that are out there and left open. So thank you so much for everybody that joined us today. Brian and Patrick, any closing comments before we go ahead and end things up here?
Patrick Hayden 35:32
No, I think we're I think we're good.
Zach Malloch 35:34
Yeah, thank you so much.
Bryan Gillilan 35:36
Stay safe and let's hope we can all get back out there in the park.
Zach Malloch 35:40
Exactly. Yeah, stay safe and say stay distant as long as you need to. So it's faster when it does happen. Yeah. Thank you all for joining us. And thanks for for your participation. Patrick, Bryan, and in chat. Good job, Bret. And I'll be talking to you guys.
Patrick Hayden 35:55
Thanks Zach.
Bryan Gillilan 35:56
Thanks everybody.
Patrick Hayden 35:57
Definitely see you guys later.