0

Knowledgebase

  Categories

10
Communicators
 11
CyberAudit Management Software
 544
CyberAuditWeb 9.8 Help
 15
CyberKey Smart Keys
 6
CyberLock
 6
Cyberlock Cylinders
 4
CyberPoint Checkpoints
 3
Door Controller & I/O Module
 2
FlashLock
 4
Flex System Input & Output Modules
 1
Glossary
 3
Security Center Video Phone

  Categories

  Tag Cloud

Access-a-CyberLock Adding People Adding_People assign-a-key Bluetooth Communicators CyberKey Cyberlink Flex Flex_System How-to How-to-setup-a-cyberkey key maintenance open-a-cyberlock Portable_Link Removing People Setup Update Cyberkey Update key Update-Cyberkey USB Using_the_People_List Validikey Web_Authorizer

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

Global Preferences

Print
  • 0
..//assets/img/kb/wrench.png Global Preferences

mnuGlobalPrefs.png


Global Preferences determine how the CyberAudit-Web Enterprise system will operate as a whole. The Global Preferences page is available to the head administrator by selecting Global Prefs from the Options menu.


globalSectionsMenu.png
The Global Preferences page is divided into several sections accessible by a selector.
Quick links to sections:
People Preferences
Home Page Contacts
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
Enable Text Messaging
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page

..//assets/img/kb/people_pair_1.png People Preferences

global pin

PINS are used as another layer of key security. When a user presents a key to a communicator, they may be prompted for a 4-8 digit PIN.
Check the use PINs checkbox to enable PINs in the system. Then there are two modes for managing them:
  • PINs will be manually entered by the administrator - Each PIN must be entered manually (or via people import and may be viewed by the administrator in the People Details page.
  • Keyholders will create their own PIN - In this mode, CyberAudit-Web prompts the key holder to enter and confirm a new PIN when required. The administrator cannot view the individual PIN values in the People Details page but can force key holders to enter a new PIN, either individually or in bulk.

    In this mode, communicators such as Web Authorizers and Flex System hubs should be online to support this feature. Vault 20S, ValidiKey 2, and ValidiKey 20 can be off line temporarily to capture a new PIN from a user. They will verify that the PINs match and proceed to program a CyberKey but the People record will only be updated with the new PIN when CyberAudit-Web receives and processes the communicator audit trails.
Two additional options are available:
  • PINS are required for every person - When checked, adding and editing a person will require a PIN be entered in People Properties. And a People Import will require a valid PIN entry in the PIN column.
  • Obscure PINs on the People properties page - Makes PINs unreadable.

    optViewablePIN.png optObscurePIN.png
    viewable PIN                                                                 obscured PIN

CyberAccessCache.png

The Cyber Access app caches permissions to open CyberLock Blue CyberLocks. In this way, it behaves like a CyberKey which caches permissions to open CyberLocks and enables it to open locks when the mobile device cannot connect to the server. Expiring the Cyber Access cache serves the same purpose as configuring a rolling expiration rule for a CyberKey by adding a level of control to users who might choose to turn off networking on their devices.

The Cyber Access app attempts to update from its account(s) every three hours or after it connects to a CyberLock Blue. At this time it uploads its audit trail events and updates its access permissions from the server.

globalUniqueData.png

Unique People names within a system help ensure audit trail data clearly represents the person responsible for generating each audit trail event. When unique People names is not possible, a unique personnel ID can help reference the correct person through a report. CyberAudit-Web can, if desired, automatically generate a unique personnel ID for each new person added.

Personnel ID may also be used as a cross reference to a centralized personnel management system. CyberAudit-Web People can be updated using the importing process or via a remote custom program using the CyberAudit-Web XML-RPC core web service SDK.
optPeopleVaultAccess.png

People must be granted permission to access vaults before they may use them to check out a CyberKey. The default on new systems is for all people to be automatically granted access to all vaults via the Full Access schedule when a person or a vault is added to the system. Existing systems may not have this option selected.

