System parameters for security

In the ACE Admin System parameters window there is tab named Security, where you configure functionality for logging in with password.

Short name and description Explanation Default value Enabling method
centrexGwPwdUsername

CentrexIP. ACE User whose password is used to connect to gateway.

When using a Centrex PBX type to two system parameters are used to store login data towards Telia Company’s gateway, TGW.
  1. centrexGwUsername, stores the username to be used towards TGW.
  2. centrexGwPwdUsername, stores the name of an ACE user, whose password is used as password towards TGW.

Both parameters are used to be able to handle that the username is already busy in ACE Server. Normally these parameters are given the same value.

  Auto

Changes take effect immediately.

centrexGwUsername

CentrexIP. Username used to connect to gateway.

  Auto

Changes take effect immediately.

enableAgentPassword

Password is required to log in to ACE Agent.

The parameter governs whether a password is required for logging in to ACE Agent or not.

Ticked = require password;
Unticked = do not require password.

Auto

Changes take effect immediately.

encryptedTcpAgent

Encrypted connection client-server installed.

This parameter indicates whether the installation requires encryption between the server and the clients. Governs encryption in ACE Server as well. N.B. does not regulate encryption between Application Server and client. A tick here means coding is installed, unticked means coding is not installed.

To be able to use encryption, support for encryption must be installed in ACE Server.

Restart

Changes take effect after restart or ACE Server.

The enabling must be co-ordinated with other actions. If encrypted communication is activated in ACE Application Server (e.g. Borland Socket Server), but not in ACE Server you will not be able to log in to the system!

See ref. Drifthandledning (available in Swedish only).

mobileLockUserAccount

Lock account on repeated login attempts with mobile login.

Indicates whether user accounts should be locked if an agent using mobile log in enters a wrong PIN code X number of times in a row. X is governed by the pwdFailuresBeforeAccountLocked system parameter.

Also see mobileLoginTimer on the System parameters for incoming call tab.

Auto

Changes take effect immediately.

pwdCleanDays

Time to store old passwords (d).

Prevents reuse of old passwords. 0 means that old passwords are not saved when changing password. 365 Auto

Changes take effect immediately.

pwdExpiryWarningTime

Warning password will soon expire (d).

States how many days before expiration of the password the user will give a warning about this.

This parameter should not be used if you have agents that are allowed to log in without password, i.e. with a blank password box.

21 Auto

Changes take effect immediately.

pwdFailuresBeforeAccountLocked

No. login attempts before locking the account.

Number of allowed log in attempts with wrong password before the account is locked. 0 means unlimited number of attempts.

To lock accounts used for mobile login you set the mobileLockUserAccount parameter.

3 Auto

Changes take effect immediately.

pwdMinCharTypes

Minimum no. character types in passwords.

Number of character types the password must contain of the possible types upper case letters, lower case letter, figures and special characters. 0 means that no consideration has to be taken to character types when checking passwords. 4 Auto

Changes take effect immediately.

pwdMinDigits

Minimum no. digits in passwords.

The password must contain at least this number of digits. 0 means that the password does not have to contain digits. 1 Auto

Changes take effect immediately.

pwdMinLength

Minimum length of passwords.

The parameter governs the minimum length of passwords. If this parameter is set to 0 it means that blank passwords are allowed. 10 Auto

Changes take effect immediately.

pwdMinLower

Minimum no. of lowercase letters in passwords.

The password must contain at least this number of lower case letters. 0 means that the password does not have to contain lower case letters. 1 Auto

Changes take effect immediately.

pwdMinSpecialChars

Minimum no. of special characters in passwords.

The password must contain at least this number of special characters (not a letter or figure, e.g. @, %and !). 0 means that the password does not have to contain special characters. 1 Auto

Changes take effect immediately.

pwdMinUpper

Minimum no. of uppercase letters in passwords.

The password must contain at least this number of upper case letters. 0 means that the password does not have to contain upper case letters. 1 Auto

Changes take effect immediately.

pwdValidTime

Longest time a password is valid (d).

Is used to make the user change his/her password at regular intervals. 0 means that the password validity time is unlimited. 90 Auto

Changes take effect immediately.

ssoAdfsClientSecret

SSO: Client secret for current system on Telia's ADFS Server

Used in the authentication flow for OpenId Connect (i.e. Single-sign on in the ACE web clients ACE Interact, ACE Coach and ACE Monitor).

If the parameter's value is left empty, Single-sign on for the ACE web clients will be unavailable.

  Auto

Changes take effect immediately.

ssoAdfsEndpoint

SSO: URL to Telia's ADFS Server

Used in the authentication flow for OpenId Connect (i.e. Single-sign on in the ACE web clients ACE Interact, ACE Coach and ACE Monitor).

