Access & Security
- arkadi kaplon
The Access & Security tool offers the ability to define access and security preferences to make it easier and safer to manage the access and security of the organization.
To access the preferences, click Access and Security under Manager application.
My Password Policy
Reset All Passwords
Using the "Reset all Passwords" tool, resets the passwords for all users in the organization and prevents them from accessing the various Galooli platforms until they undergo the identification and password change process.The user must have "Full" level permissions in the Access & Security category in order to be able to click the “Reset All Password” button.
In the case of a global user, the system will reset all passwords for all organizations to which the user has access.
Password Policy Requirements
The password policy defines the rules for setting user passwords.
The rules are as follows:
Enable password expiration in X days - This sets the maximum amount of days required for password refresh. Once the user exceeds the number of days, they will be forced to select a new password to access the system. The default is set to 180 days (6 months) which is the maximum period.
Enforce minimum password length - The default is set to 8, but this can be made shorter or longer
Require at least one uppercase letter - Default active
Require at least one lowercase letter - Default active
Require at least one number - Default active
Require at least one non-alphabetic character - Default active
Here is a list of excluded passwords that cannot be used even if the organization's settings permit their creation:
Password
Password1
Galooli
Vodafone
Vantage
Tower
Admin
User
QWERTY
ABCDE
Welcome
-If 'a' is replaced by '@' and/or 'o' is replaced by '0', it will not be possible to set the passwords above.
-Additionally, the letter 's' cannot be replaced with '$'.
-It is important to clarify that this is not just a list of characters as-is. The user will not be able to use any of the passwords below, even if he adds characters before or after the password.
Two-Factor Authentication
Two-factor authentication ensures the highest level of security for your Galooli account. When you manually activate this service, you will be able to:
Reduce the risk of unauthorized access to user accounts.
Provide users with an additional layer of protection against account breaches.
Guidelines
All login methods (user name and password, single sign-on) will require two-factor authentication.
Authentication will be based on the username of the user. Users with access to more than one organization will only have to complete the setup process once.
Google Authenticator App (QR scan) will be used for two-factor authentication.
Once the service is activated, all users of the organization will be required to set up Two-Factor Authentication in order to access Galooli Solution.
Two-factor authentication will be required only for Galooli Solution logins (not for Galooli Mobile App logins).
First Login After Activation Of The Service
After logging into an organization with Two-Factor Authentication enabled, the user is presented with an option to scan a QR code to connect to the Google Authenticator App.
The verification code must be copied from the Google Authenticator App and pasted into the Two-Factor Authentication setup.
Accessing The Account After Two-Factor Authentication Has Been Set Up
Users who are logging into an organization that has enabled Two-Factor Authentication will see the popup below.
The verification code must be copied from the Google Authenticator App and pasted into the Two-Factor Authentication setup.
Session Timeout
A session timeout feature of the system allows you to specify a time before non-active users should log out of the system, thereby maintaining the security of the system. It affects only the Galooli Solution and not the Galooli Mobile App.
Feature Specifications:
This feature is activated by default for 60 minutes, however it is possible to edit the time and the feature activation.
The maximum time is 1440 minutes, and the minimum time is 15 minutes.
This definition is at the organizational level rather than at the user level.
A global user who has access to more than one organization will be obligated to the organization with the minimum number of minutes.
Disable Inactive Users
Disable inactive users is a security feature that allows you to disable users who have not logged in to Galooli solution for a specified period of time. A disabled user cannot log in to Galooli solutions until another user grants access to the user - Permission Management | General Authorization Permission
Feature Specifications:
The feature is active by default to 92 days.
The maximum period of time is 92 days, and the minimum period is 30 days.
A global user who has access to more than one organization will be obligated to the organization with the minimum number of minutes.
An email notification will be sent to the user who has been disabled as a result of this automatic mechanism.
A user who is authorized to grant access to a disabled individual must have full access to the "Access and Security" tool.
Blacklist Removal
If you have any suspicion that you do not receive email messages from Galooli or your provider please follow the next link in order to solve the issue.
APIs Restrictions
Via the API restrictions feature, managers with full access to the "Access & Security" tool can set the IP address from which all users can access Galooli's API services on a organizational level.
Make sure that the IP address that you have entered corresponds to the same External IP address of your service/server - you can do this by googling “What is my IP address”
It is advisable to allocate an external static IP address and not a dynamic external IP address, as a dynamic address will change once your router has reset or due to any maintenance operations on your ISP side - for additional information, please contact your local ISP company
In the event that the default 30 seconds query interval of the SDK needs to be changed, please contact Galooli support. Only Admin permissions user can see and change the SDK query Interval.
The use of masked IP addresses is supported. Subnet masks up to Class B are allowed, for example: 255.255.0.0/16. There must be a match between the first part [255.255] and the other two parts [0.0] are free.
Permitted Login Hours
A feature that allows the administrators to restrict access to the system on certain days and hours.
The restriction applies to all users in the organization. If necessary, managers can also be restricted.
To create the restrictions, mark the days and hours in the table and make sure that the color of the row has changed. You can deploy the limit to all days by clicking on the "Apply to all days" button.
When a user tries to log in during the restriction. He will be notified by the system that this cannot be done and the reason why it is not possible
Login IP Restriction
To increase information security in the organization, a feature has been developed. This feature allows managers to define that the process of logging into Galooli systems must be carried out exclusively through the internal network of the organization. This is done by specifying a list of public IP numbers from which the system can only be accessed.
This feature allows the organization to decide whether system users will be required to connect from a dedicated IP address. If you choose to use this feature, the system will check the user's IP address every time he or she attempts to log in, and accordingly, allow or deny access.
Various applications of Galooli Solution are affected by this feature.
In order to use this feature click on the “Enable” button, and enter the IP address.
There is the option of entering IP addresses one by one or locking a range of addresses. Ranges are defined with the addition of a mask that follows the IP address with a “/”.