User Guide Cancel

Configure security

Search
Adobe Connect Central Admin

Adobe Connect Central Admin

Open app
  • Getting started
    1. Connect Central for administrators
    2. Terms of service in Adobe Connect
    3. View an account summary
    4. Edit account details
    5. Manage disk usage
    6. Create reports
    7. Configure notifications
    8. Security settings
    1. User basics
    2. User permissions overview
    3. Resolve user access issues
    4. Edit user information
    5. Edit user group membership
    6. Assign a user to a manager
    7. Edit team members
    8. View a user report
    9. Customize user profile fields
    10. Set login and password policies
    11. Configure single sign-on
    12. Create additional administrators
    13. Manage guests
    14. Bulk user import
    1. Group basics
    2. Bulk group import
    3. Manage groups and permissions
    4. Manage training groups
    5. Group mapping and licensing
    1. Cost center basics
    2. Enable cost center reporting
    3. Add and remove cost centers
    4. Edit cost center details
    5. Associate users with cost centers
    6. Allocate meeting minutes
    7. Reports and data
    1. Audio management for admins
    2. View provider details
    3. Add or edit an audio provider
    1. User interface customization basics
    2. Configure the top menu bar
    3. Configure the session interface
    4. Configure login, entry, and exit screens
    5. Upload virtual backgrounds
    1. Compliance and control basics
    2. Manage pods
    3. Set sharing options
    4. Configure recording and closed captions
    5. Set training options
    6. Configure engagement tracking
    7. Set client options
    8. Advanced settings
    9. Control session & recording access
    1. Dashboard basics
    1. Getting started
      1. Connect Central for administrators
      2. Terms of service in Adobe Connect
      3. View an account summary
      4. Edit account details
      5. Manage disk usage
      6. Create reports
      7. Configure notifications
      8. Security settings
      1. User basics
      2. User permissions overview
      3. Resolve user access issues
      4. Edit user information
      5. Edit user group membership
      6. Assign a user to a manager
      7. Edit team members
      8. View a user report
      9. Customize user profile fields
      10. Set login and password policies
      11. Configure single sign-on
      12. Create additional administrators
      13. Manage guests
      14. Bulk user import
      1. Group basics
      2. Bulk group import
      3. Manage groups and permissions
      4. Manage training groups
      5. Group mapping and licensing
      1. Cost center basics
      2. Enable cost center reporting
      3. Add and remove cost centers
      4. Edit cost center details
      5. Associate users with cost centers
      6. Allocate meeting minutes
      7. Reports and data
      1. Audio management for admins
      2. View provider details
      3. Add or edit an audio provider
      1. User interface customization basics
      2. Configure the top menu bar
      3. Configure the session interface
      4. Configure login, entry, and exit screens
      5. Upload virtual backgrounds
      1. Compliance and control basics
      2. Manage pods
      3. Set sharing options
      4. Configure recording and closed captions
      5. Set training options
      6. Configure engagement tracking
      7. Set client options
      8. Advanced settings
      9. Control session & recording access
      1. Dashboard basics

     

    Security-related settings are located under Session settings and More settings.

    Set the session timeout

    Timeout settings allow users to close and reopen any number of sessions in the Windows and Mac desktop app without requiring re-logging in.

    1. Choose Account > Session Settings.
    2. Enter a timeout length for the apps:
      • Browser app: Enter a value in minutes from 5 to 720. The default is 30 minutes.
      • Desktop and mobile apps: Enter a value in minutes from 0 to 43,200. The default is 4 days.
    3. Specify whether the desktop app should remember users across sessions or should require a new log in after their current session expires.
    4. Choose Save.

    Note: Server admins managing the an on -premise Adobe Connect server may also configure timeout settings may at the account level.

    Screen for setting the session timeout

    Configure same origin policies

    Same-origin policies are a standard security mechanism that restricts how web content loaded by one origin can interact with a resource from another origin. Such policies strengthen security by isolating potentially malicious content and blocking attack vectors for content that originates from a source outside the current origin. For content to be considered from the same origin, it must share the protocol and host with the currently loaded content.

