SmarterStats Help
Community Knowledge Base

General Settings

System administrators can use this section to configure general SmarterStats settings. To access this section, click the Settings icon. Then click General Settings in the navigation pane. The general settings will load and the following tabs will be available:

Options

Use this tab to specify the following settings:

  • Default Theme - Allows a user or administrator to set a default light or dark theme that carries throughout the interface.
  • Send email reports after - Use this setting to specify the time that email reports should be sent.
    • note: Email reports will be sent after the time configured. While some reports may be sent a few minutes after, others may take a couple of hours.
  • Custom Help URL - A URL entered here will be used in place of the default Online Help link that's available when someone clicks on their icon in the upper, right corner of the interface.
  • Custom Help Text - This is the text that's displayed when a Customer Help URL is being used.
  • Enable notification reminder popups - Select this option to allow SmarterStats to display licensing and other administrative reminders.
  • Enable user password reset - Select this option to allow users to reset their password from the login screen if they forget it.
    • note: The "Forgot your password?" link will only appear on the login page if SMTP settings are configured within the General Settings. In addition, users must have an email address configured in their user settings in order to use the password reset functionality.
  • Send notification emails to system administrator - Select this option to send emails to the system administrator if errors occur.
  • Force all traffic over HTTPS - Select this option to force all SmarterStats traffic over HTTPS. This improves SmarterStats security by allowing all traffic to be encrypted.
    • note: Prior to enabling this setting, SmarterStats must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterStats site.
  • Allow interface to be embedded in another site (not recommended) - Enabling this allows you to embed the SmarterStats interface inside an iFrame. As this can cause some security risks, this is not recommended.

Log In

This setting allows a system administrator to custominze some aspects of the login page a site user hits. Options include:

  • Custom Login Text
  • Custom Title - This is the title that appears in the browser tab.
  • Login Backgrouns - Administrators can opt to use the default images, a custom folder on the MRS server (at which point they'll have to manually add the path to that folder), or a solid color.

Passkey Settings

A passkey is a secure alternative to standard passwords that uses cryptography and biometric verification, such as your face or fingerprint, to authenticate a user. Passkeys, then, can be used as an alternative method for logging in to SmarterStats.

When a system administrator enables the use of Passkeys it means that any site user can set up a device Passkey and use that to login in addition to the standard authentication method that's set up for that user.

  • Enable Passkey Authentication - Check this box to enable the use of Passkeys.
  • Prompt Users to Register Passkeys - Check this box to display a modal when a user logs in that entices them to set up a passkey if they don't have one set already.
  • Max Passkeys Per User - The maximum number of Passkeys any individual user can set up. By default this is set to 10.
  • Timeout (Seconds) - The number of seconds before the user is re-prompted to use their Passkey when logging in.
  • Require User Verification - Check this box if you want to force the user to use a biometric or PIN verification method when creating or using a Passkey.

Once Passkeys are enabled, site users can create them from their account settings.

Some things to note regarding Passkeys:

  1. If you delete a Passkey in SmarterStats, an attempt is made to remove the Passkey from the designated provider. However, if SmarterStats is unable to remove it, it will need to be removed manually.
  2. If you delete the Passkey from the provider, it will not be deleted in SmarterStats and so it will need to be manually deleted.
  3. If you try adding a new Passkey to a provider that had one previously, there's a chance the registration will fail. Some providers, especially browser extensions, may ask for you to simply update the existing Passkey if it was not previously deleted.
  4. Passkeys will not prevent a user from logging in using the standard authentication method set up for their user. This ensures that a user can log in from a device that does not have a Passkey available. (E .g., using a different desktop, a mobile device, etc.)

Two-Factor Authentication and Passkeys

The use of 2FA and Passkeys are not mutually exclusive. Any user can have both 2FA and passkeys set up for their account. It's worth noting a few things, however:

  1. If a user has both 2FA and passkeys set up, use of the passkey will bypass the use of 2FA as the authentication paths are different, and passkey authentication takes priority.
  2. If use of the passkey is bypassed by a user, 2FA will still factor in to the log in process.
  3. Before creating a passkey on a device, the user will need to sign in using 2FA on the device they're setting up the passkey on.

