How to set up the Privacy & Security module?
This module will explain how to set up the Privacy & Security modules and set up a secure connection to the system with the OTP system.
To install the Privacy & Security module -
Within CommBox’s Agent Workspace, click on the Settings icon on the lower-left-hand side of the screen.
Under ‘Settings & Features’, click on the Privacy & security module icon, which appears in the screenshot below.
Open/close the various tabs and set the different settings as needed.
General Settings -
List of authorized IP addresses for the administrative system -
This list outlines which IP addresses are allowed to connect to the system. If no specific address/es are defined, connecting to the system from any IP address will be possible. If an IP address is entered (or several comma-separated addresses), only they will be able to connect (unless otherwise set in the 2FA module, which we will explain later).
API Authorized IP Address List -
Defines which addresses can send API requests to the system. If there is a value written here - all other values are blocked and will receive error sending calls. Otherwise, all IP addresses will have the authorization to send API requests to the system.
API Authentication mode -
This setting is responsible for how you receive the Access Token in API conversations.
You can obtain your specific brand token in CommBox System Settings → (on the right side) and go to ‘Accounts’.
Attach customer details in outgoing email alerts and forwarding to external parties -
When activating this setting, the customer's details will appear in the email notifications and be redirected to an external third-party (3 dots icon by clicking on the conversation ID)
Enables presentation of administration system within iFrame -
Allows you to view an administrative system in the iFrame view. This function is especially relevant for customers who work with a CRM system.
Transfer Email Addresses -
Addresses listed in this field will place restrictions on which external third parties are authorized for data to be transferred to them only. If no value is written - you can send it to any external party.
Password management -
Password reset without verification code - allows you to reset your password without the required SMS verification code.
The minimum time (days) before the password reset is required - Defines the minimum time before password reset. For example, if the set value is 5, we can reset a password only after 5 days from the set date.
Maximum duration (days) before password reset - Defines the maximum time in which no password reset will be required. For example, if the set maximum is 30, you will need to change your password every 30 days at the latest.
The number of passwords in password history - Defines the number of passwords that the system saves and that we can not re-use temporarily. For example, if the set value is 2, we can not use any of the last three passwords we used when the user wishes to reset a password.
Session management -
Inactivity disconnection time limit (in minutes) -
The time after which a user will log out of the system due to inactivity. To continue using the system after this point, the user will be required to re-login.
Ticket Authentication Expiration time limit -
Only relevant to chat-based channels. The time limit is when end customers can contact you through one of the enabled apps without logging in. This setting is especially suitable for organizations where the website has a ‘My account’ like-personal page for customers to use.
Allow Client to upload files - allows sending files from the client
File type options for the client - Defines the types of files that can be uploaded to the system by the client.
Allow file upload (Agent) - This allows you to send files from the agent.
Upload file types options for a agent - Defines the file types that can be uploaded to the system by the agent.
Maximum file size- Limits the file size. Maximum of 25 MB
Enforcing media access - You can access any media item in the system via a link. Given that 'enforcement of access' to media is enabled, it will be possible to open the said link only if the device from which the attempt is made to open the link is connected to the system.
Please beware! In cases where the relevant channel’s security settings are different from the Privacy & Security module's security settings, the existing channel settings will be the overriding settings!