1 to have all inbound requests checked to see if their IP address is listed on the dynamic block list, and deny access if it is. AlphaTrust e-Sign adds IP addresses, as reported via HTTP headers, to a dynamic block list if improper requests are logged. This helps prevent URL guessing attached such as trolling for valid document retrieval URLs.
Be sure you are passing through the external user's IP address. If you are using a load balanced, proxy, or other web farm mechanism, then the proxy's address is usually passed to IIS. You can set a custom header at the proxy to pass the client's address so AlphaTrust e-Sign can pick it up. See ProntoClientIPHeaderName and the Security Guide for more information.
Number of minutes to block an IP address that submits bad requests.
Number of bad requests an IP can submit before being added to the dynamic block list.
1Block a request if no IP address is provided or a bad IP address (improper format) is submitted.
0Will allow these requests, therefor they will never be blocked.
IPv4 and IPv6 addresses are supported.
1 to have all AuthData values in the Account table (clear text account passwords) converted to hash values. The clear text AuthData field will be cleared. This process will run approximately every 5 minutes permitting manual updating of AuthData cleartext data, and then having the system automatically clear and hash this data for later authentication use.
Number of minutes to block a participant who reaches the bad login limit (see below). Valid values are
The number of login attempts allowed for a participant requiring PIN/Password authentication before that participant is blocked. Valid values are
The number of login attempts allowed for a participant requiring third party Knowledge-Based Authentication before that participant is blocked. Valid values are
The number of login attempts allowed for a registered user requiring access to a transaction or control panel login before that user is blocked. Valid values are
API calls allow you to specify a path to a document to be used during a transaction's signing process. By default, no paths are allowed for security reasons. If you want to enable access to specific paths, you can list them here in a comma delimited string.
1 to enable Multi-Factor Authentication. This will send a code to the email registered with your user account that you will need to enter before logging in.
This setting specifies the maximum number of days that you are able to log into the Control Panel without first verifying your identity using multi-factor authentication if
EnableMultifactorAuth is enabled. This will send a code to the email registered with your user account that you will need to enter before logging in.
1 to disable the ability to create and sign HTML type documents. This would limit the system to PDF documents only.
This is the name for the JSON Web Token (JWT) Issuer claim. This can be named whatever you like (alpha - no spaces) and can be changed for security reasons.
This is the name for the JSON Web Token (JWT) Audience claim. This can be named whatever you like (alpha - no spaces) and can be changed for security reasons.
Determines how long the Access JSON Web Token (JWT) - which is used for login access across the system - will last per session.
Determines how long the Refresh JSON Web Token (JWT) - which is used for login access across the system - will last per session.