Select between automatically granting full access or granting individual access. For each option, an additional checkbox will cause CyberAudit-Web to grant access to or remove access from all people when the administrator clicks Save. The action to revoke access also revokes access to people tags. The action to grant access grants full access to individual people, not people tags.
optPeopleDoorOptions.png

If the account is configured to use doors, checkboxes enable Door Access Numbers and Remote Door Access. Checking 'Require Device Token' helps ensure the link to open the door may only be used by one device.
global listing

Enables optional details for people records and allows custom labels. These fields will be displayed in the people listing and details page.
global details

Enables additional optional details for people records and allows custom labels. These fields show in the details page only.
PeoplePrefsUDF.png  PeopleTagPrefsUDF.png

Enables additional user-defined fields for people and people tag records with custom labels. These fields hold string values by default. With the Dynamic Tags SEM, they may be enabled and defined with other data types and constraints.

..//assets/img/kb/user_suit.png Home Page Contacts

globalHomePageContacts.png
Contacts are people that appear in the Home page and can help other administrators with questions about the use of the CyberAudit-Web system. Administrators of hosted systems may add contacts from the system manage section. To add contacts, use the item chooser to select designated contact people for the system. Only the contacts who are visible to the administrator will appear on the Home page.

defaultAdminMessage.png

A default message for contacts is shown above. A new message may be entered in this section. It may be up to 64 characters in length, including spaces.

People Preferences
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
 Enable Text Messaging
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page

..//assets/img/kb/cyberkey.png CyberKey Preferences

global key settings
Enables setting the mission mission template number length, the rule for limiting mission concurrent active missions per person, and the rule for automatically adding communicators.
  • Mission Template Number Length - Sets the value for the maximum number of digits to assign to a mission template. These mission template numbers may then be entered after a Personnel ID at a keyport to activate a mission in a CyberKey. Mission number length may be set from 2 to 6 digits. The default length is 4 digits. When combined with personnel ID, the length may not exceed 8 digits.
    Note: Mission Template Numbers are only applicable to Matrix Mode.

  • Active Missions - If more than one distinct mission is assigned to a person, this rule determines whether a person must return the CyberKey for one active mission before they may check out another mission. The ability to enforce this rule is limited by the ability of each communicator to maintain online status with CyberAudit-Web.

  • Allow Renaming of Keys Linked to a Template - Issued CyberKeys linked to a template will automatically be named with the name of the person plus the name of the template. These keys cannot be renamed. When this box is checked, the automatic naming is disabled and the key may be renamed.

  • Portable Links may be added with key issue numbers - On by default, this switch avoids a separate prompt for communicator issue number when the communicator is unknown to the CyberAudit-Web system.

  • Portable Links may be added with key mission numbers (less secure) - Again, this switch can avoid the prompt for a separate prompt for communicator issue number when the communicator is unknown to the CyberAudit-Web system. It is less secure because mission numbers are often re-used where issue numbers have a one-time use and are removed from the system after use. The effect is that a given issue number can issue only one communicator where a mission number could add multiple communicators to the system.

  • Show key label field on listing page - A Label field is provided for instances when a key's case is etched or permanently marked with a unique identifier. The label stays with the key record regardless of whether it is issued to a person or not. A Label is only available for CyberKey records with a 'K' serial number. It is not available for missions, issue numbers or key templates. A key label is accessible and may be edited from CyberKey General Information.

