Jump to: navigation, search

Security Banner at Login

The security banner is a separate window that is displayed to a user when logging in to an application. The content of this window is defined by the system administrator, and can include such items as Terms of Use of the application or some kind of disclaimer. One security banner can be used by more than one application, and different applications can use different security banners.

The security banner can be enabled and configured in one of two ways:

  • During application setup
  • Before or after installation of the application, by creating specific registry entries in the application’s host registry

The security banner can be configured differently for each application, to support a variety of corporate policies.

Security Benefits

The security banner does not actually provide true physical or virtual protection for your system. However, it can provide legal protection if an unauthorized user violates any access restrictions, such as Terms of Use, and accesses the system anyway.

Under the strictest configuration of the security banner, a user is not allowed to log in to an application without first accepting the contents of the banner. The various degrees of security depend on the options selected during installation.

Supporting Components

The following components support the implementation of the security banner as described in this chapter:

  • Configuration Wizards
  • Genesys Administrator
  • Configuration Manager
  • Solution Control Interface
  • Interaction Routing Designer
  • Outbound Contact Manager
  • CCPulse+

Similar functionality can be achieved using customization features in the following components:

  • Workspace Desktop Edition (formerly known as Interaction Workspace)
  • Performance Management Advisors

For more information, refer to component-specific documentation.

Genesys Composer

Genesys Composer supports the basic concept of specifying and displaying a security banner. However, it implements a security banner differently than described in this document. Refer to Genesys Composer documentation for more information.

Genesys Desktop

Genesys Desktop supports the security banner in concept, but implements it differently from the way described in this document. In addition to a different installation procedure, all URLs related to the security banner must be in HTTP format (http://). Refer to the Genesys Desktop 7.6 Deployment Guide for more information.

Feature Description

The security banner is intended to display a user-defined security message prior to the login to a Genesys application, and provide the user with the means to confirm acceptance of the message. The message content is specified as an arbitrary URL, pointing to a document that can be displayed as an active document by Microsoft Internet Explorer 4.0 or later. Multiple URLs can be configured for redundancy.

The following characteristics of the security banner are configurable by the user, and can be configured differently for each application:

  • Regularity with which the security banner is displayed. For example, it can be displayed only once for each user, only once for each user for each type of application, or for all logins.
  • Whether the security banner is to be displayed, or if user acknowledgement is required.
  • Behavior if the target URL of the security banner is not available.
  • Title and dimensions of the security banner window.
  • The timeout within which the security banner must be loaded and displayed on the screen. If this timeout expires, an intermediate message (Downloading terms of use... Please wait...) is displayed while the security banner loads.

By default, the security banner window contains user-defined text, two buttons (Accept and Reject) and a check box (I Accept. Do not show this again). The user logging in to the application must click Accept to proceed to the login dialog box. If the user clicks Reject or closes the security banner window without accepting the window contents, the application closes.

As previously described, an intermediate message (Downloading terms of use... Please wait...) is displayed whenever the security banner is not retrieved and displayed before the timeout expires. During this time, the user can close the window by clicking Cancel; the terms can only be accepted when the content is fully displayed.

You must also specify whether you allow a user to log in to the application if the security banner cannot be displayed; if you do not allow it, the application closes if the security banner cannot be displayed.

If the security banner cannot be retrieved at all, an error message is displayed. Error messages contain an Exit button instead of Accept and Reject buttons. The software includes a default error page, but you can also configure your own. The behavior of the error page depends on whether you have chosen to allow a user to log in to the application if the security banner is not displayed, as follows:

  • If you have chosen to allow the user to log in, the error page closes automatically (if it is open) and the login dialog box appears. The user can then log in to the application.
  • If you have chosen not to allow the user to log in, the error page included with the software is displayed, showing the error code. The login dialog box is not displayed, and the user cannot log in. For HTTP errors, refer to the HTTP specification. For system errors, refer to Microsoft technical documentation.
Warning
Genesys recommends that you use multiple redundant URLs, including a local file as appropriate, to minimize the risk that the security banner will not load.

Deploying the Security Banner for Multiple Applications on the Same Host

If, on a single host, you are installing two or more applications that support and will be using a security banner, you can choose to do one of the following:

  • Provide individual settings for each type of application.
    In this case, if you choose to configure the security banner for just one (for this) application, all other applications will be deemed to have the security banner disabled. If you want any other applications to use a banner, you must enable and configure it for each of those other applications. In subsequent application installations, you can chose the for all option, but this will only set default values for subsequent installations; it will not impact the values for previous installations.
  • Configure one security banner for all applications.
    In this case, the security banners for all applications on this host will have the same content and behavior. In effect, these settings become the default settings. You do not have to enable and configure the security banner for each application. Having done this, for each application with security banner that you subsequently install, you can choose to do one of the following:
    • Provide individual settings for this application only, while not impacting the default settings.
    • Override the default settings by choosing to configure the security banner for all applications, and modifying the settings as required. The default values will appear in the installation interface, and can be overwritten or kept as is. If you change any of these values, all applications that use the default values, both those installed previously and subsequently, will be impacted.

In general, when setting up an application, the setup program looks first for a security banner configuration specific to this application. If one is not found, it then looks for a configuration common to all applications. In either case, it inherits the security banner attributes already defined. If it is unable to find any security banner configuration, it defaults to a disabled security banner, and you must then enable and configure the security banner from the beginning.

Feature Deployment

Important
To determine if this section applies to your component, see Supporting Components.

Deployment of the security banner consists of three steps:

  1. Design and create the required security banners and optional customized error pages, using the editor of your choice.
  2. Deploy security banner documents as files or as web content, and record the URLs. Each URL must be able to be resolved by the installed Microsoft Internet Explorer (IE) and displayed as an active page within the IE window.
  3. Configure the URLs in one of the following ways:
    As directed during installation of the GUI application [+] Show steps
    By modifying registry entries directly. [+] Show steps
Important
If you uninstall an application for which the security banner was configured, the configuration parameters of its security banner are not removed from the registry. To clear these parameters, you must reinstall the application without enabling the security banner.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on April 21, 2016, at 12:08.