Security Banner at Login
The security banner can be enabled and configured in one of two ways:
- During application setup
- Before or after installation of the application, by creating specific registry entries in the application’s host registry
The security banner can be configured differently for each application, to support a variety of corporate policies.
Under the strictest configuration of the security banner, a user is not allowed to log in to an application without first accepting the contents of the banner. The various degrees of security depend on the options selected during installation.
The following components support the implementation of the security banner as described in this chapter:
- Configuration Wizards
- Genesys Administrator
- Configuration Manager
- Solution Control Interface
- Interaction Routing Designer
- Outbound Contact Manager
Similar functionality can be achieved using customization features in the following components:
- Workspace Desktop Edition (formerly known as Interaction Workspace)
- Performance Management Advisors
For more information, refer to component-specific documentation.
Genesys Composer supports the basic concept of specifying and displaying a security banner. However, it implements a security banner differently than described in this document. Refer to Genesys Composer documentation for more information.
Genesys Desktop supports the security banner in concept, but implements it differently from the way described in this document. In addition to a different installation procedure, all URLs related to the security banner must be in HTTP format (http://). Refer to the Genesys Desktop 7.6 Deployment Guide for more information.
The security banner is intended to display a user-defined security message prior to the login to a Genesys application, and provide the user with the means to confirm acceptance of the message. The message content is specified as an arbitrary URL, pointing to a document that can be displayed as an active document by Microsoft Internet Explorer 4.0 or later. Multiple URLs can be configured for redundancy.
The following characteristics of the security banner are configurable by the user, and can be configured differently for each application:
- Regularity with which the security banner is displayed. For example, it can be displayed only once for each user, only once for each user for each type of application, or for all logins.
- Whether the security banner is to be displayed, or if user acknowledgement is required.
- Behavior if the target URL of the security banner is not available.
- Title and dimensions of the security banner window.
By default, the security banner window contains user-defined text, two buttons (Accept and Reject) and a check box (I Accept. Do not show this again). The user logging in to the application must click Accept to proceed to the login dialog box. If the user clicks Reject or closes the security banner window without accepting the window contents, the application closes.
You must also specify whether you allow a user to log in to the application if the security banner cannot be displayed; if you do not allow it, the application closes if the security banner cannot be displayed.
If the security banner cannot be retrieved at all, an error message is displayed. Error messages contain an Exit button instead of Accept and Reject buttons. The software includes a default error page, but you can also configure your own. The behavior of the error page depends on whether you have chosen to allow a user to log in to the application if the security banner is not displayed, as follows:
- If you have chosen to allow the user to log in, the error page closes automatically (if it is open) and the login dialog box appears. The user can then log in to the application.
- If you have chosen not to allow the user to log in, the error page included with the software is displayed, showing the error code. The login dialog box is not displayed, and the user cannot log in. For HTTP errors, refer to the HTTP specification. For system errors, refer to Microsoft technical documentation.
Deploying the Security Banner for Multiple Applications on the Same Host
If, on a single host, you are installing two or more applications that support and will be using a security banner, you can choose to do one of the following:
- Provide individual settings for each type of application.
In this case, if you choose to configure the security banner for just one (for this) application, all other applications will be deemed to have the security banner disabled. If you want any other applications to use a banner, you must enable and configure it for each of those other applications. In subsequent application installations, you can chose the for all option, but this will only set default values for subsequent installations; it will not impact the values for previous installations.
- Configure one security banner for all applications.
In this case, the security banners for all applications on this host will have the same content and behavior. In effect, these settings become the default settings. You do not have to enable and configure the security banner for each application. Having done this, for each application with security banner that you subsequently install, you can choose to do one of the following:
- Provide individual settings for this application only, while not impacting the default settings.
- Override the default settings by choosing to configure the security banner for all applications, and modifying the settings as required. The default values will appear in the installation interface, and can be overwritten or kept as is. If you change any of these values, all applications that use the default values, both those installed previously and subsequently, will be impacted.
In general, when setting up an application, the setup program looks first for a security banner configuration specific to this application. If one is not found, it then looks for a configuration common to all applications. In either case, it inherits the security banner attributes already defined. If it is unable to find any security banner configuration, it defaults to a disabled security banner, and you must then enable and configure the security banner from the beginning.
Deployment of the security banner consists of three steps:
- Design and create the required security banners and optional customized error pages, using the editor of your choice.
- Deploy security banner documents as files or as web content, and record the URLs. Each URL must be able to be resolved by the installed Microsoft Internet Explorer (IE) and displayed as an active page within the IE window.
- Configure the URLs in one of the following ways:
As directed during installation of the GUI application [+] Show steps By modifying registry entries directly. [+] Show steps