  • Allow vault keys to be programmed by other Gen 2 communicators - By default, CyberKeys associated with a CyberKey Vault may not be programmed or downloaded by other communicators. An organization may check this box if it wants the ability to update the mission in vault keys by another Gen 2 communicator. Administrators who choose this option should note these behaviors and remedies:
    • The notification for CyberKeys not returned to the vault is based on the expiration of the current mission for that CyberKey. Reprogramming the mission or programming another mission into the key may extend the expiration of that key and subsequent notification if it is not returned to the vault. If the mission is closed by another communicator without checking out another one, there will be no notification that the key has not been returned.
    • If the mission is closed by another communicator and the user attempts to return the key to the vault, a card scan or mission number entry will cause the vault to program another key and unlock the vault door. The user may then return their key to an open slot.
      If the vault is empty the vault will report there are no keys available at which point the user may enter 44# at the ValidiKey keypad to open the door and return their key.

People Preferences
Home Page Contacts>
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
Enable Text Messaging
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page

..//assets/img/kb/cyberlock.png CyberLock Preferences

global lock

Update Gen2 CyberLock Firmware - This option toggles whether Gen2 CyberLocks in the system will get a firmware update when they are downloaded and updated using the CyberLock Programmer II. Normally this box would be kept checked unless the administrators want to postpont or don't wish to execute Gen2 lock firmware updates. Click the Show locks with older firmware link to generate a report of Gen2 locks which don't report having the current firmware.

Multi-Key Access and Open Delay Settings - This option enables configuring multikey/delay settings for CyberLocks. The setting is in the Add New and Edit pages for locks and allows the administrator to change the multikey/delay settings for a CyberLock. The default setting will be used for any locks added by any administrator from the subsystem of their administrator node.

Note: Multi-Key Access and Open Delay Settings are not supported by CyberLock Blue.

Each key use a different schedule - The CyberLock may additionally require CyberKeys presented to the multi-key lock use a different schedule in their lock list than all the other keys participating in the attempt to open the lock.

Allow locks with no subsystem code - With this option enabled, CyberLocks may be configured with no subsystem code.

Enable rolling access codes - The option to use rolling access codes is enabled by a software enhancement module and must be enabled by the CyberAudit-Web hosting provider, if applicable. CyberLocks with no subsystem code may use rolling access codes for extra additional security. The settings include a frequency to roll the codes and grace period during which the previous access code will operate. Refer to the implications of using rolling access codes and associated articles before enabling these settings.
LockPrefsUDF.png
Use this section to add and name up to ten 'user defined' fields. These fields may be viewable from the Locks and Lock Tag listing pages and/or the Lock and Lock Tag properties pages. They may be filtered from the Locks listing page, and may be included and sorted in reports.
Fields may also be selected for display in various mobile apps that support Admin authentication to manage and update lock data. This includes features such as updating a lock's photo and capturing its geolocation. The following apps support this feature:
LockPrefsCAL.png

People Preferences
Home Page Contacts>
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
Enable Text Messaging
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page

..//assets/img/kb/key.png Password Preferences

global passwords

Passwords are used by administrators to log in to CyberAudit-Web. There are two basic password policies enforced in all CyberAudit-Web systems:

Number of failed attempts - If an identified CyberAudit-Web administrator fails to enter their correct password, CyberAudit-Web begins a count of incorrect attempts. When the count exceeds the maximum, specified on this page, the login is automatically disabled.

In addition, failed attempts are throttled by imposing a delay after incorrectly entering the password for a login. The throttling behavior is as follows:
1 Only 1 login guess per second.
2 If there have been 3 or more wrong guesses (regardless of time) a 15 second wait is imposed before the next guess.
3 If there have been 10 or more wrong guesses (regardless of time) a 60 second wait is imposed before the next guess.
4 CyberAudit-Web logs the first wrong attempt in the journal of changes then every 10th failure thereafter.

CyberAudit-Web sets a default value of 10 failed attempts.

Minimum Password Length - CyberAudit-Web sets a default value of 8 for this field. In general, recent NIST recommendations advise that longer passwords are harder to guess and therefore more secure.

Advanced Password Policies - Advanced password policies are also available. However as of 2016 NIST does not recommend such policies because they tend to cause people to create predictable passwords or write them down on paper.

