Overview
With increasing concern for data confidentiality and the need for measures against data breaches, VIDIZMO not only implements strict authentication and authorization policies to help enhance and strengthen data security but also allows customers to configure some of the settings like data encryption key, password validation criteria, authorization token expiry, etc.
VIDIZMO allows you to configure Security settings using Application Configuration keys via Control Panel in your Portal. Here is how you can do this:
Before you start
To understand certain prerequisites, considerations and steps in order to configure application configuration keys, see: How to Update Application Configuration Keys in VIDIZMO
Configuring Security Settings in VIDIZMO
You can configure the following in the Security section of Application Configuration:
MD5 Hashing Key
Here, you can define the private key to be used in AES encryption throughout the VIDIZMO application. AES encryption is used for encrypting sensitive data such as access token etc.
Auth Token Expiry Time (Minutes)
Here, you can define the default time in minutes for the Access Token to last, which was generated at the time of user authentication. Access Token is used in all the API calls and its expiry is governed by this key. The default value is set to be 1440 minutes i.e. one day.
Use Main Domain For Session Cookies
Application uses cookies to keep some information on browser's end, this cookie is created on the domain of the portal.
When this key is set to True and the portal is using e.g. acme.enterprisetube.com domain, the cookie will be set on main domain, i.e. enterprisetube.com and therefore will be shared with other portals using enterprisetube.com as their main domain as well. However, when it is set to False, the cookie will be created on acme.enterprisetube.com and therefore won't be shared with other portals (unless they use directory).
This setting is useful when a domain does not allow cookie creation on main domain such as *.cloudapp.azure.com which is the domain used by Azure VMs.
Password Validator
Here, you can define the password policy applied when user is setting up his or her password. This policy is applicable only on non-SSO users.
You can configure the following via JSON parameters:
MinLength defines the minimum length of the password for it to be valid. The default value has been set to 8.
MinUpperCaseChar defines the minimum number of upper case characters to be included in the password for it to be valid. The default values has been set to 1.
MinSpecialChar defines the minimum number of special characters like @#$ to be included in the password for it to be valid. The default values has been set to 0.
MinNumberChar defines the minimum number of numeric characters to be included in the password for it to be valid. The default values has been set to 1.
PasswordExpiryInDays defines the number of days after which password would expire. The default value has been set as -1, which represents that password would remain valid for an indefinite period of time.