Security Settings

Revision as of 07:58, 13 July 2017 by Ciaran Donnelly (talk | contribs)

Revision as of 07:58, 13 July 2017 by Ciaran Donnelly (talk | contribs)

These settings are used to control system security.

Global Security Settings.png


Contents

System Summary

The System Summary is a summary of system settings, broken out into a series of tabs, that supports easy to use copy and paste functionality to help when creating system documentation for an instance of SmartSimple.

Business Security Settings

Password and Activation Policies

The Password Policy is used to control the length and complexity of passwords, password expiration and history, the number of retries that the user is allowed, and the lockout time for the account if they exceed the number of retries. Click here for detailed information.

Privacy and Security Policies

The Privacy and Security Policies allows organizations to better highlight their privacy and other stated policies, provides tools to manage country and language combinations, and places persistent links to policies on login pages and user portals.

Email Security Settings

The Email & Email Broadcast Security settings are used to control which recipients users are allowed to send email and email broadcasts to based on their role. Click here for detailed information.

Data Categories

Configure Data Category settings

Data Policies

Configure Data Policy settings

Company / User Security Matrix

Allows system administrators to restrict interaction with the application and the associated entities. In order to do this you will need to Enable Company and User Security Matrix feature.

System Feature Permissions

Allows for system administrators to personalize their copy of SmartSimple and to make various system objects available to users in different roles.

System Visibility Permissions

Allows for system administrators to personalize their copy of SmartSimple and to make various system objects available to users in different roles.

System Configuration Lock

The Instance Lock-Down provides the ability to remove access to all settings in your copy of SmartSimple using a global system-lock password. Click here for details on how to use this feature.

Enable Company and User Security Matrix

Switch the Company and User Security Matrix off or on

Enable Company Record Lock

Prevent concurrent edit access to Int Companies & Ext Accounts

Enable User Record Lock

Prevent concurrent edit access to Int Users & Ext Contacts

Anonymize Record Lock Owner

Select roles for those user who will not see the details of who has the record locked

Session Timeout

The Session Timeout controls how long a user can be inactive in their browser before they are automatically logged out by the system. See Session Timeout for more information.


System Security Settings

Enable Enhanced Security Mode

Preset and disable configurations on system security related options. This will also disable legacy applications.

Enable URL Parameter Encryption

This setting will encrypt object IDs such as custom field IDs, userid, companyid, activity. This enhances security by making it impossible to guess URLs.

Enable Logout

The system can be configured to automatically logout the user and store the session end time in the user log whenever the Logout button is clicked, the user navigates to a different website or when the browser is closed.
A confirmation message can also be enabled to confirm that the user will be logged out.

Disable External Login Shortcut

This setting will disable the use of the external login shortcut (exlogin) from the URL.

Disable Session Timeout Alert

If Session Timeout is set, this setting will disable the 30-second alert and login prompt pop-ups.

Disable Secure Session Management

This setting will disable the validation for matching session IP and browser agent.

Disable Cross-Site Framing Restriction

Disable cross-site framing restriction, and allow SmartSimple pages to be directly embedded within external sites outside the current server domain.

Disable HTTP Cache Control

Disable HTTP cache control no-cache restriction.==

Disable Concurrent Login Check

Allows same user to be logged in from multiple sessions. Primarily used for load testing purposes, and strongly recommended that this is not set when going live.

Suppress Local Administrator Alert

The e-mail notification sent to all current administrators when a new Local Administrator is created can be suppressed.