Configuration > Security & Performance
If security and performance does not show on your instance as a module, head to: {yourhalourl.com}/config/security
| Field | Type | Description |
| Admin notifications | Single Select | The choice made here will determine if and where Halo Admins are notified about Security & Performance issues. |
| Required Password Strength | Single Select | Provides a choice of three strengths of password requirements. These detail how many, and what type of characters are required in the password, which will determine it's secutiry and strength. Recommended to be using Medium as the bare minimum. |
| Minimum Password Character Length | integer | When the strong password option is chosen from the dropdown above. You can set a required minimum password length by entering a number into this input. |
| Enable auditing of password type fields | Checkbox |
Enable password auditing to track when password fields are read. When checked, the act of viewing Password Fields (with the eye icon) is recorded and audited in the database. Halo provides the option to create 'password' type fields (Custom Fields, Site Fields, Asset Fields), where the visibility of these fields can be toggled (provided relevant permissions are granted). Checking this box will allow you to audit who views these protected fields & when they did so. Guide for creating/ storing passwords Recommended to have this setting selected. |
| Update encryption (N passwords/secrets to update) | Button |
This function will attempt to update these secrets/ passwords to the current encryption certificate. Where n represents the number of secrets/passwords you will have that need updated. Configure a X.509 certificate for encrypting password fields. For On-premise customers "Add the property "EncryptionThumbprint" equal to your certificates thumprint in /api/appsettings.json. This cerificate must be located within the LocalMachine/My store of the Server running the web application." This will update the mentioned Secrets and Passwords' encryption to match the most recent certificate. This cannot be done inside your current time zone's peak hours (Mon-Fri 0800-1800) as it is very resource intensive and will otherwise slow down the system. |
| Force all Agents to use Two-Factor Authentication | Checkbox | When checked, all Agents will be required to authenticate their log in via 2FA. When unchecked, only those Agents with 2FA enabled (via Agent details) will require this. |
| Bypass Halo 2FA if logging in with Single Sign-On | Checkbox | This option prevents users / agents from having to perform 2FA twice, should they have 2FA enforced on their SSO application too. |
| Force all Users to use Two-Factor Authentication | Checkbox | This option forces users to use Two-Factor Authentication when logging into the self-service portal. |
| Allow Two-Factor Authentication using email | Checkbox | This enables the use of Two-Factor Authentication via an automatic email containing a code with which to authenticate. |
| Allow Two-Factor Authentication using email until other methods are configured | Checkbox | This setting is only visible if "Allow Two-Factor Authentication using email" is turned off.
When enforcing 2fa you can now choose to enable 2fa via email only until an authenticator app is configured When 2fa via email is disabled (as recommended) the new option "Allow Two-Factor Authentication using email until other methods are configured" shows. Enable this to make it so 2fa via email can be used until another more secure method is configured for the user such as an Authenticator app. We recommend that 2fa via email is disabled and 2fa via authenticator app is enabled as it is more secure. However, this previously meant that users must first sign-in in order to set up the authenticator app, leaving them without 2fa enabled until they do. This option allows 2fa via email to be used until the authenticator app is set up, making new accounts more secure. |
| Allow Two-Factor Authentication using SMS | Checkbox | This enables the use of Two-Factor Authentication via an automatic SMS message being sent to the User or Agent's phone number, containing a code with which to authenticate. |
| Allow Two-Factor Authentication using an authenticator app | Checkbox | This enables the use of Two-Factor Authentication via an authenticator app, such as Microsoft's or Google's "Authenticator", these are usually applications on phones. |
| New Agents must set up an authenticator app upon logging in | Checkbox | When selected, this forces agents to set up two factor authentication the next time they log into the agent application. |
| New Users must set up an authenticator app upon logging in | Checkbox | When selected, this forces users to set up two factor authentication the next time they log into the portal. |
| Prevent authentication with Halo credentials if single sign-on is enforced | Checkbox | This stops users / agents appending /?nosso=true to the login URL in order to bypass the SSO screen. |
| (Account Security emails) Password changed | Single Select | Determines if agents/end users receive an email notification when their password has been changed. The email template id=291 will be sent. |
|
(Account Security emails) 2FA enabled |
Single Select | Determines if agents/end users receive an email notification when their 2FA has been enabled. The email template id=300 will be sent. |
|
(Account Security emails) 2FA disabled |
Single Select | Determines if agents/end users receive an email notification when their 2FA has been disabled. The email template id=303 will be sent. |
|
(Account Security emails) Authenticator app configured |
Single Select | Determines if agents/end users receive an email notification when an authenticator app has been configured for their account. The email template id=306 will be sent. |
|
(Account Security emails) Authenticator app codes reset |
Single Select | Determines if agents/end users receive an email notification when an authenticator app has code has been reset for their account. The email template id=306 will be sent. |
|
(Account Security emails) Email address changed |
Single Select | Determines if agents/end users receive an email notification when the email address against their account has been changed. The email template id=297 will be sent. |
|
(Account Security emails) User name changed |
Single Select | Determines if agents/end users receive an email notification when the user name against their account has been changed. The email template id=294 will be sent. |
| Enable Full-Text Searching | Checkbox | This returns smarter results when searching a document for phrases or sentences. In contrast to traditional searches, this will return results containing partial matches too, as opposed to exact matches. (For on-premise clients Full-Text search must be enabled in SQL Server to use this). |
| Full-Text search method | Single Select | This allows the choice between different formulas for Full-Text searching. The configuration of this is only available for on-premise clients. |
| New Full-Text Search Method | Single Select | Provides the option to search the full text first and then search using a contains clause. |
| Only search Ticket IDs if the search term exactly matches a Ticket ID | Checkbox | This will stop searches returning ticket results if the ticket ID happens to be included inside any other numbers in the search query, they will be returned should the ID be exactly stated. |
| Load images via the API | Checkbox | This will determine the route via which images are loaded; straight from the database, or via an API-Image Link (Available only to on-premises instances) |
| Render HTML content in iframes | Checkbox | When checked, HTML content will be rendered in an iframe so that potentially present malicious content will not be executed. |
| Incoming email sender verification | Single Select |
When "Display a Warning…" is selected A warning will be shown when tickets are updated by an email address not in the to/cc list of the ticket. You can check the email recipients by clicking on the email recipients button which is found in the ellipse dropdown of a ticket (top Right hand side "Ellipse Symbol") This will help raise awareness that the content of the email should not necessarily be trusted. This requires the incoming service to be active to use. |
| Enable Halo news and seasonal theme notifications | Checkbox | This allows news items from Halo to be displayed in the customer's Halo instance. These are published via Halo themselves. |
| Go NHServer-less (BETA) | Button |
NHServer is a legacy service responsible for incoming and outgoing mail, notifications, scheduling and various other tasks. NHServer is now deprecated and it's functions have been moved to the web application or Halo Integrator. Usage of the new backend services has not yet been enabled. If your instance is compatible, you can switch on the new services using the button below. |
