In this article
With increasing concern for data confidentiality and the need for measures against data breaches, VIDIZMO not only implements strict authentication and authorization policies to help enhance and strengthen data security, but also allows customers to configure some of the settings like data encryption key, password validation criteria, authorization token expiry, etc.
VIDIZMO allows you to configure Security settings using Application Configuration keys via Control Panel in your Portal. Here is how you can do this:
Before you start
To understand certain prerequisites, considerations and steps in order to configure application configuration keys, see: How to Update Application Configuration Keys in VIDIZMO
Configuring Security Settings in VIDIZMO
You can configure the following in Security section of Application Configuration:
MD5 Hashing Key
Here, you can define the private key to be used in AES encryption throughout the VIDIZMO application. AES encryption is used for encrypting sensitive data such as access token etc.
Auth Token Expiry Time (Minutes)
Here, you can define the default time in minutes for the Access Token to last, which was generated at the time of user authentication. Access Token is used in all the API calls and its expiry is governed by this key. The default value is set to be 1440 minutes i.e. one day.
Use Main Domain For Session Cookies
Here, you can define whether the cookie will be created on the main domain of the application or not. If this key is set to True, for a portal configured on abc.vidizmo.com, its session cookies created would be on vidizmo.com. This way the cookie information will be shared across different portals. This is required since some domains do not allow creating cookie on the main domain.
Note: Only set this value as False, when you are sure there is no possibility for a user to create a portal as a subdirectory of some sub-part of your main domain. For example, if your main domain is abc.xyz.azure.net, do not set this value as False if there is a possibility of portal creation at xyz.azure.net/myportal. This will create conflict and user will see uncertain behavior.
Here, you can define the password policy applied when user is setting up his or her password. This policy is applicable only on non-SSO users.
You can configure the following via JSON parameters:
MinLength defines the minimum length of the password for it to be valid. The default value has been set to 8.
MinUpperCaseChar defines the minimum number of upper case characters to be included in the password for it to be valid. The default values has been set to 1.
MinSpecialChar defines the minimum number of special characters like @#$ to be included in the password for it to be valid. The default values has been set to 0.
MinNumberChar defines the minimum number of numeric characters to be included in the password for it to be valid. The default values has been set to 1.
PasswordExpiryInDays defines the number of days after which password would expire. The default value has been set as -1, which represents that password would remain valid for an indefinite period of time.