To set up security parameters, go to the Settings tab in the Security subsection:
To set encryption, select the API, Control Panel checkboxes next to the protocols:
HTTP (port 80). Unencrypted protocol.
NOTE. HTTP protocol is used by default.
HTTPS (port 443). Protocol with encryption certificate. When HTTPS protocol is used, also select the added encryption certificate to provide TLS session in the Certificate box. The certificate is issued for the server name <myserver.russia.ru>.
After executing the operations traffic encryption is set.
To use Relay server, select the Use Relay Server checkbox.
Relay server is a server, at which Relay service is deployed. Relay service enables the user to establish a connection between a mobile device and mobile platform server on heightened requirements to protection of internal corporate network data. In this case DMZ ports into internal network are closed, only ports from internal network into external network are opened.
To set Relay server, see the Installing Relay Server section.
Connection with the Relay server is established on the mobile platform server side. The Relay service enables the user to accept request from mobile platform server to establish connection. The established connection is used to redirect requests from mobile client to mobile platform server.
NOTE. When Relay server is used, interaction between mobile client and mobile platform server is slowed down.
The scheme of interaction between mobile client, Relay server, and mobile platform server:
The mobile platform server establishes connection with the Relay server.
The mobile client exchanges data with the mobile platform server using the Relay server located in DMZ.
The Relay server interacts with the mobile client and mobile platform server:
If receives request to establish connection with the mobile platform server.
It exchanges requests with the mobile client.
It redirects the requests directed to the internal network to the mobile platform server within the established connection.
It prohibits connection if the connection request is directed not from the mobile platform server.
To use Relay server, fill in the boxes:
Relay server URL. Enter Relay server name to provide a request to establish connection from mobile platform server. The box is mandatory.
Port. Specify port number in the numeric format. By default, the 8022 port is used on installing Relay server. The box is mandatory.
The Relay server is addressed from the mobile client after the connection is established on the mobile platform server side via the 10080 (http) or 10443 (https) port.
When executing authentication on the mobile platform server the API user or administrator token is generated.
To change JWT token expiration time for API users or administrators, specify the number of days and hours next to the JWT Token Expiration Time for API Users, JWT Token Expiration Time for Administrators parameters. The default token expiration time is 14 days.
NOTE. When the token expiration time is changed, all the current tokens are invalid, it is required to repeat authentication for API users and administrators.
To set session lifetime when the administrator is inactive, specify expiration time as follows: <hours : minutes> next to the Session Lifetime when Administrator is Inactive parameter. On an attempt to execute an operation in the administrator console after the specified time expires, the administrator should repeat authentication to continue working in the administrator console. The session lifetime is not set by default.
To set expiration time for all accounts of API users, specify the number of days in the User Account Expiration Time (in days) box. By default, validity is not set, accounts are not limited in time.
To set validity for a specific API user, use the Account Validity box in API user parameters. If validity is set for a specific API user, the specified user account validity is ignored in authentication settings.
To handle API user failures, determine the parameters:
Lock device after the specified number of failed logins.
Reset counter of failed logins in the specified time.
Lock device during the specified time.
Lock user after the specified number of device locks.
Reset counter of device locks in the specified time.
Lock user during the specified time (days).
If the specified number of authorization failures for the specific time period is exceeded, the mobile device is locked for the specified period. When the mobile device is locked, API user cannot be authorized on this device. If the number of mobile device locks for the specific time period is exceeded, API user is locked for the specified period. When the specified parameters of authorization failure handling are changed for locked API users, locking time is recalculated.
When API user is locked, the Locked for Security Reasons checkbox is automatically selected, and the message "Locked until <Date>" is displayed in specific API user parameters. When API user is locked, authorization is disabled, user session is interrupted on all mobile devices.
To unlock API user, deselect the Locked for Security Reasons checkbox or wait until the end of the specified user lock period.
See also: