The Security section in Engini allows customers to customize and fortify their account’s security measures. It provides access to essential security features designed to protect user data, enhance access control, and ensure secure workflows. Here’s how you can navigate to and utilize the security features:
- Click on the settings icon located in the lower side of the side bar.
- Click on the “Security” section.
In the Security section, users can view and manage 4 distinct features tailored to their specific security requirements:
Session Timout #
“Enable session timeout” allows users to activate or deactivate this feature.
- Click on the toggle to turn on the session time out and to define the idle time.
- Enter the idle session timeout.
- Minimum idle time can be set to a minimum of 30 minutes.
- If you changed the default (30 minutes) idle session time out, click on the “save” button to save the changes.
- After the specified time of inactivity, the user is automatically logged out and redirected to the login page. If this feature remains inactive, users can remain on the platform indefinitely without being disconnected.
SSO Authentication #
SSO (Single Sign-On) allows users to securely access Engini with a single login, eliminating the need for multiple credentials while enhancing security and user convenience.
- Click on “Configure SSO” to open the configuration dialog.
- A window will open where you can fill in the required SSO details.
- Provider – Select your Identity Provider (e.g., OKTA). Once selected, the Authority, Sign-in URL, and Sign-out URL fields will be automatically filled based on your provider.
- Authority- The URL of your Identity Provider’s authorization server. (This will be pre-filled if the provider is selected).
- Client Id – The unique identifier provided by your SSO provider for the application.
- Client Secret – The secure secret key provided by your SSO provider for authentication.
- Sign-in URL – The URL where users are redirected for authentication. This field is pre-filled if the provider is selected.
- Sign-out URL – The URL for logging out and redirecting users back to the application. This field is pre-filled if the provider is selected.
Setting Up SSO in Engini #
To configure SSO, you need to exchange information between Engini and your chosen Identity Provider (e.g., Okta):
- Log in to Okta:
- Access your Okta account and log in with your credentials.
- Navigate to Account and click on Admin.
- Enter the verification code from the Okta Verify app to proceed.
- Create an App integration:
- On the left side of the Okta dashboard, click Applications.
- Click Create App Integration.
- Choose the required Sign-in method and Application type (follow your organization’s preferences).
- Assign a name for your application and proceed to the next step.
- Configure Redirect URLs:
- Scroll down to the section for Sign-In Redirect URLs and Sign-Out Redirect URLs.
- Open Engini and copy the Sign-In URL from Engini’s SSO configuration page into Okta’s Sign-In Redirect URL field.
- Similarly, copy the Sign-Out URL from Engini into Okta’s Sign-Out Redirect URL field.
- Set Assignments:
- At the bottom of the Okta configuration page, in the Assignments section, select Allow everyone in your organization to access.
- Click Save.
- Copy Client Credentials from Okta to Engini:
- After saving, you will be redirected to a page showing the Client ID and Client Secret.
- Copy the Client ID from Okta and paste it into the Client ID field in Engini’s SSO configuration window.
- Copy the Client Secret from Okta and paste it into the Client Secret field in Engini.
- Configure the Authority Field in Engini:
- In your browser, look at the URL in the address bar of the Okta page.
- Copy the domain part of the URL (the portion between http:// and okta) and paste it into the Authority field in Engini.
- Save the Configuration in Engini:
- Once all the fields in Engini are filled out (Client ID, Client Secret, Authority, Sign-In URL, and Sign-Out URL), click Save in Engini’s SSO configuration window.
- Disable Federation Broker Mode:
- Go to the Applications section in Okta.
- Locate and disable the Federation Broker Mode option for the application.
- Assign the Application to Users:
- Navigate back to Applications in Okta.
- Click Assign to Users for the application you created.
- Select the users you want to assign to this application.
- Create a New Policy:
- On the left-hand menu, click on Security, then select API.
- Locate the relevant Authorization Server and click Edit.
- In the Authorization Server settings, click on the Access Policies tab.
- Click Add Policy and provide a name and description for the policy.
- Select who to assign the policy to:
- All clients or
- Specific clients (you’ll need to select the clients manually).
- Click Create Policy.
- Add a Rule:
- On the same Access Policies page, click Add Rule under the created policy.
- Configure the rule as needed.
After completing the SSO configuration, click on the SSO Verification button in order to checks the connectivity between Engini and the Identity Provider (e.g., Okta).
Two-Factor Authentication (2FA) #
When the user who created the account sets up two-factor authentication, the users invited to access that account are required to set up their own two-factor authentication. Account-level settings require full authentication while allowing users to customize their preferences.
- Click the Enable two-factor Authentication” button to initiate the setup process.
- An authentication methods window will pop-up and you can choose between phone number or email for verification.
- Click on the “Send Verification Code” button to request a code be sent to your chosen phone/email. Once received, utilize the code as necessary.
IP Filtering #
Allows users to limit account access to specific addresses or countries. Users must configure at least one filtering row to use the IP filtering.
- Click “Add filter record” to start defining filters.
- Applying Filters: Choose between “user” or “connection”.
- Connection
- selecting from available connections within the current account.
- Specify Type- IP-related values or country.
- If you choose “Country”
- selecting the value from the available countries.
- selecting the value from the available countries.
- Otherwise enter the IP address / range.
- If you choose “Country”
- selecting from available connections within the current account.
- User
- Specify Type- IP-related values or country.
- If you choose “Country”
- selecting the value from the available countries.
- selecting the value from the available countries.
- Otherwise enter the IP address / range.
- If you choose “Country”
- Specify Type- IP-related values or country.
- Connection
- Activate the filter once configured and press on the green V to save the filter settings.
Notes:
- These security features are available exclusively with a premium subscription in Engini.
- Configuration and management of these features empower users to enforce personalized security protocols suited to their workflow and access requirements.