Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

The increasingly complex network environment poses challenges to the security of software systems, and in order to meet these challenges, we have set some security policies to protect software systems, which we will explain below.

Allowed Country IPs

We support region-level IP protection policies, through which we can limit the countries and regions we can access, which is necessary to limit the geographical scope of the service.

  • Enable Allowed Country/Region IP Access Protection

Understand what you're doing before turning on this option, and before doing so, it's a good idea to whitelist your own addresses to prevent accidental interception.

  •  You can select the country or region where you want to set access permissions with a simple search, and you can set allow and deny access for that region.

  • You can also use multiple selections to control the IP of a country or region in batches.

IP Blacklist

Through the blacklist and whitelist, you can add the specified IP address or address field to the blacklist or whitelist to achieve secure access.

  • You can Add a single IP Address to deny or allow

  • You can also add a range of IP Address to deny or allow

  • You can delete and modify lists that are manually moved or automatically created

Please check and confirm that the list is what you expect when deleting or editing the list.  The following are instructions for the use of several conditions:

  • If the configured action is allow, the IP address/IP address range belongs to the whitelist category, and the IP that meets the condition can ignore all restriction policies.

  • If the configured action is deny, it means that the IP address/IP address range belongs to the blacklist category, the IP that meets the conditions, and does not belong to the whitelist, all API requests for the IP are rejected.

  • If the request IP is neither whitelist nor blacklist, it is determined that the country policy to which the IP belongs. If the national IP configuration is deny, all interface requests for the IP are also rejected.

Anti-Hacking

Anti-Hacking is a system-level defense we do to prevent malicious access attacks. We can automatically add access IP to the blacklist by limiting the access rate and the number of access failures in a period of time.  The system administrator can set the time to automatically release the blacklist, or he can manually unblock the IP.

Configuration of the Anti-Hacking

Configuration details

  • Failed Authentication Protection

          Configure the amount of failed authentications that the System will accept. If this value is exceeded, the source IP address is put in the Blacklist

  • Web chat Requests Protection

          Maximum allowed requests per IP Address-Offending IPs will be blacklisted

  • Blacklist time interval

          This is the time interval in seconds that an abusive IP Address remain in the blacklist

Single Sign-On(SSO)

When you configure SSO application, you and your agents can sign in to CloudCX using a third-party application. That way your team can move between different toolsand doesn'have to remember multiple sets of login credentials.

Google configuration

  1. Login to https://console.cloud.google.com/welcome/new

  2. Select a Project, the click OAuth consent screen.

  1. Fill in App name, User support email, application home page and Email Address, then click SAVE AND CONTINUE.

  1. Click ADD OR REMOVE SCOPES.

  1. Select Scopes.

  1. Complete configuration

  1. Click Credentials.

  1. Click create credentials, and then click OAuth client ID.

  1. Select Application type, then fill in Name, Authorized JavaScript origins and Redirect URIs

Note: Authorized redirect URIs can be obtained in CX system.

  1. Obtain the Client ID and Client secret.

  1. Enter the Client ID and Client secret.

Office365 configuration

  1. Login to https://entra.microsoft.com/#view/Microsoft_AAD_IAM/EntraHome.ReactView

  2. Add a new registration.

  1. Fill in configuration, then click Register.

Note: Redirect URI can be obtained in CX system.

  1. Click API permissions.

image-20240221-084900.png

  1. Select API permissions, and then click Update permissions.

image-20240221-085257.png

  1. Obtain Client ID.

  1. Obtain Client Secret.

  1. Enter the Client ID and Client secret.

Application

(1)Click User Setting icon, then the following pop-up will appear:

(2)Click Single Sign-On. Select the third-party application you want to connect.

When you connect successfully, it will show the account.

And now you has been bound to the Office 365 account, you can log in the CloudFon by Office 365 account directly.

If you connect through the login page instead of User Setting for the first time, you need to bind an account after you connect to a third-party application.

