SmarterTrack 12.x Help

Security

Administrators will use this section to adjust the general settings pertaining to the security of the SmarterTrack installation, including the configuration of password requirements, IP blacklists, upload limitations and more.

To access this section, click the Settings icon. Then expand the Configuration folder and click Security. The settings will load in the content pane and the following tabs will be available:

Options

Use this tab to edit the following settings:

  • Enable brute force protection - When checked, this setting enables SmarterTrack's brute force protection. Therefore, if a "user" attempts to log into SmarterTrack more than 10 times in 5 minutes they are locked out for 5 minutes. After 5 minutes they are able to attempt additional log ins.
  • Enable CAPTCHA - When enabled, a CAPTCHA will appear when registering a new account and submitting a new ticket from the portal (if the user's email address isn't verified).
  • Enable password reset - When checked, this setting allows agents, managers and administrators to reset their passwords from the management interface login screen. Clicking the link and filling out the username and CAPTCHA will send an email with a password reset link to the email address associated with the username. Note: If using external providers or active directory authentication, this feature should not be enabled.
  • Force all traffic over HTTPS - Select this option to force all SmarterTrack traffic over HTTPS. This improves SmarterTrack security by allowing all traffic to be encrypted. Note: Prior to enabling this setting, SmarterTrack must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterTrack site. This option is not available for those using the hosted SmarterTrack helpdesk, as a secure connection is already in place on the SmarterTools servers.
  • Moderate new user community posts - When checked, threads submitted in the Community by new users must be approved by moderators before showing publicly. A user is considered new until they are at least 7 days old and have at least 5 replies or comments on threads.
  • Allow interface to be embedded in another site (not recommended) - At times, an administrator may wish to embed pieces of the customer facing portal (e.g.: KB articles, News items, etc) within a third-party site. This is an advanced feature that has security considerations and requires extensive HTML knowledge. Select this option to allow SmarterTrack‚Äôs interface to be embedded in another site.

Password Requirements

Use this tab to configure the minimum password requirements for registered users.

  • Minimum Password Length - The minimum number of characters the password must have.
  • Require numbers - Select this option to force users to include a number in the password.
  • Require uppercase letters - Select this option to force users to include a capital letter in the password.
  • Require lowercase letters - Select this option to force users to include a lowercase letter in the password.
  • Require symbol - Select this option to force users to include a symbol in the password.
  • Require password does not match username - Select this option to ensure that the username and password do not match.
  • Disable password strength for existing passwords - Select this option to allow changes to the password requirements to only affect new users or new passwords.

Blacklist

Use this tab to edit the following setting:

  • IP Blacklist (one per line) - Adding IP addresses to this list prevents users from that IP being from able to leave feedback for any knowledge base articles. Only one IP address may be listed on a line.

Uploads

Use this to specify the types of files that can be uploaded to SmarterTrack.

  • Allowed extensions for document uploads in HTML editor (one per line) - These are the file types that agents can attach to tickets. In general, agents should be able to attach any file type to a ticket. To allow this, simply add an asterisk (*). However, there may be times when administrators will want to limit file attachments to simply images or documents. To restrict agents to specific file types, add the extensions here, one per line, and include the dot (i.e., .JPG not simply JPG).
  • Allowed extensions for end user file uploads (one per line) - These are the file types that customers and end users can upload to agents when submitting tickets from the portal. In general, it's a good idea to limit customers from uploading file types that may prove harmful, such as program files. To restrict end users and allow only specific file types, add the extensions here, one per line, and include the dot (i.e., .JPG not simply JPG).