From Bright Pattern Documentation
Jump to: navigation, search
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
<translate>= System Access Restrictions=
 
<translate>= System Access Restrictions=
The PCI DSS and some other security standards and regulations require two-factor authentication where, in addition to a password, another method is used to confirm the identity of the user. To support this requirement, the system can be configured for access from a limited number of predefined IP address ranges.
+
The system may be configured to limit access from a number of predefined IP address ranges.
  
To configure such IP address ranges, select the '''System Access Restrictions''' option from the ''Security'' menu.
+
To configure such IP address ranges, go to ''Security > System Access Restrictions''.
  
  
[[File:contact-center-administrator-guide-image57.png|thumb|800px|center|Security &gt; System Access Restrictions]]
+
[[File:System-Access-Restrictions-3x.PNG|thumb|800px|center|Security > System Access Restrictions]]
  
  
To enable IP address verification, select the '''Limit system access by client IP address''' checkbox.
+
== Limit system access by client IP address ==
 +
Select this checkbox to enable IP address verification.
  
Define the range of IP addresses for the Agent Desktop and Contact Center Administrator applications and, if necessary, for access via APIs.
+
When enabling ''Limit system access by client IP address'' you are required to have an address listed for each subsection unless no access is desired. This means that 0.0.0.0 0.0.0.0 needs to be used in the Agent Desktop and Contact Center Applications section if you want to allow '''all''' IP addresses access to Agent Desktop if you are not limiting by an allowed range.
 +
 
 +
== Defining IP Address Ranges ==
 +
You can define the range of IP addresses for the Agent Desktop and Contact Center Administrator applications, for privileged users (i.e. , and, if necessary, for access via APIs by clicking '''add'''  in the following sections as appropriate:
 +
 
 +
* '''Allow Agent Desktop and Contact Center Administrator applications access from following IP address ranges''' - Allows access to these Bright Pattern applications from defined IP addresses
 +
 
 +
* '''Allow users with "Privileged Access IP Range" privilege from following address ranges''' - Allows users (e.g., administrators) to be able to log in to the system from a defined IP address (e.g., a public place such as a coffee shop)
 +
 
 +
* '''Allow API access from following IP address ranges''' - Allows access via APIs
  
 
The desired IP address range should be expressed as a combination of the base IP address and a mask. The mask is used to define which bits in the base IP address are fixed and which bits are variable. A 1 bit is used to indicate a bit in the IP address that is fixed, while a 0 bit indicates that the bit is variable. Use variable bits will form the desired range.
 
The desired IP address range should be expressed as a combination of the base IP address and a mask. The mask is used to define which bits in the base IP address are fixed and which bits are variable. A 1 bit is used to indicate a bit in the IP address that is fixed, while a 0 bit indicates that the bit is variable. Use variable bits will form the desired range.
 
  
 
== Example Usage ==
 
== Example Usage ==
Line 19: Line 28:
 
* '''Address:''' 192.168.64.63
 
* '''Address:''' 192.168.64.63
 
* '''Mask:''' 255.255.255.192
 
* '''Mask:''' 255.255.255.192
 
  
 
If you set the following, System Access Restrictions will be from address 192.168.64.128 to address 192.168.64.192.
 
If you set the following, System Access Restrictions will be from address 192.168.64.128 to address 192.168.64.192.
Line 27: Line 35:
  
  
 
<center>[[contact-center-administrator-guide/SecurityPolicy|< Previous]]  |  [[contact-center-administrator-guide/EncryptionKeyManagement|Next >]]</center>
 
  
  
 
</translate>
 
</translate>

Latest revision as of 18:35, 17 September 2018

• 3.10 • 3.11 • 3.12 • 3.13 • 3.14 • 3.15 • 3.16 • 3.17 • 3.18

Contents

System Access Restrictions

The system may be configured to limit access from a number of predefined IP address ranges.

To configure such IP address ranges, go to Security > System Access Restrictions.


Security > System Access Restrictions


Limit system access by client IP address

Select this checkbox to enable IP address verification.

When enabling Limit system access by client IP address you are required to have an address listed for each subsection unless no access is desired. This means that 0.0.0.0 0.0.0.0 needs to be used in the Agent Desktop and Contact Center Applications section if you want to allow all IP addresses access to Agent Desktop if you are not limiting by an allowed range.

Defining IP Address Ranges

You can define the range of IP addresses for the Agent Desktop and Contact Center Administrator applications, for privileged users (i.e. , and, if necessary, for access via APIs by clicking add in the following sections as appropriate:

  • Allow Agent Desktop and Contact Center Administrator applications access from following IP address ranges - Allows access to these Bright Pattern applications from defined IP addresses
  • Allow users with "Privileged Access IP Range" privilege from following address ranges - Allows users (e.g., administrators) to be able to log in to the system from a defined IP address (e.g., a public place such as a coffee shop)
  • Allow API access from following IP address ranges - Allows access via APIs

The desired IP address range should be expressed as a combination of the base IP address and a mask. The mask is used to define which bits in the base IP address are fixed and which bits are variable. A 1 bit is used to indicate a bit in the IP address that is fixed, while a 0 bit indicates that the bit is variable. Use variable bits will form the desired range.

Example Usage

If you set the following, System Access Restrictions will be from address 192.168.64.0 to address 192.168.64.63.

  • Address: 192.168.64.63
  • Mask: 255.255.255.192

If you set the following, System Access Restrictions will be from address 192.168.64.128 to address 192.168.64.192.

  • Address: 192.168.64.128
  • Mask: 255.255.255.192



< Previous | Next >