Product Settings

You can change the following settings of AD360 from this tab.

1. Connection Type
2. Privacy Settings
3. General
4. Security Hardening

Connection Type

• Choose your connection type. You can choose to use either HTTP or HTTPS.
• Specify the Port Number of your choice after choosing the connection type. Default ports - HTTP : 8082, HTTPS : 8445.
• If you selected HTTPS as your connection type, enable the Encrypt Keystore Password option and enter the password that you used to install the SSL certificate in AD360. If you don't enable this option, then password will be stored in clear text format in the server.xml file.
• Click Advanced to configure TLS versions and cipher suites.
• Select the desired TLS versions from the TLS drop-down. We support TLSv1, TLSv1.1, and TLSv1.2.
• We support the following cipher suites:
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_GCM_SHA256
• Select the domains for which you wish to Enable LDAP SSL for from the drop-down box.

  

• Click Save to store the configured settings.

Privacy Settings

By default, AD360 secures your database backups with a strong, random password. If required, you can change the password for subsequent database backups by entering the new password in the Change Password for DB Backup Files field. Ensure that the new password is at least 8 characters long.

General

• Be alerted when the available disk space falls below a pre-defined level (1 GB, 2 GB or 5 GB) by selecting the appropriate value from the drop-down box.
• Select the Session Expiry Time - time for which the user session would last - from the drop-down box.
• Select the level of logs that is to be collected by the product. The default working mode for ManageEngine AD360 is Normal with minimal set of debugging information. Select Debug to collect detailed log reports.
• The Enable Log Retention for option allows you to choose the number of days for which you would like to retain the product logs (saved under the Archive folder). After the set period, the logs will be purged from the product.
• Enable or disable collection of anonymous Usage Statistics Gathering to send to us.
• The Enable Single Console option allows you to access all products integrated with AD360 using the Apps pane on the left side of the product and vice-versa.
• Select Enable Single Sign on if you would like to access integrated products without going through authentication, after signing in to AD360.
• Select Enable Single Sign Out if you would like to sign out of all integrated products just by signing out of AD360.
• Select Enable Single Shutdown if you would like to shut down all integrated products just by shutting down AD360.
• Click Save to store the configured settings.

Security Hardening

This option allows you to configure and manage all product security settings in one place. A dashboard on the right side of the page displays a security score (as a percentage), which is calculated based on the importance of each configuration. Apart from this dashboard, the security settings alert will be shown under the browser and product notification centers, product License tab, and it will also be emailed to you along with product downtime and start-up mailers.

The security settings alert will be displayed in the notification center (which is the icon on the top-right corner) until a security score of 100% is reached. For licensed customers, the alert will also be displayed after every successful login until all the mandatory* security configurations are done. The security configurations available under AD360 are:

• Enforce HTTPS* - This setting helps establish a secure connection between the web browsers you use to access AD360 and the AD360 server.
• Enforce Two-factor Authentication* - Use this setting to add an extra layer of security while logging in to AD360. Choose from the set of authentication options available like email verification, SMS verification, Google Authentication, Duo Security, and more.
• Change Default Admin's Password* - Use this setting to change the default admin's password.
• Enable CAPTCHA - You can add a CAPTCHA to the login page using this setting. Users will be prompted to enter a CAPTCHA after a specific number of failed login attempts.
• Block Invalid Login Attempts - This setting allows you to block a particular user after a specific number of failed login attempts by the user.
• Enforce LDAP SSL - This setting enforces an SSL connection between the AD360 server and Active Directory domains configured in the product.
• Enforce Secure TLS - While using Transport Layer Security (TLS), this setting checks if the older versions of TLS are disabled. AD360 supports TLS versions 1.0, 1.1, and 1.2.
• Enable Reverse Proxy - With this setting, you can enable connection with a reverse proxy server in order to secure the identity of the AD360 server.
• Enable Auto Update - This setting enables the product to be updated to the recent build automatically. Ensures that you do not miss out on important patches and new features.

*The first three settings given in the above list are mandatory for AD360. It is, however, advisable to configure all settings and ensure your product security score is 100%. To manage individual settings, click the Configure option corresponding to that security setting and make the required changes. Once configured, the setting will have a green ticked Configured icon next to it, as shown in the image below.