Server Settings - Security

Ignore User Domain:
By default, Alfabet user names for Windows sign-on include the Windows domain name when created in the format Domain Name\User Name . Select the checkbox to drop the domain name when creating the Alfabet user name. For every re-login by the user, the domain name will accordingly be included or excluded from the Windows network name for the user.
This setting should only be used if all user names are unique across the enterprise.
Allow Anomymous User:
- Select the checkbox to provide unrestricted access to Alfabet views from links in external applications or emails generated via Alfabet, like notification emails. When the checkbox is not selected, only named users can access the view. Anonymous login is not possible using Windows Sign-On. Login as a named user via a login screen is required for standard login.
- If you are using SAML for user authentication, you must select the checkbox to allow new users not to be created in the Alfabet database as anonymous users on attempt to open the Alfabet user interface. The users will be logged in with the default user profile for anonymous users. If the checkbox is not selected, access to Alfabet is strictly limited to users already available in the Alfabet database. You can then use other import mechanisms for user data like SCIM management.
Allow Re-Login: This attribute is only required when single sign-on is selected for user authentication.
If the checkbox is selected, the login screen that is displayed for re-login when a user logs out includes an option for re-login using standard login with a Alfabet specific user name and password.
If the checkbox is not selected, the Log out option will open a login screen restricted to re-login via single sign-on only.
Validate ADIF Parameters for SQL Injection: This setting is only evaluated for attribute settings in old ADIF schemes that have been defined prior to Alfabet 10.4 and have the Parameters Backward Compatibility Mode attribute set to True. If you are running such ADIF schemes, select the checkbox to check attribute values handed over during ADIF scheme execution for SQL injection vulnerability. The mechanism checks whether an attribute value is either a number or written in single quotes. If both conditions do not apply, the ADIF scheme will not be executed, and an error message will provide information about the incorrect attribute value definition.
Enable Changes to Own Authorization: By default, user administrators do not have permission to edit their own data in the Users Administration functionality. Selecting the checkbox will give user administrators permission to edit their own data.
External Access: Select how access permissions to Alfabet views opened via links in emails shall be handled. :
- Not Allowed: Access to the Alfabet user interface from links in emails is deactivated.
- Allowed As Visitor: Any person clicking a link can access the Alfabet user interface as anonymous user.
- Allowed as Authenticated User: Only users available in the Alfabet database as named users can access the Alfabet user interface via links from emails.
Access permissions for access from emails are not yet documented for Alfabet 11 releases. You can find information about these permissions in the documentation of Alfabet 10.15..
Maximum Number of Failed Logins: Enter the number of consecutive failed login attempts that are allowed for a user. If the user attempts to login and login fails because a wrong password has been entered for the configured number of attempts, the user will be blocked, and any further login attempts will be rejected. The number of consecutive failed logins will be counted and set back to zero with every successful login. If a user is blocked, a user administrator must re-set the count in the User Administration functionality.
This setting is only evaluated if the Enable Event Logging and Enable Login and Logout Tracking attributes in the Server Settings > Logging tab are activated.
Setting the Maximum Number of Failed Logins attribute to -1 sets the maximum number of failed logins to unlimited.
Path for Self-Signed Public Certificate Files: For integration solutions based on web services (such as ARIS - Alfabet Interoperability Interface, import of data from Technopedia®, or Jira® integration), self-signed certificate validation can be used on HTTPS connections.
The following configuration is required:
Do not perform the following configuration if your company has an internal certificate authority.
- The public part of the self-signed certificates (usually .cer or .crt files) from the third-party web service must be copied to a local folder that the Alfabet Web Application has access permissions to.
- The path to the folder must be defined in the Path for Self-Signed Public Certificate Files attribute.