GraphAcademy

Aura Fundamentals

Introduction to Neo4j Aura

Getting Started

Tools

Operations

Security and logs

In the lesson, you learned about the different metrics available in Neo4j Aura and how to monitor the performance of your database instances.

In this lesson, you will learn how to: * Implement basic security features available in Neo4j Aura. * Access logs for monitoring and troubleshooting.

Security features

Neo4j Aura provides several built-in security features to help protect your data:

  • Encryption: Data is encrypted at rest and in transit using industry-standard protocols.

  • Access control: Role-based access control (RBAC) allows you to define fine-grained permissions for users and applications.

  • Network isolation: Aura instances are deployed in a private network, ensuring that your data is not accessible from the public internet.

  • Audit logs: Detailed logs of all user activity are maintained for compliance and security monitoring.

  • Single Sign-On (SSO): Integration with identity providers for streamlined and secure user authentication.

  • IP filtering: Restrict access to your Aura instance based on IP addresses or ranges.

  • Tool authentication with Aura user: Use the Aura user for secure authentication when connecting tools and applications to your database.

  • MFA (Multi-Factor Authentication): Add an extra layer of security by requiring a second form of verification during the login process.

As part of your basic security strategy, implement Single Sign-On (SSO), MFA, and access logs for your Neo4j Aura instance:

Security options in Neo4j console

Step 1: Enable Single Sign-On (SSO)

Neo4j Aura supports Single Sign-on (SSO) IdP providers: * Okta * Microsoft Entra ID (formerly Azure AD)

To enable SSO for your Aura instance, follow these steps:

  1. Navigate to your Organization settings in the Neo4j Aura console.

  2. Select the Security tab.

  3. Under the Single Sign-On (SSO) section, choose your IdP provider (Okta or Microsoft Entra ID).

  4. Follow the prompts to complete the SSO configuration.

New SSO configuration screen with Identity provider dropdown highlighted

Step 2: Enable Multi-Factor Authentication (MFA)

To enable MFA for your Neo4j Aura instance, follow these steps:

  1. Navigate to your Organization settings in the Neo4j Aura console.

  2. Select the Security tab.

  3. Under the Multi-Factor Authentication (MFA) section, toggle the MFA setting to Enabled.

  4. Follow the prompts to configure your preferred MFA method (e.g., SMS, authenticator app).

    Enable MFA dialog with Enable MFA button highlighted

  5. After you have completed these steps, confirm again by clicking the Enable MFA button.

Enable MFA pop-up confirmation

Accessing logs

To access logs for your Neo4j Aura instance, follow these steps:

  1. Log in to the Neo4j Aura console.

  2. Select your instance from the dashboard.

  3. Navigate to the Logs menu from Operations to view real-time logs and historical log data.

Logs are categorized into different types, including:

  • Query logs: Detailed information about all queries executed against your database.

  • Transaction logs: Records of all transactions, including commits and rollbacks.

  • Audit logs: Comprehensive logs of all user activity, including logins, data access, and configuration changes.

Operations menu with Logs option highlighted

Access the logs to monitor authentication attempts, data access, and other critical events.

You can also download logs for further analysis or compliance purposes.

Security screenshot

To learn more about enabling the security features in Neo4j Aura, you can refer to the [Neo4j Aura Security Whitepaper](https://neo4j.com/books/neo4j-aura-security/) for a detailed overview of the security measures and responsibilities in Aura.

Check your understanding

Understanding Logs

When would you need to access the logs of your Aura database instance?

  • ❏ When you want to change the database schema.

  • ✓ When you need to troubleshoot performance issues or errors.

  • ❏ When you are creating a new user for the database.

Hint

Think about scenarios where detailed information about database operations and errors would be necessary.

Solution

The correct answer is When you need to troubleshoot performance issues or errors. Accessing the logs is essential for diagnosing and resolving issues related to database performance, errors, or unexpected behavior. Logs provide insights into what is happening within the database, helping you identify and fix problems effectively. You would not typically need to access logs for changing the database schema or creating new users, as these actions are usually managed through the database management tools or interfaces.

Summary

In this lesson, you learned about the security features available in Neo4j Aura and how to access logs for monitoring and troubleshooting.

You implemented basic security measures such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to enhance the security of your Aura instance.

You also learned how to access and utilize logs to monitor user activity and database operations.

In the next lesson, you will explore additional resources and further steps to continue your learning journey with Neo4j Aura.

Chatbot

How can I help you today?