Password Requirements

Use this tab to configure the minimum password requirements for users.

  • Minimum Password Length - The minimum number of characters the password must have.
  • Require numbers - Select this option to force users to include a number in the password.
  • Require uppercase letters - Select this option to force users to include a capital letter in the password.
  • Require lowercase letters - Select this option to force users to include a lowercase letter in the password.
  • Require symbol - Select this option to force users to include a symbol in the password.
  • Require password does not match username - Select this option to ensure that the username and password do not match.
  • Disable requirements for existing passwords - Select this option to so that password requirements only affect new users or new passwords.

UNC

If your log files are secured on a separate server or in a folder with permission restrictions, it may be necessary to specify the UNC account credentials needed to access the raw IIS logs. Use this tab to configure the system level UNC credentials for your installation.

note:These credentials are used for each SmarterStats site that's configured. If every site has its own Log Location, regardless of whether the logs are access via UNC or not, it may be better to leave these settings blank. However, if some of the sites are located on a specific server that's accessed via UNC, it may be worthwhile to set these credentials then individual sites separately.
  • UNC Username - The identifier used to authenticate with the UNC account.
  • UNC Password - The corresponding password used to authenticate with the UNC account.
  • UNC Domain - The corresponding domain used to authenticate with the UNC account.
note: Configuring the UNC credentials here will apply to each site configured within SmarterStats. Individual sites can override the system level UNC account by unchecking the site setting “Use Default UNC Settings”.

Note for Linux Users

AS UNC is not available on Linux servers, in order to use shared folders on Linux for SmarterStats, the shared folder should be mounted on the Linux server. Once the shared folder has been mounted, then you can use the local path and point it to the mounted folder. Here is an example on how you can mount a folder on a Linux (Ubuntu) Server.

  1. Install the modules needed to access remote shares from Linux using:
    sudo apt install cifs-utils
  2. Navigate into /etc/smartertools and create a file called 'smbcredentials' and place your username/password into the file like so:
    username=sambauser password=asdf1234
  3. Make the credentials file inaccessible to anyone but the root user on the server using:
    sudo chmod 0600 /etc/smartertools/smbcredentials
  4. Add a local directory on the server that will be used to link to the share using:
    sudo mkdir /data
  5. Edit the /etc/fstab file as root and add a line to the bottom of it pointing to your shared folder and credentials:
    //storage.local/data /data cifs credentials=/etc/smartertools/smbcredentials,iocharset=utf8,vers=3.0,uid=1000,gid=1000,file_mode=0777,dir_mode=0777 0 0
  6. Reload the system configuration using:
    sudo systemctl daemon-reload
  7. Mount the new share using:
    sudo mount -a Troubleshooting

If you run into errors trying to mount the share you should be able to find details as to why by issuing a command like so:

sudo journalctl -n 50

This will return the last 50 lines of the system log which should provide clues as to why the mount command failed.

SMTP

These settings dictate the details surrounding how, and from whom, email reports and other emailed notifications are sent. System administrators can set up default accounts for emailed reports, and then allow individual site administrators to override these settings so they can set up their own from addresses, etc. Use this tab to specify the following settings:

  • From Address - The email address from which reports will be sent.
  • From Display Name - The name that appears in the From field of emails.
  • SMTP Server - The mail server used to send email reports.
  • SMTP Security - Select this option if the connection to the server must be SSL or TLS.
  • SMTP Server Port - The port used to connect to the mail server. By default, the port is 25. If a security option is selected, the default port will change to the most common port used. (I.e., 465 for SSL or 587 for TLS.)
  • Allow site administrators to override SMTP settings - Select this option to allow site administrators to specify their own SMTP settings. In that way, email reports and other items can be sent from an email address associated with the site being analyzed.
  • Enable SMTP authentication - Select this option if SMTP authentication is required to send mail from this email address.
  • Auth Username - The identifier used to authenticate with the external email server. In some cases, this may be the full email address of the account.
  • Password - The corresponding password used to authenticate with the external email server.
  • Confirm Password - Re-type the password used to authenticate with the external email server.

