TAKAM SSO Portal

Team Awareness Kit (TAK)

"TAK is a smart device geospatial infrastructure and situational awareness app. It allows for precision targeting, surrounding land formation intelligence, situational awareness, navigation, and data sharing. It enables users to navigate using GPS and provides geospatial map data overlayed with real-time situational awareness of ongoing events. 

TAK gives operators in the field a dramatically enhanced real-time situational awareness. It provides them with enterprise information sharing capabilities that will further increase safety, collaboration and mission successes.”

TAK Access Manager (TAKAM)

SDSD utilizes authentication to a TAK server by creating file-based accounts and distributing server packages created for individual users. This allows for for the management of users across multiple agencies using a single TAK Server environment, however this requires the server package file is available on the end-user device to import into the TAK client.

TAKAM is a progressive web app (PWA) designed by the San Diego County Sheriff DevOps team that allows end-users to self-service a server package that can be imported into any TAK client such as WinTAK, iTAK and ATAK. Built as a PWA, TAKAM utilizes modern web browser technologies to offer the same feature set and experience accross any device that has access to a web browser. This means that TAKAM allows the rapid deployment of multiple users with devices of differing technological capabilites (laptops, smart phones, desktops) onto a TAK server. The TAKAM solution includes a set of linux cron job scripts that are triggered by certificate service requests (CSR) in the form of .json files created by the TAKAM web application front-end at the request of the user signed in and authenticated by Azure AD. The TAK Access Manager (TAKAM) is a cost effective option for any public safety or government organization to quickly onboard and manage users for a TAK environment that uses file-based accounts for authentication.

The SDSD DevOps team used prior experience deploying TAK across multiple patrol and emergency response teams to identify features that would aid incident command and sworn leadership in managing both event-based and patrol-based deployments of TAK. TAKAM utilizes application roles to authorize administrative actions at the team leader and agency command levels. This allows personnel such as patrol station sergeants and lieutenants to manage the deployment of their team within TAK, while an agency level administrator such as a captain or commander can organize the efforts of multiple teams accross the entire TAK server.

The TAKAM solution is designed to accomodate a TAK server instance that has already been configured to use file-based authentication on a linux OS using an account with access to Sudo permissions. Additionally, the linux machine that the TAK server is hosted on must also have internet access to the cloud storage account that will store CSRs generated by the web application. Optionally, an intermediate certificate authority can be configured for signing the certificates used in the CSRs. TAKAM is designed to run on serverless Azure Government cloud insfrastructure with multilayered security and compliance coverage, scalability, flexibility, disaster recovery and high availability.

Features

1. Open source community project that can be expanded by the TAK community at large.
2. Automated deployments from centralized Azure Dev Ops under a centralized Azure Tenant
3. Multilayered security using a cloud firewall, application gateway, private endpoints, network security groups, end-to-end encryption, encryption of data at rest, virtual networks, and private DNS zones.
4. Users can select which TAK server group(s) their server packages are enrolled in.
5. Administrative Features using AAD app roles for authorization
   • Agency and group level administrators may revoke any user's server package at any time, as well as disable their account to prevent them from creating any new server packages.
   • Agency and group level administrators may create groups on the TAK server and select which accounts are allowed to assign their server packages to those groups.
   • Agency administrator may create event groups and server packages to share with external agencies they wish to onboard onto their TAK server.
6. Single Sign On (SSO) with AAD of your choice.
7. Responsive design that adjusts to fit almost any device type or size.
8. Razor pages allow dynamic rendering of front-end elements by app roles or other user properties captured in the SQL database or storage account.
9. Shoelace web component library allows use of a rich library of modern and free front-end user interface components.