Two-Factor Authentication

Two-Factor Authentication (2FA) is a security process in which two different authentication factors must be provided to verify your identity. It helps protect your CloudCX account from unauthorized access by adding a second-level security layer to your primary-level authentication. The 2FA process is not necessary for all sites. However, CloudCX suggests that it should be set up to enhance your account security further. With more robust security like 2FA, you can secure your customer's valuable data from unauthorized access and other cybercrime.

Set up and Reset Two-Factor Authentication (2FA)

Set up 2FA 

CloudCX provides two methods: Email authentication and Authenticator app authentication, You can set the authentication methods you want.

  • Email authentication

To set up email authentication via CloudCX Control Panel, follow these steps:

(1)Go to Profile> User Setting > Two-Factor Authentication(2FA).

image-20240103-021946.png

(3)If you want to set up email authentication, click Set up.

image-20240103-022320.png

(4)Enter the six-digit numeric code you received in your email on the Enter the Authentication Code pop-up.  

image-20240103-022417.png

The email authentication is successfully enabled with your account.

(7)Click Done to close the pop-up.

image-20240103-022744.png

  • Authenticator app authentication

(1)If you want to set up authenticator app authentication, click Set up.

image-20231228-023155.png

(4)Install a third-party 2FA authenticator app on a mobile device and scan the QR code, which is provided on the Link the app to your account pop-up.

Note: You can also enter the secret code shared on the Link the app to your account pop-up into your 2FA authenticator app in case you find an issue connecting using a QR Code. 

image-20240103-023033.png

(5)Click Next.

image-20240103-023116.png

The 2FA authenticator app generates the six-digit numeric code.  

(6)Provide the six-digit numeric code on the Enter the Authentication Code pop-up.  

image-20240103-023235.png

The authenticator app authentication is successfully enabled with your account.

(7)Click Done to close the pop-up.

image-20240103-022744.png

Reset 2FA 

  • Email authentication

(1)Click Reset.

image-20240116-083747.png

Note: In case you want to disable the email authentication, click Turn off.

(2)Enter the six-digit numeric code you received in your email on the Enter the Authentication Code pop-up.  

image-20240103-024525.png

The email authentication is successfully reset with your account.  

image-20240103-023322.png

  • Authenticator app authentication

(1)Click Reset.

image-20240103-022815.png

Note: In case you want to disable the authenticator app authentication, click Turn off.

(2)From the third-party 2FA authenticator app on a mobile device, scan the QR code, which is provided on the Link the app to your account pop-up.

image-20240103-023033.png

(3)Click Next.

image-20240103-023116.png

The 2FA authenticator app generates the six-digit numeric code.  

(4)Provide the six-digit numeric code on the Enter the Authentication Code pop-up.  

image-20240103-023235.png

The authenticator app authentication is successfully reset with your account.  

image-20240103-023322.png

How to set the frequency of 2FA for your login

(1)From the left navigation menu, go to your Security > 2FA Authentication.

image-20240103-034552.png

(2)Set the Frequency of Two-Factor Authentication for your Login

image-20240103-034623.png

(4)Click Save.

When set 14 days-skip, if you clear the browser cookie or uses a different browser, it is no longer a trusted device or browser for logging in to the Control Panel. However, you can set every login as a default setting.

Backup Code for Login

You will receive an initial backup code in email. If you loses your device or cannot log in for some reason, you can enter the initial backup code to log in. You can also generate a new backup code.

image-20240103-035239.png

2FA Warning Messages

Login Attempt Failed

CloudFon gives your five login attempts to input the authentication code you receive from the Email or Authenticator app. However, if you fail to log in on the third and fourth attempt, the Input Authentication Code page displays a warning message: Please try again in five minutes.

image-20240116-084108.png

Log-out Policy

You can set your account to never log out, and also can customize automatic logout after several minutes of inactivity. This feature can effectively help protect account security.

Note: The minimum number of minutes can be set to 15 minutes, the maximum number can be set to 999 minutes, and the default display is 30 minutes.

Step by Step Instructions

(1)From the left navigation menu, go to Security > Log-out Policy.

image-20240104-022026.png

(3)Set the rule of log-out automatically.

You can set it to never log out or customize the logout time.

image-20240104-022101.png

  • No labels