Security Level
This table describes configuration settings that you should consider using or setting to achieve your designated level of security—high, medium, or low.
To make the settings easy to find, the list is ordered alphabetically with each setting’s respective path on the Configuration Settings editor.
| Path/Configuration Setting | For high-security environment | For medium-security environment | For low-security environment |
|---|---|---|---|
| Hidden | |||
CHAT_WS_API_IP_HOST |
Set to allowed IP addresses and subnet masks. Note: To enable this hidden setting and define
your allowed IP addresses and subnet masks, Submit a Service Request. |
||
| Chat/General/Server | |||
CHAT_CORS_ALLOWLIST |
Set to allowed origins. |
Set to allowed origins. |
Blank (default) |
| RightNow User Interface/General/Security | |||
CLIENT_SESSION_EXP This setting is also used in the desktop usage administration feature. |
15 (default) |
16 to 45 |
0 |
| RightNow User Interface/Customer Portal/Login | |||
CP_CONTACT_LOGIN_REQUIRED |
Yes |
Yes |
No (default) |
CP_COOKIES_ENABLED |
Yes (default) for all security environments. |
||
CP_FORCE_PASSWORDS_OVER_ HTTPS |
Yes (default) |
Yes |
Yes |
CP_LOGIN_COOKIE_EXP |
5 to 30 |
31 to 60 (default = 60) |
-1 |
| RightNow User Interface/General/Security | |||
CP_LOGIN_MAX_TIME |
As needed for all security environments (default = 0). |
||
| RightNow User Interface/Customer Portal/Login | |||
CP_MAX_LOGINS If you set a value for this setting, you must also set a non-zero value for CP_LOGIN_MAX_TIME. |
As needed for all security environments (default = 0). |
||
CP_MAX_LOGINS_PER_CONTACT If you set a value for this setting, you must also set a non-zero value for CP_LOGIN_MAX_TIME. |
0 (default) |
0 |
0 |
| Common/General/Security | |||
CP_REDIRECT_HOSTS |
As needed for all security environments (default = blank). |
||
| RightNow User Interface/General/End-User | |||
EU_CUST_PASSWD_ENABLED |
Yes (default) |
Yes (default) |
No |
| RightNow Common/Service Modules/Oracle Email | |||
EGW_PASSWD_CREATE |
Yes (default) |
Yes (default) |
No |
EGW_SECURE_UPDATE_MODE |
2 (default) |
2 (default) |
1 |
EGW_VISUAL_EMAIL |
No (default = Yes) |
No (default = Yes) |
Yes |
| RightNow Common/3rd-Party Applications/Facebook | |||
FACEBOOK_INCIDENTS_ENABLED |
No (default = Yes) |
As needed. |
As needed. |
| RightNow User Interface/Open Login/Oauth Apps | |||
FACEBOOK_OAUTH_APP_ID |
Facebook application ID for all security environments (if Facebook is enabled). |
||
FACEBOOK_OAUTH _APP_SECRET |
Facebook secret key for all security environments (if Facebook is enabled). |
||
| RightNow User Interface/General/File Attach | |||
FATTACH_MAX_SIZE Tip: Consider the types of attachments that will be uploaded to your site, and then set
this value to allow the minimum disk space that you need. As far as security goes, the more
disk space you can fill, the better. |
As small as practical for your needs. Applies to all security environments (default and maximum allowable limit = 20 MB). Note: File upload fails if the upload takes more
than 5 minutes. |
||
FATTACH_OPEN_ENABLED |
No (default) |
No |
As needed. |
| Chat/General/Create Incident | |||
INC_PRIVATE_TRANSCRIPT_ONLY |
Yes |
Yes |
No (default) |
LOGIN_SECURITY_MSG |
As needed for all security environments (default = blank). |
||
| RightNow User Interface/Contact Services/Security | |||
MYSEC_AUTO_CUST_CREATE |
No (default = Yes) |
No |
As needed. |
| Common/General/Security | |||
SEC_BROWSER_USER_AGENT |
Set to allowed user agent strings. |
Blank (default) |
Blank (default) |
SEC_EU_EMAIL_LINK_EXPIRE |
8 (default) |
12 |
24 |
SEC_INVALID_ENDUSER_HOSTS |
Set to allowed IP addresses. |
Blank (default) |
Blank (default) |
SEC_INVALID_USER_AGENT |
Set to user agent strings that are not allowed. |
Blank (default) |
Blank (default) |
SEC_SPIDER_USER_AGENT |
Set to list of known web spider user agent strings. |
Blank (default) |
Blank (default) |
SEC_VALID_ADMIN_HOSTS |
Set to allowed IP addresses. |
Set to allowed IP addresses. |
Blank (default) |
SEC_VALID_CHAT_API_HOSTS |
Set to allowed hosts and subnet masks for all security environments (default = blank). |
||
SEC_VALID_ENDUSER_HOSTS |
Set to allowed IP addresses. |
Set to allowed IP addresses. |
Blank (default) |
SEC_VALID_INTEG_HOSTS |
Set to allowed IP addresses. |
Blank (default) |
Blank (default) |
SESSION_HARD_TIMEOUT |
12 (default) |
12-24 |
As needed. |
| RightNow User Interface/General/Security | |||
SUBMIT_TOKEN_EXP |
30 to 60 (default = 30) |
30 to 300 |
30 to 1000 |
| RightNow User Interface/Open Login/Oauth Apps/ | |||
TWITTER_OAUTH_APP_ID |
Twitter application ID for all security environments (if Twitter is enabled). |
||
TWITTER_OAUTH_APP_SECRET |
Twitter secret key for all security environments (if Twitter is enabled). |
||
| Outreach and Feedback/General/Campaigns | |||
WEBFORM_ID_BY_COOKIE_ DEFAULT |
As needed for all security environments (default = No). |
||
WEBFORM_ID_BY_LOGIN_ DEFAULT |
As needed for all security environments (default = No). |
||
WEBFORM_ID_BY_LOGIN_ REQUIRED_DEFAULT |
As needed for all security environments (default = No). |
||
WEBFORM_ID_BY_URL_PARAM_ DEFAULT |
As needed. |
As needed. |
No (default) |
WEBFORM_SET_COOKIE_DEFAULT |
As needed. |
As needed. |
No (default) |
| RightNow User Interface/Customer Portal/Syndicated Widgets | |||
WIDGET_INSTALLATION_HOSTS |
As needed. |
As needed. |
Blank (default) |