If the parameter's value is left empty, Single-sign on for the ACE web clients will be unavailable.

  Auto

Changes take effect immediately.

ssoEnabled

SSO: Activate Single Sign On.

Used by both the OpenId Connect and the SAML authentication flows. Auto

Changes take effect immediately.

ssoEnforced

SSO: Force login with Single Sign On

Used by both the OpenId Connect and the SAML authentication flows. Auto

Changes take effect immediately.

ssoIdpEndPoint

SSO: Endpoint for Identity Provider IdP.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. https://fs.company.se/adfs/services/trust/13/windowsmixed Auto

Changes take effect immediately.

ssoIdpRelyingParty

SSO: Identifier for Relying Party in IdP.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse.

Also used as Valid Issuer at validation.

http://fs.ace.teliacompany.com/adfs/services/trust

(http://fs.callguide.telia.com/adfs/services/trust for older versions)

Auto

Changes take effect immediately.

ssoRStsEndPoint

SSO: Endpoint for Telia Relying Party Security Token Service RSTS.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. https://fs.ace.teliacompany.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256

(https://fs.callguide.telia.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256 for older versions)

Auto

Changes take effect immediately.

ssoRStsRelyingParty

SSO: Identifier for Relying Party in RSTS.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse. http://ace

(http://callguide for older versions)

Auto

Changes take effect immediately.

ssoThumbPrint

SSO: Thumbprint 1 for validation of SAML token.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse.

Cryptographic thumbprint for the token signing certificate in the identity provider at Telia.

Used for validating login with Single-sign on together with the value of parameter ssoIdpRelyingParty.

You can have two thumbprints configured in parallel. See ssoThumbPrint2.
  Auto

Changes take effect immediately.

ssoThumbPrint1LastValidDate

SSO: Thumbprint 1 date last valid (YYYYMMDD).

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse.

Last date the thumbprint stored in parameter ssoThumbPrint is valid for validating login with Single-sign on.Must be in the format YYYYMMDD, e.g. 20190824. If the parameter is empty, the parameter ssoThumbPrint is regarded as invalid.

  Auto

Changes take effect immediately.

ssoThumbPrint2

SSO: Thumbprint 2 for validation of SAML token.

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse.

Cryptographic thumbprint for the token signing certificate in the identity provider at Telia.

Used for validating login with Single-sign together with the value of parameter ssoIdpRelyingParty.

See also parameter ssoThumbPrint. Since it is possible to have two thumbprints configured at the same time, automatic rollover between two certificates in the Telia ADFS server can be handled without having to re-configure the thumbprint in ACE Admin exactly when rollover occurs.

In order for validation of Single-sign on to succeed, either the parameter ssoThumbPrint, ssoThumbPrint2 or both must be configured. If validation of Single-sign on fails with one thumbprint, the other thumbprint will be used for a second validation given that both parameters are configured (and having a valid expiration date).

  Auto

Changes take effect immediately.

ssoThumbPrint2LastValidDate

SSO: Thumbprint 2 date last valid (YYYYMMDD).

Used by the SAML authentication flow (i.e. Single-sign on in ACE Agent, ACE Admin and ACE Pulse.

Last date the thumbprint stored in parameter ssoThumbPrint2 is valid for validating login with Single-sign on. Must be configured in the format YYYYMMDD, e.g. 20190824. If the parameter is empty, the parameter ssoThumbPrint2 is regarded as invalid.

  Auto

Changes take effect immediately.

systemId

System identity, separates ACE systems (Normally formed by the licence key).

Unique system identity for a specific ACE system. Must not collide with other ACE systems (also applies to any test systems). The system identity is used to identify an ACE system among various sub products.

The value is set automatically to the first eight characters from the licence key in the following situations:

When the licence is configured in a newly installed system.

When an existing system is upgraded to CallGuide 8.2.

  Special
unusedAccountLockDays

Time before an unused account is locked (days).

Unused accounts are automatically locked after the specified number of days.

If the system parameter is set to 0 no accounts are locked.

If the administrator unlocks an account, previously locked for any reason, the user has to log in to the account immediately. Otherwise the account will be automatically locked again the following night.

Also see Security – set password and unlock account.

180  
usernameMaxLength

Maximum username length.

Max allowed value = 16
Min allowed value = 1

(If max is set to less than min, max is considered to be equal to min.)

16 Auto

Changes take effect immediately.

usernameMinLength

Minimum username length.

Lowest value allowed = 1. 5 Auto

Changes take effect immediately.

Telia ACE version 18.0. . New info since last release is highlighted. ©Telia Sverige AB.