    1. Navigate to Admin > Account > More settings.
    2. Check Configure X-frames.
    3. From the Allow from/ancestors drop down list, specify whether to allow content from only the origin or from the origin’s ancestors.
    4. If the previous field only allows content from the same origin, you cannot configure the Allow from URI/ancestor source drop down list. If you’ve allowed content from custom origins and ancestors, specify an allowed custom domain.
    5. Specify whether to use additional (alternate) origins for event modules: If you check Use the following (different) ALLOW FROM settings, enter a custom domain. Separate entries with spaces.
    6. Configure the other security settings on the security page or choose Save.
    Screen for setting same origin security policies

    Require SSL and enhanced security

    1. Select Requires SSL Connection (RTMPS) to require SSL.
    2. HTML content sanitization: Do not use. In development.
    3. Specify whether to enable enhanced security. Enabling this option:
      • Forces web services APIs to use HTTPS
      • Generates a new session identifier after a successful log in.
    4. Configure the other security settings on the security page or choose Save.
    Screen for setting SSL security options

    Configure CSRF

    Adobe Connect enables end users or admins to enforce CSRF protection for state-changing XML API calls. Adobe recommends that you enable CSRF protection for XML APIs as it is the most secure configuration.

    To enable CSRF protection:

    1. Navigate to Admin > Account > More settings.
    2. Configure cross-site request forgery (CSRF) protection:
      • Specify whether to enable CSRF protection for the XML API.
      • Specify whether XML API calls on a specific path should be exempt from CSRF. Checking this box generates a unique URL you can use in your API calls.
    3. Configure the other security settings on this page or choose Save.
    Screen for configuring CSRF security settings

    Configure CSRF with web services

    Adobe Connect enables end users or admins to enforce CSRF protection for state-changing XML API calls. We recommend that you enable CSRF protection for XML APIs, as it is the most secure configuration.

    To enable CSRF protection, follow the steps below:

    1. On the Adobe Connect central page, click Administration > Account > More Settings.
    2. In the section CSRF Settings, check the option Enable CSRF Protection for XML API.
    3. CSRF protection relies on the client to send a secure session-specific CSRF cookie and a matching request parameter. All state-changing API calls are protected, for example:
      • acl-create
      • acl-field-update
      • acl-multi-field-update
      • permissions-update
      • sco-update
      • sco-upload
    4. After you authenticate, the following cookies are generated:
      • BREEZESESSION as the main Connect session cookie
      • BreezeCCookie as the CSRF cookie, based on the Connect session cookie
    5. Call the common-info API to get the CSRF token corresponding to the CSRF cookie (BreezeCCookie). The CSRF token is returned as <OWASP_CSRFTOKEN><token>...........</token></OWASP_CSRFTOKEN>
    6. Send all subsequent HTTP GET API calls that change state with the BreezeCCookie as a cookie and a OWASP_CSRFTOKEN. For example: https://\[SERVER_URL\]/api/xml?action=\[state changing action\]&........&OWASP_CSRFTOKEN=[token_extracted_above]
    7. For integrations that call single or multiple XML APIs via a single HTTP POST method, send the OWASP_CSRFTOKEN (along with the BreezeCCookie CSRF cookie), as <actions mode='...' OWASP_CSRFTOKEN=[token_extracted_above]>
    8. Enable the option Exempt CSRF Protection for XML API calls to the following path. When you check this option, a server-generated secure URL appears. This URL allows accounts ith XML API integrations to continue making their XML API calls against a secure and unique server-generated URL path.

    Configure universal voice

    1. Navigate to Admin > Account > More settings.
    2. Enable and disable universal voice for selected telephony providers.
    3. Configure the other security settings on this page or choose Save.
    Screen or enabling universal voice for each telephony provider

    More like this

    Get help faster and easier

    New user?

    Quick links

    View all your plans Manage your plans
    View quick links
    Hide quick links

    Legal Notices    |    Online Privacy Policy