Overview

The Privacy & Security module deals with setting up a secure connection to the system with the OTP system.

Installation

1. At the CommBox platform, navigate to Settings and select the Privacy & Security module icon from the Settings & Tools section.
2. Set the different settings as per your organization’s requirements.

Note: In cases where the relevant channel’s security settings are different from the Privacy & Security Module's security settings, the existing channel settings will be the overriding settings!

Module Settings

General Settings

IP whitelist for management -

This list outlines which IP addresses are allowed to connect to the system. If no specific address/es are defined, connecting to the system from any IP address will be possible.

If an IP address is entered (or several comma-separated addresses), only they will be able to connect (unless otherwise set in the 2FA module, which we will explain later).

IP whitelist for API access -

Defines which addresses can send API requests to the system. If there is a value written here - all other values are blocked and will receive error sending calls.

Otherwise, all IP addresses will have the authorization to send API requests to the system.

API Authentication mode - 

This setting is responsible for how you receive the Access Token in API conversations.

The API key is available in the API Key Module on the Settings page. 

Add customer details to mail notifications and when forwarding to a third party -

When activating this setting, the customer's details will appear in the email notifications and be redirected to an external third party (3 dots icon by clicking on the conversation ID)

Block email Addresses (comma separated)

Add the email addresses of the “do-not-reply” messages. 

Allow the agent workspace to be embedded within an iFrame 

Enables agents to work within the CRM with the CommBox system embedded in the screen.

Forward Email Addresses (comma separated)

Addresses listed in this field will place restrictions on which external third parties are authorized for data to be transferred to them only. If no value is written - you can send it to any external party.

Allow simultaneous connection

This enables the limit of mobile connections. 

Inactive agent interval (days)

The number of days after which an agent who hasn't logged in will be marked as 'Inactive'.

Password management

Allow password renewal without OTP - allows you to reset your password without the required SMS verification code.

Minimum password age (in days) - Defines the minimum time before password reset. For example, if the set value is 5, we can reset a password only after 5 days from the set date.

Maximum password age (in days) - Defines the maximum time when no password reset will be required. For example, if the set maximum is 30, you will need to change your password every 30 days at the latest.

Number of passwords in password history - Defines the number of passwords that the system saves and that we temporarily cannot reuse.

For example, if the set value is 2, we cannot use any of the last three passwords we used when the user wishes to reset a password.

Session management

Idle session timeout (in minutes) -

The time after which a user will log out of the system due to inactivity. To continue using the system after this point, the user will be required to re-login.

Ticket Authentication expiration time (in seconds) - 

Only relevant to chat-based channels. The time limit is when end customers can contact you through one of the enabled apps without logging in.

This setting is especially suitable for organizations where the website has a ‘My account’ like-personal page for customers to use.

Media

• Allow Customer to upload files - allows sending files from the customer.
• File type options for the customer - Defines the types of files uploaded to the system by the customer.
• Allow file upload (agent) - This allows you to send files from the agent.
• File upload types of options for an agent - Defines the file types uploaded to the system by the agent.
• Maximum file size - Limits the file size. Maximum of 20 MB
• Enforcing media access - You can access any media item in the system via a link. Given that enforcement of access to media is enabled, it will be possible to open the said link only if the device from which the attempt is made to open the link is connected to the system.

Audit Trail Logs

Audit Trail Logs provide a detailed chronological record of the activities within the organization, which plays a critical role in security and compliance events.

Click here for the user guide. 

After modifications, Save your changes at the bottom of the screen.

Note: In cases where the relevant channel’s security settings are different from the Privacy & Security Module's security settings, the existing channel settings will be the overriding settings!