Security Settings

Security Settings

Administrators can configure various options to enhance security such as locking accounts, set session expiry, set HTTP mode etc. 

These are application-wide configurations.

To configure security settings, go to Admin>>General Settings>>Security Settings (if only one portal is configured) or go to Global Settings>>General Settings>>Security Settings (if multiple portals are configured).

            

General Settings Tab

 

Configure account lockout threshold and duration 

  • Click the relevant checkbox and set the number of failed attempts and reset thresholds.

  • You can also choose whether to lock the account in the user's current device or all devices.

  • Configure the display message to show when user's account is locked.

  • You can send an email notification or send notifications to one or more support reps when a user account is disabled. 

Server Port and Protocol Configuration 

  • Select the protocol: HTTP or HTTPS mode using the radio buttons.

  • If HTTPS mode sis chose, then add support TLS versions and Ciphers.

  • Set port number. 

Configuring session expiry 

  • Set the number of days to re-authenticate users even when the keep me signed-in feature is enabled.

 

 

Advanced Settings Tab

 

Adding security response headers

 

Click the relevant checkbox and set security headers to protect from XSS, Reflected XSS, Clickjack vulnerabilities.

 

The available header types are as follows. 

  • Cache Control

  • Content-Security-Policy

  • Strict-Transport-Security

  • X-Content-Type-Options

  • X-Frame-Options

  • X-XSS-Protection

  • Access-Control-Allow-Origin

  • Referrer-Policy

  • Expect-CT 

Other options

 

You can enable domain filtering, disable copying passwords, disable HTTP compression using relevant checkboxes.

 



Password Policy Tab


Enable password policy: Password Policy allows the administrator to configure and enforce the criteria for creating passwords. This ensures the better security of user passwords. Password policy is enabled by default.

The configured password policy will be applied when:

  • Users change/reset their account passwords.

  • SDAdmin changes user passwords.

  • New users are added via Web form, CSV import, or Active Directory import.

  • Dynamic users are added.

  • Local authentication password is set - both auto-generated and predefined passwords.

 

To configure the password policy,

  • Select Enable password policy checkbox.

  • Select the minimum password length between 8 and 99. The default value is 8.

  • Select if the password must include:

    • Both uppercase and lower case letters

    • Special characters/symbols

  • Choose the number of previous passwords to remember and prevent reuse. The application can remember up to 8 passwords.

  • Select the expiry period for the password.

 



 


The application must be restarted for any changes in the settings to take effect.


 


    • Related Articles

    • Performance Settings

      Performance settings allow you to configure various settings to improve the performance and stability of the application. You can configure Database related settings under General tab and report related settings under Reports tab. General Settings In ...
    • Application Settings and Self-Service Portal Settings

      Portal-specific Customizations and Configurations The following are the various portal-specific customizations and configurations. You can access these under Admin>>General Settings>>Self-Service Portal Settings in both single portal and multi-portal ...
    • Customer Portal Settings

      To set up a customer portal:  1. Go to Admin>>Users>>Customer Portal Settings (if only one portal is configured) or go to Global Settings>> Customer Portal Settings (if multiple portals are configured). 2. Click New portal and then provide portal ...
    • Proxy Settings

      You can configure a proxy server to add an extra layer of protection to the server that runs SupportCenter Plus.  This is an application-wide configuration. To configure a proxy server:  1. Go to Admin>>General Settings>>Proxy Settings (if only one ...
    • Privacy Settings

      SupportCenter Plus allows you to configure privacy settings to protect sensitive data such personally identifiable information.  Privacy settings should be configured separately in each portal. To configure privacy settings:  1. Go to Admin>>General ...