SAProfile_Application_Security_Application_Security_Help
The Application Security profile allows you to define a list of Whitelist (allowed) and/or Blacklist (disallowed) IP Addresses to determine which computers can access the RecTrac application. IP Whitelist and IP Blacklist fields allow you to input single IP Addresses, comma-delimited lists, ranges and asterisk wildcards. In the event a restriction is encountered, you will be prompted for a VSI-Generated Access Code. Obtaining an Access Code from VSI is the only way around the restriction. It validates the IP Address for one (1) session only. The restricted IP Address must be added to the Whitelist manually, or a new Access Code will be required at each login.
Additionally, the Application Security profile allows you to set up Two-Step Verification for all User IDs once a user reaches the Login screen. Two-step verification is a process that involves two authentication methods performed one after the other to verify that the person requesting access to RecTrac is who he/she claims to be. The two steps involved are entry of RecTrac Username and Password and entry of a verification code sent via email to the user logging in.
Making changes to a profile is an Audited Event. Additionally, Linking, Removing, Purging, and Cloning profiles are also Audited Events.
See Also: Topic Doc - RecTrac Profile Assignments Screen, Hierarchy Guide, and Profile Listing.
See Also: Video - Profile Review
SAProfile_Application_Security_Application_Security_Tab1
IP WhiteList (SAProfileDetails_IPWhitelist)
Enter the IP Address(es) for whcih you wish to allow access to RecTrac in this field. IP Addresses can be listed:
- Individually using a carriage return (the 'Enter' key) as a delimter.
- In a comma-delimited list. For Example: 192.02.10.100,192.02.10.105,192.02.10.110
- In a range using a hypen. For Example: 192.02.10.100-192.02.10.199
- As a wildcard using an asterisk. For Example: 192.02.10.*
IP BlackList (SAProfileDetails_IPBlackList)
Enter the IP Address(es) for whcih you wish to disallow access to RecTrac in this field. IP Addresses can be listed:
- Individually using a carriage return (the 'Enter' key) as a delimter.
- In a comma-delimited list. For Example: 192.02.10.100,192.02.10.105,192.02.10.110
- In a range using a hypen. For Example: 192.02.10.100-192.02.10.199
- As a wildcard using an asterisk. For Example: 192.02.10.*
Two-Step Verification Option (SAProfileDetails_TwoFactorAuthOption)
Two-step verification is a process that involves two authentication methods performed one after the other to verify that the person requesting access to RecTrac is who he/she claims to be. The two steps involved are entry of RecTrac Username and Password and entry of a verification code sent via email to the user logging in.
Expand the Drop-down list to select your Two-Step Verification Option.
THEN
Enter a value in the Two-Step Verification Days Valid for field, if necessary. Your options are:
- None - You do not use Two-Step Verification. You do not need to visit the Two-Step Verification Days Valid for field.
- Email - The system will send an email to the user who is logging in. The email contains a verification code. The user will be prompted to enter the verification code to complete the login process and get to the main RecTrac screen. Enter a value in the Two-Step Verification Days Valid for field.
Notes:
- The verification code is valid for 15 minutes. This value is hardcoded. If the user logging in does not enter the code within 15 minutes then a new verification code will be required.
- Two-step verification applies to every user ID that reaches the RecTrac login screen so if you are using the Whitelist / Blacklist fields above to restrict access to RecTrac then once users reach the RecTrac login screen they will be subject to your Two-Step Verification settings here. In other words you cannot set up Two-Step Verification for users logging in via WAN and bypass it for users logging in via LAN - unless you use multiple Application Security profiles which is NOT recommended.
Two-Step Verification Days Valid for (0 = every login) (SAProfileDetails_TwoFactorAuthValidDays)
This field is applicable only if your Two-Step Verification Option is "Email."
Accept the default value (0) or overwrite with another value as desired. The value you enter is the number of days for which the verification will be valid.
- 0 - 0 Days = Every Login. Users will be prompted for a new verification code with each and every login.
- 1 - 1 Day = Every 24 hours. Users will need to supply a new verification code one (1) time for each 24-hour period.
- 2 - 2 Days = Every 48 hours. Users will need to supply a new verification code one (1) time for each 48-hour period.
- And so on…
When a verification code is entered the user's security file record is updated with a date/time stamp for the Two-Step Verification. This data is checked during each login. For Example: If the "Days Valid for" is set to 2 (two days) then the system will check whether a verification code has been issued over the last 48 hours. If "Yes then the user can complete the login process as usual. If No then a new verification code is required, and the system will send one to the user's email. The user will be prompted to enter the new verification code.
Notes:
- The verification code is valid for 15 minutes. This value is hardcoded. If the user logging in does not enter the code within 15 minutes then a new verification code will be required.
- Two-step verification applies to every user ID that reaches the RecTrac login screen so if you are using the Whitelist / Blacklist fields above to restrict access to RecTrac then once users reach the RecTrac login screen they will be subject to your Two-Step Verification settings here. In other words you cannot set up Two-Step Verification for users logging in via WAN and bypass it for users logging in via LAN - unless you use multiple Application Security profiles which is NOT recommended.