IP Office ContactStore 7.8 Page 33
15-601038 Issue 4b (06 July 2009)IP Office
Administration of User Accounts:
5.1 Windows Domain Authentication
You can create local user accounts within the recorder application itself. However, it is more secure to use Windows
domain accounts and you may wish to enable this feature - or even restrict access so that only windows domain accounts
have access to the system.
· Tip
If users are prompted for their domain passwords when they access the web interface, make sure that the
recorder is either part of the intranet zone, or make it a trusted site and configure Internet Explorer to
automatically log on to trusted sites.
To Enable Windows Domain Authentication:
1. Create a user account (as described below) who's username is domain\username - for example,
CORP1\JSmith. Note that the username is case sensitive and must match exactly the case of the username
stored in the domain controller.
2. Add properties to the properties file to define either your domain controller or WINS controller as follows:
sso.dc=IP address of domain controller
or
sso.domain=domain name to use
sso.wins=IP address of WINS server to use
To Enforce Windows Domain Authentication only:
1. Enable Windows Domain Authentication as above.
2. Log in as an Administrator using a domain account
3. On the Security > Users page, set Allow local user accounts? to No.
5.2 Use of SSL
You should consider whether you wish to enforce the use of Secure Sockets Layer (SSL) . By default, users can access
the recorder via http (on port 8888) or by encrypted https (on port 8443). You can force users to use the secure https
port, by setting Allow unencrypted (http) access? to No on the Security | Users administration page. When you
do this, any user who attempts to access the recorder through the unsecured (http) route is automatically redirected to
the secure (https) address.
The application is distributed with an SSL certificate that is valid for 3 years from the date it was issued. The certificate
makes it possible to give users secure access to the server. When users access it through this secure https port, the
traffic between their browser and the recorder is automatically encrypted.
However, Internet Explorer will warn your users that the name on the certificate does not match the name of the server
using it. You can either advise your users that this is acceptable and should be ignored or, for greater security, you may
acquire and install your own SSL certificate.
5.3 Session Inactivity Timeout
If a user does not access the administration or search and replay screen for a period in minutes exceeding this setting,
they will have to log in again (unless you are using Windows Domain Authentication ).
78
33