SmarterTrack Help

Security

Administrators will use this section to adjust the general settings pertaining to the security of the SmarterTrack installation, including the configuration of password requirements, IP blacklists, upload limitations and more.

To access this section, log into the management interface with an administrator account. Then click on the Settings icon. In the Configuration area of the navigation pane, click on Security. The settings will load in the content pane and the following tabs will be available:

Options

Use this tab to edit the following settings:

  • Captcha - When enabled, a captcha will appear when registering a new account, or submitting a new ticket from the portal or thread from the Community (if the user's email address isn't verified). Choose to use SmarterTrack's built-in captcha or Google reCAPTCHA. Instructions on obtaining an API key for Google reCAPTCHA can be found here: https://www.google.com/recaptcha/intro/android.html. When the site key and secret key have been obtained, enter them in the corresponding fields.
  • Enable brute force protection - When checked, this setting enables SmarterTrack's brute force protection. Therefore, if a "user" attempts to log into SmarterTrack more than 10 times in 5 minutes they are locked out for 5 minutes. After 5 minutes they are able to attempt additional log ins.
  • Enable password reset - When checked, this setting allows agents, managers and administrators to reset their passwords from the management interface login screen. Clicking the link and filling out the username and CAPTCHA will send an email with a password reset link to the email address associated with the username. Note: If using external providers or active directory authentication, this feature should not be enabled.
  • Force all traffic over HTTPS - Select this option to force all SmarterTrack traffic over HTTPS. This improves SmarterTrack security by allowing all traffic to be encrypted. Prior to enabling this setting, SmarterTrack must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterTrack site. Note: Administrators managing SmarterTrack on their own servers must ensure this SSL certificate is in place. However, Administrators using the Hosted SmarterTrack solution can simply enable this setting, as a secure connection is already in place on the SmarterTools servers.
  • Moderate new user community posts - When checked, threads submitted in the Community by new users must be approved by moderators before showing publicly. A user is considered new until they are at least 7 days old and have at least 5 replies or comments on threads.
  • Allow interface to be embedded in another site (not recommended) - At times, an administrator may wish to embed pieces of the customer facing portal (e.g.: KB articles, News items, etc) within a third-party site. This is an advanced feature that has security considerations and requires extensive HTML knowledge. Select this option to allow SmarterTrack‚Äôs interface to be embedded in another site.

Password Requirements

Use this tab to configure the minimum password requirements for registered users.

  • Minimum Password Length - The minimum number of characters the password must have.
  • Require numbers - Select this option to force users to include a number in the password.
  • Require uppercase letters - Select this option to force users to include a capital letter in the password.
  • Require lowercase letters - Select this option to force users to include a lowercase letter in the password.
  • Require symbol - Select this option to force users to include a symbol in the password.
  • Require password does not match username - Select this option to ensure that the username and password do not match.
  • Disable password strength for existing passwords - Select this option to allow changes to the password requirements to only affect new users or new passwords.

Blacklist

Use this tab to edit the following setting:

  • IP Blacklist (one per line) - Adding IP addresses to this list prevents users from that IP from being able to leave feedback for any knowledge base articles. Only one IP address may be listed on a line.

Uploads

Use this to specify the types of files that can be uploaded to SmarterTrack. (NOTE: By default, the maximum size allowed for any attachments is 2MB.)

  • Allowed extensions for document uploads in HTML editor (one per line) - These are the file types that agents can attach to tickets via the Management Interface. In general, agents should be able to attach any file type to a ticket. To allow this, simply add an asterisk (*). However, there may be times when administrators will want to limit file attachments to simply images or documents. To restrict agents to specific file types, add the extensions here, one per line, and include the dot (i.e., .JPG not simply JPG).
  • Allowed extensions for end user file uploads (one per line) - These are the file types that customers and end users can upload to agents when submitting tickets from the portal or starting live chats, either from the portal or from the custom integration of Live Chat into your own website. This list also impacts attachments to tickets that are started from, or replied to, via email. If an incoming email has an disallowed attachment type, a comment is automatically added to the ticket so that the agent knows something is missing. In general, it's a good idea to limit customers from uploading file types that may prove harmful, such as program files. To restrict end users and allow only specific file types, add the extensions here, one per line, and include the dot (i.e., .JPG not simply JPG).

Organization

When creating an Organization, it's possible to add new Members by domain. However, there are many times when customers will use free email services such as Gmail or Yahoo! when they register. Therefore, when adding new Members by domain, administrators will want to exclude free email services when adding Members by Domain. This will ensure that not ALL users of Gmail, for example, are added as Members to any specific Organization.

Therefore, by default, SmarterTrack blocks the domains listed on this page from being added when adding in Members by Domain. This list is fully editable by system admininstrators and can be amended as needed.