Privacy & Security
  • 08 Dec 2022
  • 3 Minutes to read
  • Contributors
  • Dark
  • PDF

Privacy & Security

  • Dark
  • PDF
  • New

Article Summary


This module will explain how to set up the Privacy & Security module and set up a secure connection to the system with the OTP system.


  1. Within CommBox’s Agent Workspace, click on the Settings icon on the lower-left-hand side of the screen.
  2. Under Settings & Features, click on the Privacy & Security module icon, which appears in the upper-right hand corner of the guide.
  3. Open/close the various tabs and set the different settings.

Module Settings

General Settings 

IP white-list for management -

This list outlines which IP addresses are allowed to connect to the system. If no specific address/es are defined, connecting to the system from any IP address will be possible.

If an IP address is entered (or several comma-separated addresses), only they will be able to connect (unless otherwise set in the 2FA module, which we will explain later).

IP white-list for API access -

Defines which addresses can send API requests to the system. If there is a value written here - all other values are blocked and will receive error sending calls.

Otherwise, all IP addresses will have the authorization to send API requests to the system.

API Authentication mode - 

This setting is responsible for how you receive the Access Token in API conversations.

You can obtain your specific brand token in CommBox System Settings → (on the right side) and go to Accounts.


Add customer details to mail notifications and when forwarding to a third party -

When activating this setting, the customer's details will appear in the email notifications and be redirected to an external third-party (3 dots icon by clicking on the conversation ID)

Enables presentation of administration system within iFrame -

Allows you to view an administrative system in the iFrame view. This function is especially relevant for customers who work with a CRM system.

Transfer Email Addresses -

Addresses listed in this field will place restrictions on which external third parties are authorized for data to be transferred to them only. If no value is written - you can send it to any external party.

Password management

Allow password renewal without OTP - allows you to reset your password without the required SMS verification code.

Minimum password age (in days) - Defines the minimum time before password reset. For example, if the set value is 5, we can reset a password only after 5 days from the set date.

Maximum password age (in days) - Defines the maximum time when no password reset will be required. For example, if the set maximum is 30, you will need to change your password every 30 days at the latest.

Number of passwords in password history - Defines the number of passwords that the system saves and that we temporarily cannot reuse.

For example, if the set value is 2, we cannot use any of the last three passwords we used when the user wishes to reset a password.

Session management

Idle session timeout (in minutes) -

The time after which a user will log out of the system due to inactivity. To continue using the system after this point, the user will be required to re-login.

Ticket Authentication expiration time (in seconds) - 

Only relevant to chat-based channels. The time limit is when end customers can contact you through one of the enabled apps without logging in.

This setting is especially suitable for organizations where the website has a ‘My account’ like-personal page for customers to use.


  • Allow Customer to upload files - allows sending files from the customer.
  • File type options for the customer - Defines the types of files uploaded to the system by the customer.
  • Allow file upload (agent) - This allows you to send files from the agent.
  • File upload types of options for an agent - Defines the file types uploaded to the system by the agent.
  • Maximum file size - Limits the file size. Maximum of 20 MB
  • Enforcing media access - You can access any media item in the system via a link. Given that enforcement of access to media is enabled, it will be possible to open the said link only if the device from which the attempt is made to open the link is connected to the system.

Please beware! In cases where the relevant channel’s security settings are different from the Privacy & Security Module's security settings, the existing channel settings will be the overriding settings!

Was this article helpful?