System parameters for security
In the ACE Admin System parameters window there is tab named Security, where you configure functionality for logging in with password.
Short name and description | Explanation | Default value | Enabling method |
---|---|---|---|
centrexGwPwdUsername
CentrexIP. ACE User whose password is used to connect to gateway. |
When using a Centrex PBX type to two system parameters are used to store login data towards Telia Company’s gateway, TGW.
Both parameters are used to be able to handle that the username is already busy in ACE Server. Normally these parameters are given the same value. |
Auto
Changes take effect immediately. |
|
centrexGwUsername
CentrexIP. Username used to connect to gateway. |
Auto
Changes take effect immediately. |
||
enableAgentPassword
Password is required to log in to ACE Agent. |
The parameter governs whether a password is required for logging in to ACE Agent or not.
Ticked = require password; |
Auto
Changes take effect immediately. |
|
encryptedTcpAgent
Encrypted connection client-server installed. |
This parameter indicates whether the installation requires encryption between the server and the clients. Governs encryption in ACE Server as well. N.B. does not regulate encryption between Application Server and client. A tick here means coding is installed, unticked means coding is not installed.
To be able to use encryption, support for encryption must be installed in ACE Server. |
Restart
Changes take effect after restart or ACE Server. The enabling must be co-ordinated with other actions. If encrypted communication is activated in ACE Application Server (e.g. Borland Socket Server), but not in ACE Server you will not be able to log in to the system! See ref. Drifthandledning (available in Swedish only). |
|
mobileLockUserAccount
Lock account on repeated login attempts with mobile login. |
Indicates whether user accounts should be locked if an agent using mobile log in enters a wrong PIN code X number of times in a row. X is governed by the pwdFailuresBeforeAccountLocked system parameter.
Also see mobileLoginTimer on the System parameters for incoming call tab. |
Auto
Changes take effect immediately. |
|
pwdCleanDays
Time to store old passwords (d). |
Prevents reuse of old passwords. 0 means that old passwords are not saved when changing password. | 365 | Auto
Changes take effect immediately. |
pwdExpiryWarningTime
Warning password will soon expire (d). |
States how many days before expiration of the password the user will give a warning about this.
This parameter should not be used if you have agents that are allowed to log in without password, i.e. with a blank password box. |
21 | Auto
Changes take effect immediately. |
pwdFailuresBeforeAccountLocked
No. login attempts before locking the account. |
Number of allowed log in attempts with wrong password before the account is locked. 0 means unlimited number of attempts.
To lock accounts used for mobile login you set the mobileLockUserAccount parameter. |
3 | Auto
Changes take effect immediately. |
pwdMinCharTypes
Minimum no. character types in passwords. |
Number of character types the password must contain of the possible types upper case letters, lower case letter, figures and special characters. 0 means that no consideration has to be taken to character types when checking passwords. | 4 | Auto
Changes take effect immediately. |
pwdMinDigits
Minimum no. digits in passwords. |
The password must contain at least this number of digits. 0 means that the password does not have to contain digits. | 1 | Auto
Changes take effect immediately. |
pwdMinLength
Minimum length of passwords. |
The parameter governs the minimum length of passwords. If this parameter is set to 0 it means that blank passwords are allowed. | 10 | Auto
Changes take effect immediately. |
pwdMinLower
Minimum no. of lowercase letters in passwords. |
The password must contain at least this number of lower case letters. 0 means that the password does not have to contain lower case letters. | 1 | Auto
Changes take effect immediately. |
pwdMinSpecialChars
Minimum no. of special characters in passwords. |
The password must contain at least this number of special characters (not a letter or figure, e.g. @, %and !). 0 means that the password does not have to contain special characters. | 1 | Auto
Changes take effect immediately. |
pwdMinUpper
Minimum no. of uppercase letters in passwords. |
The password must contain at least this number of upper case letters. 0 means that the password does not have to contain upper case letters. | 1 | Auto
Changes take effect immediately. |
pwdValidTime
Longest time a password is valid (d). |
Is used to make the user change his/her password at regular intervals. 0 means that the password validity time is unlimited. | 90 | Auto
Changes take effect immediately. |
ssoAdfsClientSecret SSO: Client secret for current system on Telia's ADFS Server |
Used in the authentication flow for OpenId Connect (i.e. Single-sign on in the ACE web clients ACE Interact, ACE Coach and ACE Monitor). If the parameter's value is left empty, Single-sign on for the ACE web clients will be unavailable. |
Auto
Changes take effect immediately. |
|
ssoAdfsEndpoint SSO: URL to Telia's ADFS Server |
