Appearance
Security
IPCheck
Set to 1
to have all inbound requests checked to see if their IP address is listed on the dynamic block list, and deny access if it is. AlphaTrust® e-Sign adds IP addresses, as reported via HTTP headers, to a dynamic block list if improper requests are logged. This helps prevent URL guessing attached such as trolling for valid document retrieval URLs.
NOTE
Be sure you are passing through the external user's IP address. If you are using a load balanced, proxy, or other web farm mechanism, then the proxy's address is usually passed to IIS. You can set a custom header at the proxy to pass the client's address so AlphaTrust® e-Sign can pick it up. See ProntoClientIPHeaderName and the Security Guide for more information.
IPBlockTime
Number of minutes to block an IP address that submits bad requests.
IPBlockLimit
Number of bad requests an IP can submit before being added to the dynamic block list.
IPBlockIfBadIP
1
Block a request if no IP address is provided or a bad IP address (improper format) is submitted.0
Will allow these requests, therefor they will never be blocked.
IPv4 and IPv6 addresses are supported.
UpdateAccountAuthData
Set to 1
to have all AuthData values in the Account table (clear text account passwords) converted to hash values. The clear text AuthData field will be cleared. This process will run approximately every 5 minutes permitting manual updating of AuthData cleartext data, and then having the system automatically clear and hash this data for later authentication use.
AuthBlockTime
Number of minutes to block a participant who reaches the bad login limit (see below). Valid values are 1
to 525600
.
AuthPINPAsswordBadLoginLimit
The number of login attempts allowed for a participant requiring PIN/Password authentication before that participant is blocked. Valid values are 1
to 99
.
AuthThirdPartyKBABadLoginLimit
The number of login attempts allowed for a participant requiring third party Knowledge-Based Authentication before that participant is blocked. Valid values are 1
to 99
.
AuthRegisteredUserBadLoginLimit
The number of login attempts allowed for a registered user requiring access to a transaction or control panel login before that user is blocked. Valid values are 1
to 99
.
ValidDocumentSystemPaths
API calls allow you to specify a path to a document to be used during a transaction's signing process. By default, no paths are allowed for security reasons. If you want to enable access to specific paths, you can list them here in a comma delimited string.
Example:"c:\Documents\MyFilesToBeSigned\,\\MyNetworkFileShare\MyFilesToBeSigned,e:\TempFiles"
EnableMultifactorAuth
Set to 1
to enable Multi-Factor Authentication. This will send a code to the email registered with your user account that you will need to enter before logging in.
MultiFactorAuthExpireInDays
This setting specifies the maximum number of days that you are able to log into the Control Panel without first verifying your identity using multi-factor authentication if EnableMultifactorAuth
is enabled. This will send a code to the email registered with your user account that you will need to enter before logging in.
Default: 30
DisableHtmlDocumentType
Set to 1
to disable the ability to create and sign HTML type documents. This would limit the system to PDF documents only.
JWTIssuer
This is the name for the JSON Web Token (JWT) Issuer claim. This can be named whatever you like (alpha - no spaces) and can be changed for security reasons.
Default: "Issuer"
JWTAudience
This is the name for the JSON Web Token (JWT) Audience claim. This can be named whatever you like (alpha - no spaces) and can be changed for security reasons.
Default: "Audience"
JWTAccessExpiresInMinutes
Determines how long the Access JSON Web Token (JWT) - which is used for login access across the system - will last per session.
Default: 5
JWTRefreshExpiresInMinutes
Determines how long the Refresh JSON Web Token (JWT) - which is used for login access across the system - will last per session.
Default: 10080