People Preferences
Home Page Contacts>
CyberKey Preferences
CyberLock Preferences
Login Options
Permissions Preferences
Enable Text Messaging
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page

..//assets/img/kb/user_suit.png Login Options

twoFactorGlobalComplete.png

CyberAudit-Web administrators can receive an email to reset their password in the event they forget it. An email address must be entered in their people record. To help enforce this, a toggle is available to notify about administrators who don't have an email address entered and to enforce entering one when editing their people record.

Two-factor authentication is an optional feature for CyberAudit-Web available with the Advanced Security Features software enhancement module and must be enabled for the account in the manage section.. It adds extra security to the server by requiring administrators to enter a 6 digit Time-based One-time Password (TOTP) in addition to their login and password.

Allow 'trust this device' - Enabling this slider presents a 'Trust this device' checkbox to the administrator on the page they enter their 6 digit TOTP. This causes CyberAudit-Web to send information to the brower to save and use in lieu of the TOTP the next time the administrator logs in.

Enable 2FA - This button (which is replaced by " Disable 2FA " when Two-Factor Authentication is enabled for the user), will take the user to the introductory page for 2FA implementation. Disabling 2FA disables for all administrators in the account.

Generate Temporary code - This button is also only available after 2FA has been enabled by the current administrator. Clicking this button will take the user to tbe 'generate temporary code' page where they can create a one-time-use temporary code for lower-level logins who are not able to access their account.


..//assets/img/kb/adminNode.png Permissions Preferences

globalMode.png

The Permission Mode setting determines how permissions can be propagated to administrator nodes. Hierarchical Mode requires that in order to have a permission, the administrator node's immediate superior must have the permission. Independent Mode does not have this restriction.


People Preferences
Home Page Contacts>
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Enable Text Messaging
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page




..//assets/img/kb/comment.png Enable Text Messaging

textMessageSettings.png

If the CyberAudit-Web system is connected to a text message service, and made available to the account in the CyberAudit-Web manage section, it may be enabled. An administrator must agree to the CyberLock Text Messaging Terms of Service before the service will become available.

People Preferences
Home Page Contacts>
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
FlashLock and fob Preferences
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page


..//assets/img/kb/flashlock-marker.png FlashLock and fob Preferences

FlashLockSettings.png

If the CyberAudit-Web system has the FlashLocks SEM, and FlashLocks are made available to the account, in the CyberAudit-Web manage section, they may be enabled on this page. An administrator must agree to the FlashLock Software Enhancement Module Terms of Service before FlashLocks and fobs will become available.

Require Device Token - Flash Access is sent to a user in an email or text message. Requiring a device token ensures that only one specific device may be used by a person to open any FlashLock. The browser or Flash Access app will ask the user if this is the device they intend to use. If this box is checked, they must answer 'yes' to this question or the server will not send a flash code to the device. After they answer 'yes', any other device will be rejected by the server. If the user wants to use a different device, the administrator may clear the token.

Flash Access Cache - The app can store permissions to open FlashLocks for a period of time up to 14 days. This may be useful in the event the CyberAudit-Web server is not accessible for any reason. To allow caching FlashLock permissions on a mobile device, check the box and determine the maximum amount of time to allow storing the permissions.

The Flash Access app will attempt to connect to its CyberAudit-Web server whenever the app is active to verify the cached access permissions are still valid.

FlashBox - A FlashBox flashes its LEDs once every eight seconds. This 'heartbeat' is an indicator that the FlashBox is functioning and its battery is OK. Uncheck the box to disable this heartbeat.


People Preferences
Home Page Contacts>
CyberKey Preferences
CyberLock Preferences
Password Preferences
Login Options
Permissions Preferences
Enable Text Messaging
RFID Card Preferences
Notebook Preferences
Active Directory/Azure AD Setup
Customizing the Home Page



Related Articles

Locks with no Subsystem Code ... Remote Door Access ... Door Access Numbers ... Advanced Password Policies ...
« Back