Security
The security page control the different security aspects of the Digital Enterprise Suite that are customizable by clients.
Session Cookie Length |
User session duration before going back to the User Provider. We recommend setting this value to: After closing the browser or to a short duration (1 or 3 days). |
Same Site Cookie |
This controls how the user session cookie is secured. Most browsers now prevent cookies from being sent when doing cross-origin calls and this setting will need to be change. Please refer to the SameSite documentation to learn more about this setting before changing it. |
Maximum number of concurrent sessions |
Limit the number of concurrent sessions for a user. If this value is empty, there is no limit. When a user tries to open more session than the allowed maximum number, the oldest session is automatically terminated. |
Inactivity timeout in minutes |
The number of minutes after which a session will be terminated for inactivity. If this value is empty, there is no timeout. When a session is terminated this way, the user will need to re-authenticate using the User Provider. |
Cross-Origin Resource Sharing |
Enable CORS on requests. It is also possible to restrict from which domain CORS calls are accepted. |
Referrer Policy |
Control the referrer information sent in requests when navigating from the Digital Enterprise Suite to another site. Hiding the referrer information can improve security but it causes some features like the YouTube video player to not work properly. |
Frame Ancestors |
Allow the Digital Enterprise Suite to be embedded in a frame/iframe from a different domain. It is also possible to restrict the domains for which the embedding will be accepted. |
Document View |
Control the way binary documents (like PDFs) are opened when accessed from the Digital Enterprise Suite. By default, documents will be downloaded but it is possible to open them inline in the browser. Some documents (like PDFs) can cause a security risk when opened inline in the browser. |
Network Configuration |
Validate the network configuration of the Digital Enterprise Suite. This will check if the Base URL and client IP address received by the Digital Enterprise Suite seems correct compared to the URL used to access the admin console and the public IP address of the client. This can help identify potential misconfiguration of the ingress/gateway in front of the Digital Enterprise Suite that could cause security issues. An incorrect IP detection will prevent the Digital Enterprise Suite from properly logging the client IP on requests and events. An incorrect Base URL detection will prevent the proper redirection and URL generation. Finally, a mismatch between the reported secured status of the connection will cause the cookies to be generated with the wrong security settings and make your cookies more vulnerable to attacks. Note that this section is only visible for Client Hosted deployments. Also note that the public IP address is evaluated using a third party service that can be blocked by some network configuration and cause an incorrect public IP detection. |