Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleSecurity

Centralized control over security configuration options for portal users and agents.

Single Sign On (SSO)

The platform allows you to log in to the portal using 3rd party identity providers (IdP) (supports Okta). Using SSO administrative settings, permitted users can easily configure and manage identity provider settings.

  • Enable Single Sign On: Click on the slider to enable or disable SSO functionality.
Info
  • Once you have user/agent set up with valid emails, you can enable SSO.
  • Email Attribute is case-sensitive.
  • Emails sent must match exactly what is in the user or agent email field.
  • Authentication Standard: Login standard to use for SSO. Available options are as below:
    • SAML: SAML is an acronym for Security Assertion Markup Language (SAML). This is the default option.
      • Url where you can get the SAML Metadata: Add the link of SAML metadata file and click the green arrow. This auto-populates the Single Sign On URL, Issuer URL and Certificate X.509 fields.
      • Single Sign On URL: The location where the portal launches to initiate the authentication process.
      • Issuer URL: It is also known as entity ID. It is used to validate the assertion.
      • Certificate X.509:  SAML uses an certificate to verify signed assertions.
      • Need Help?: Click on the See Instructions link. In this new window you will find the required information to fill in at your IdP configuration setup. 

        Info

        You need to add sign in URLs for the User and Agent.

    • OIDC: OIDC is an acronym for OpenID Connect.
      • Authorization ID: An authorization ID is an identifier that represents a set of privileges.
      • Authorization Secret: An Authorization secret is a secret known only to your application and the authorization server.
      • Isuer URL: It is also known as entity ID. It is used to validate the assertion.

        Info

        Your IdP provides the info about Authorization ID (Client ID) and Authorization Secret (Client secret).

      • Need Help?: Click on the See Instructions link. In this new window you will find the required information to complete at your IdP configuration setup. 

General

  • Password Expire Days: Sets the number of days for the password expiration. Applies to both users and agents.
Note
iconfalse

When implementing a password expire period for the first time, or reducing the number of days in the current period, all agents should be logged out to prevent any call interruption due to password expiration. In addition, if your portal uses any of the portal Applications (Scripter, for example) or you are unsure if you have integrated these types of apps, reach out to your Account Management team before adding, removing or making any changes to the Password Expire Period, because this can interrupt any active Custom Applications. 

  • Max Failed Login Attempts: Sets the number of password attempts after which the user is locked out
  • Max Failed Login Attempts Agent: Sets the number of password attempts after which the agent is locked out
Note
iconfalse

The value of Max Failed Login Attempts and Max Failed Login Attempts Agent must be between 1 and 9. Zero, null, and characters are invalid.

  • Password Reuse Restriction Count: Sets the number of previous passwords that the user or agent cannot reuse when resetting the password. The minimum and default value for this field is 4 and the maximum value is 25.
  • Browser Session Security:- Requires users to log back in any time the browser is closed
  • Password Strength: By using a password strength slider, you can configure the password strength to Medium, Strong, or Very Strong (left to right). Hover the mouse on the password strength slider to get the description about the password requirements.
  • Admin Set Passwords Are Temporary: Portal users and agents must change the password on the first login or when updating the password by the permitted portal user.
Info
iconfalse

If the permitted portal users change the password for their own user account, they are not prompted to change the password.

Session Timeout

You can enable or disable the session timeout parameters. 

  • Inactivity Timeout: You can set the inactivity timer for intervals of 5 minutesmins, 15 minutesmins, 30 minutesmins, 1 hour1hour, 2 hours, or 1 day. After the period of inactivity exceeds the timer interval, a warning message appears to the user or agent. You can stay logged in by performing some activity in any of the tabs.
    Info
    • If you have multiple tabs open, and you are working in one tab, the session remains active for all tabs. If all tabs are inactive, the session ends after it reaches the time duration set in the Inactivity Timeout field.
    • This setting applies to users and agents.

  • Browser Session Security: To ensure security, enable this parameter for the users and agents to log in every time they launch the portal in a browser.
  • Show Inactivity Warning (Agent/User): Set this parameter to display an inactivity warning for users and agents before the session times is timed out. For example, if you set this parameter to 1 minutethe inactivity timer is set to 5 mins, a warning message appears one minute before the inactivity timer is activated and the user or the agent has to must log in again.
  • Maximum Session Timeout: You can set the browser session timeout for 5 minutes, 15 minutes, 30 minutes, 1 hour, 2 hours, 1 day, or 7 days. This setting enables the user or the agent to stay in the session according to the setting The maximum time a session can stay active. After the maximum timeout is reached, even if you are active, the session is logged out and you must log back in. For example, if you set the Maximum Session Timeout to 2 hours, after 2 hours, the session is logged out automatically.

Subnet IP 

List of permitted IPs that can access the portal. Permitted users can add/delete the IPs, as well as export files in .csv format.

...