System Administrator

Use this tab to specify the following system administrator-based settings:

  • Username - The username of the system administrator. By default, the system administrator username is admin.
  • New Password - The new password the system administrator wants to use to log in to SmarterStats.
  • Confirm Password - The new password the system administrator wants to use to log in to SmarterStats.
    • note: To successfully change the password, be sure the text typed into this field matches the text typed into the New Password field.
  • Email Address - The email address of the SmarterStats administrator.
  • Enable Two-Factor Authentication - Click this link to open a modal that allows Two-Factor Authentication to be set up for the system administrator. Two-Factor can be configured to use an authentication app, like Google Authenticator, or a recovery email address. Regardless of the method selected, a recovery email address is required as a backup method. For example, if a user changes phones and forgets to carry over any authenticator app entries, the backup email address can be used to log in when Two-Factor is enabled.

Administrator Passkeys

This page allows a system administrator to set up one or more Passkeys for their account. Once a Passkey is created, it will be listed here and any passkey created can be managed as needed. (I.e., Rename the Passkey, Delete it, etc.) If no passkeys have been created, this is where they are created.

To add a Passkey, do the following:

  1. Click on the Add button, and a modal window will open.
  2. The modal will ask you to set give a Nickname to your passkey. This will help you identify it when managing passwords on your device. Click Next.
  3. SmarterStats will then attempt to access a provider on the device. For example, if your laptop or desktop supports facial recognition, SmarterStats will open that. If you have an extension for something like Keeper, it will attempt to access that.
  4. Verify you want the passkey created, and that's it.
  5. Click the OK button on the modal to close it, and a new passkey will be displayed in your list.

Once one or more passkeys are created, they are displayed in a grid. The grid has a few different columns:

  • Name - The "friendly name" given to the passkey when it was created.
  • Provider - The provider housing the passkey. This can be Keeper, Apple Passwords, etc.
  • Created - The date and time the passkey was created.
  • Last Used - THe date and time the specific passkey was used last.

Other buttons are available for managing passkeys. For example, you can Rename an existing passkey, delete a passkey, or delete all passkeys that have been set up.

CSP

The Content Security Policy (CSP) is a computer security standard that was introduced to help prevent specific types of cross-site scripting (XSS) exploits, click-jacking and other types of code injection attacks. Most web applications, like SmarterStats, have a CSP built-in, with little opportunity for administrators to manage the policy without making code-level changes. SmarterStats, however, allows experienced administrators to add things to SmarterStats' existing CSP to expand on its functionality. For example, adding in the ability to embed videos, fonts or scripts from third-party services. These are normally blocked by an application's CSP as it can lead to pages being hijacked to embed, and therefore execute, malicious code.

note: It is strongly recommended that this page be left untouched, except by an administrator or experienced web professional. There may be some entries by default, which cannot be removed, but any additions to any areas should be made very carefully to avoid any potential security issues.

Policy Directives and Sources

Each text box represents a specific "policy directive" within the CSP. Policy Directives describe the policy for a specific resource type and each has one or more allowed sources. The editable policy directive, its description and the uneditable default sources are listed, if any. Each policy can have one or more source, and each source should be on its own line.

connect-src

This policy dictates which URLs are able to be loaded via script interfaces. For example, adding in Google Analytics Site IDs. Wildcards are allowed and there are no default sources. (E.g., *.google.com)

frame-ancestors

This policy specifies valid "parent URLs" that may embed a page in a frame, iframe, etc. Wildcards are allowed and there are no default sources.

frame-src

This policy specifies valid sources for nested content that are loaded via frames, etc. This content can include embedded videos, etc. Wildcards are allowed and there are no default sources.

script-src

This policy specifies valid sources for JavaScript. This includes not only URLs loaded directing using a <script> tag, but also things like inline script event handlers (e.g., OnClick events) and XSLT stylesheets, which can trigger script execution.Wildcards are allowed and there are no default sources.

style-src

This policy specifies valid sources for stylesheets. Wildcards are allowed and there are no default sources.

Copyright © SmarterTools Inc. All rights reserved.