Under Security Settings on the Admin portal page, administrators can access settings related to site security.
IP Security
By enabling the IP Security, agency administrators can define who is allowed or not allowed to access their agency’s Evidence.com accounts based on the IP address. By default, when your Evidence.com agency is created, IP security is disabled and your agency’s sign-in page can be accessed from anywhere within your country.
If you enable IP security, you can authorize specific IP addresses and ranges of IP addresses, such as the IP addresses used at your agency headquarters or at specific districts. Only devices assigned one of the authorized IP addresses can access your Evidence.com agency.
Note: Before you enable IP security, work with your IT staff and your Internet provider to acquire static (non-changing) IP addresses. If you do not use static IP addresses, your agency could be denied access from its own Evidence.com agency. Consumer-grade Internet lines, such as DSL or cable modems, typically have a 200-hour lease. This means that every 200 hours the IP address is refreshed with a new one.
- On the menu bar, click Admin and then under Security Settings, click IP Address.
The IP Active Session Security area appears at the top of the page.
- To enable IP Address Security, in the IP Address field, enter the known IP address or default gateway that is seen by the Internet for your agency. You must enter a Starting and Ending IP Address if you select Range of IP Address.
- Enter a useful description of this address in the Label field. The Label field is optional but descriptive labels help make managing your Evidence.com account easier.
- Click Add Allowed IP Address to add the location.
The newly added IP Address shows in the table.
- You can continue adding additional IP Addresses as required.
- Click the Enable IP Security checkbox located at the top of the page.
You cannot select this option unless at least one IP address or range of IP addresses has been added.
- If at any time you want to prevent access from any IP addresses, click the corresponding Delete link. However, to prevent being locked out of your account ensure that you do not delete your current IP address.
IP Whitelisting for Multi-Homed Networks
Evidence.com supports IP security whitelists for agencies where web traffic can originate from multiple IPs during the same user session. The standard IP whitelist security detects if an active user changes source IP address in the middle of a session and logs the user out. The new setting still restricts site usage to the IP whitelist ranges, but does not terminate a user session if there is an IP change mid-session.
This setting is designed for agencies using network designs where web traffic is sourced from multiple IPs. For example, networks with multiple firewalls or proxy servers can exhibit this behavior. Agencies that load balance outbound traffic across multiple network links also fall into this category. These designs are perfectly valid but cause a false positive for our “Man in the Middle” protection. Until now, these agencies have not been able to utilize our IP whitelist security.
If your agency is not using this type of design, it is recommended that you employ the standard IP session security for the highest levels of protection.
- On the menu bar, click Admin and then under Security Settings, click IP Address.
- Under the Add a New IP Address section in the IP Address field, enter the known IP address. You must enter a Starting and Ending IP Address if you select Range of IP Address.
- Enter a useful description of this address in the Label field. The Label field is optional, but descriptive labels help make managing your Evidence.com account easier.
- Click Add Allowed IP Address to add the location.
The newly added IP Address shows in the table.
- Select the Allow IP Address To Change During An Active Session To The Trusted IP Addresses Below check box.
Configure Password Settings
This feature enables administrators to define password settings for all users in the agency.
- Password History — Unique new passwords a user must use before an old password can be reused. [default 10, min 1, max 25]
- Password Aging — Determines how many days a password can be used before the user is required to change it. [default 90, min 7, max 365]
- Password Length — Determines how short passwords can be. [default 8, min 6]
- Failed Login Limit — Number of failed login attempts before the account is locked out. [default 5, min 1, max 25]
- Lockout Duration — Number of minutes a user is locked out of their account due to failed login attempts. [default 60, min 1, max 720]
- Session Timeout — Number of minutes a user can be inactive before the user is automatically signed out of Evidence.com. [default 15, min 15, max 480]
Note: There are no configuration settings for user security questions. Users have 15 attempts to enter their correct security question responses. User that fail to enter the correct security question responses are locked out of the system for 1 hour.
- On the menu bar, click Admin and then under Security Settings, click IP Security.
The Password Configuration page with the various settings appears. Below each setting are a description and the default and maximum (max) values of the setting.
- Set the options based on your agency’s requirements.
Note: If you want to start over with customizing the password configuration settings, click Restore Defaults.
- When have finished configuring password settings, click Save.
- On the notification message box, click OK.
API Settings
Available to Evidence.com PRO agencies who request access to the Evidence.com Partner API, the API Settings page provides administrators the ability to ensure that only authenticated and authorized clients can use the Partner API feature to programmatically configure your Evidence.com agency. The Partner API supports the use of third-party programmatic clients to perform create, read, update, and delete operations on the resources supported by the API, which include the following object types:
- Users
- Groups
- Cases
- Evidence
- Devices
- Reports
For more information, please contact your Axon representative or send inquiries to Axon Technical Support at support@axon.com.