Used in the authentication flow for OpenId Connect (i.e. Single-sign on in the ACE web clients ACE Interact, ACE Coach and ACE Monitor). If the parameter's value is left empty, Single-sign on for the ACE web clients will be unavailable. |
Auto
Changes take effect immediately. |
|
ssoEnabled
SSO: Activate Single Sign On. |
Used by both the OpenId Connect and the SAML authentication flows. | Auto
Changes take effect immediately. |
|
ssoEnforced
SSO: Force login with Single Sign On |
Used by both the OpenId Connect and the SAML authentication flows. | Auto
Changes take effect immediately. |
|
ssoIdpEndPoint
SSO: Endpoint for Identity Provider IdP. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. | https://fs.company.se/adfs/services/trust/13/windowsmixed | Auto
Changes take effect immediately. |
ssoIdpRelyingParty
SSO: Identifier for Relying Party in IdP. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. Also used as Valid Issuer at validation. |
http://fs.ace.teliacompany.com/adfs/services/trust
(http://fs.callguide.telia.com/adfs/services/trust for older versions) |
Auto
Changes take effect immediately. |
ssoRStsEndPoint
SSO: Endpoint for Telia Relying Party Security Token Service RSTS. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. | https://fs.ace.teliacompany.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
(https://fs.callguide.telia.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256 for older versions) |
Auto
Changes take effect immediately. |
ssoRStsRelyingParty
SSO: Identifier for Relying Party in RSTS. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. | http://ace
(http://callguide for older versions) |
Auto
Changes take effect immediately. |
ssoThumbPrint
SSO: Thumbprint 1 for validation of SAML token. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. Cryptographic thumbprint for the token signing certificate in the identity provider at Telia. Used for validating login with Single-sign on together with the value of parameter ssoIdpRelyingParty. You can have two thumbprints configured in parallel. See ssoThumbPrint2.
|
Auto
Changes take effect immediately. |
|
ssoThumbPrint1LastValidDate
SSO: Thumbprint 1 date last valid (YYYYMMDD). |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. Last date the thumbprint stored in parameter ssoThumbPrint is valid for validating login with Single-sign on.Must be in the format YYYYMMDD, e.g. 20190824. If the parameter is empty, the parameter ssoThumbPrint is regarded as invalid. |
Auto
Changes take effect immediately. |
|
ssoThumbPrint2
SSO: Thumbprint 2 for validation of SAML token. |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. Cryptographic thumbprint for the token signing certificate in the identity provider at Telia. Used for validating login with Single-sign together with the value of parameter ssoIdpRelyingParty. See also parameter ssoThumbPrint. Since it is possible to have two thumbprints configured at the same time, automatic rollover between two certificates in the Telia ADFS server can be handled without having to re-configure the thumbprint in ACE Admin exactly when rollover occurs. In order for validation of Single-sign on to succeed, either the parameter ssoThumbPrint, ssoThumbPrint2 or both must be configured. If validation of Single-sign on fails with one thumbprint, the other thumbprint will be used for a second validation given that both parameters are configured (and having a valid expiration date). |
Auto
Changes take effect immediately. |
|
ssoThumbPrint2LastValidDate
SSO: Thumbprint 2 date last valid (YYYYMMDD). |
Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. Last date the thumbprint stored in parameter ssoThumbPrint2 is valid for validating login with Single-sign on. Must be configured in the format YYYYMMDD, e.g. 20190824. If the parameter is empty, the parameter ssoThumbPrint2 is regarded as invalid. |
Auto
Changes take effect immediately. |
|
systemId
System identity, separates ACE systems (Normally formed by the licence key). |
Unique system identity for a specific ACE system. Must not collide with other ACE systems (also applies to any test systems). The system identity is used to identify an ACE system among various sub products.
The value is set automatically to the first eight characters from the licence key in the following situations: When the licence is configured in a newly installed system. When an existing system is upgraded to CallGuide 8.2. |
Special | |
unusedAccountLockDays
Time before an unused account is locked (days). |
Unused accounts are automatically locked after the specified number of days.
If the system parameter is set to 0 no accounts are locked. If the administrator unlocks an account, previously locked for any reason, the user has to log in to the account immediately. Otherwise the account will be automatically locked again the following night. |
180 | |
usernameMaxLength
Maximum username length. |
Max allowed value = 16 Min allowed value = 1 (If max is set to less than min, max is considered to be equal to min.) |
16 | Auto
Changes take effect immediately. |
usernameMinLength
Minimum username length. |
Lowest value allowed = 1. | 5 | Auto
Changes take effect immediately. |