Changes

Jump to: navigation, search

Security Settings

1,495 bytes added, 19:13, 7 October 2021
no edit summary
The system can be configured to [[Enable Logout|automatically logout]] the user and store the session end time in the user log whenever the '''Logout''' button is clicked, the user navigates to a different website, or when the browser is closed.<br />
A confirmation message can also be enabled to confirm that the user will be logged out.
 
==Disable ID Encryption for User/Organization Lookup Standard Fields==
This setting will disable identity encryption for both User and Organization Lookup Standard fields.
==Disable External Login Shortcut==
This setting will disable the use of the [[Bypassing_the_Login_Page|external login shortcut]] (exlogin) from the URL.
==Disable Template Page Security==Bypass security validation when editing existing records on UTA template page without authenticated session. ==Disable Calendar Activity Preview Template Security==Allow HTML code on Calendar Activity Preview Template. ==Disable Arcadia Portal Custom Script Restriction==Allow configuration of custom scripts on Arcadia portal settings. This is not recommended. ==Disable Option to Serve Uploaded Files==If toggled on, links to uploaded files will download instead of opening in browser ==Disable Session Timeout AlertLogin Prompt==If [[Session Timeout]] is set, this setting will disable the 30-second alert and login prompt pop-ups. Toggling on will disable the session expired login prompt to allow user to continue on the page they were on and redirect to the main login page.
==Disable Secure Session Management==
This Global System Security Setting will disable the validation for matching session IP and browser agent , which is one part of the security features in the platform that protect against Cross Site Framing attacks. ==Disable Login Token Check==Allow user login without a session login token. This is not recommended due to security reasons.
==Suppress Local Administrator Alert==
Toggling on will suppress e-mail notification when new Local Administrators are created. If toggled off, emails will be sent to all administrators when new Administrators are created.
Options if users are being randomly logged out:
# Disable the Secure Session Management setting and accept the potential risk
==Disable Cross-Site Framing RestrictionGlobal Allowed File Types==Disable crossFile types listed here will be allowed to be uploaded in upload fields. Leave this section empty if you'd like to allow all file types system-site framing restriction, and wide. Specify a comma separated list of extensions for file types you'd like to allow SmartSimple pages to . Additional restrictions can be directly embedded within external sites outside the current server domainadded on individual upload fields.
==Disable HTTP Cache ControlGlobal CAPTCHA Validation==Disable HTTP cache '''Enabled''' and '''Disabled''' will control no-cache restrictionwhether or not CAPTCHA will appear in all areas of the system. If '''Inherit''' is selected, you can choose at the signup and template page level when you want the CAPTCHA to appear. CAPTCHA will automatically appear on login and activation pages. The default CAPTCHA service is Google's reCAPTCHA.
==Disable Concurrent Login CheckCountries Using Alternate CAPTCHA Service==Allows same user Countries added here will use alternate CAPTCHA services. This is only if Global Captcha Validation is set to be logged in from multiple sessions'''Enabled''' or '''Inherit'''. Primarily used for load testing purposes, and strongly recommended that this The default CAPTCHA service is not set when going liveGoogle's reCAPTCHA.
==[[Suppress E-mail Alert|Suppress Local Administrator Alert]]==
The e-mail notification sent to all current administrators when a new Local Administrator is created can be suppressed.
[[Category:Global Settings]][[Category:Security]][[Category:System Auditing]]
Smartstaff
282
edits

Navigation menu