The Security Settings page of the Admin menu is available to Account Owners only. Here you can:
- Enter permitted email domains for user creation
- Configure IP access control
- Create and delete API users
- Create and delete WebDAV users
- Set up Key-based SFTP Auto-imports
Permitted email domains
In order to keep your account secure from unauthorized access, all users must activate their profile via a link in an email sent from Emarsys. Before they can receive this email, their email domain must be listed here.
Note: Since this is also true for all emails relating to account security and user management, such as password reset, it is recommended to keep all domains used by active user profiles in this list.
IP access control
Even if a user’s login name and password are compromised, you can still prevent unauthorized access with these credentials by restricting login to approved IP addresses (these can be provided by your own IT Support). All other IP addresses will require the additional security precaution of two-step authentication. The settings for two-step authentication are found on each user’s Profile page.
When you first enable IP access control, no IP addresses are whitelisted.
- This is the most secure setting, since every user will require two-step authentication.
You can then add single IP addresses (your own IP address is helpfully displayed) or ranges of addresses.
- Users logging in from one of the whitelisted IP addresses (or ranges) can log in with their user name and password only.
- Users logging in from all other IP addresses must confirm their identity via two-step authentication. (If using a smartphone authenticator app, users can also ask Emarsys to remember individual devices, enabling login with user name and password from that device for 14 days, regardless of the IP address.)
In order to keep your API secure you should change your user name and secret key regularly.
These API users are created with a matching key which is available while the confirmation dialog is open. You can copy and paste the key from here. After you close the dialog, the key cannot be retrieved and a new user must be created.
Although Emarsys strongly recommends using the API or an SFTP server for secure data transfer, we also make WebDAV storage available for our customers who do not have the requisite technical support.
Your WebDAV storage will be created as soon as you create your first WebDAV user. Like the API user, you should change the WebDAV user and secret regularly and the key is only available to copy while the confirmation dialog is open.
Key-based SFTP Auto-imports
With this feature you can easily and conveniently set up auto-import events from your SFTP servers. We use 4096-bit RSA keys for optimal security.
Creating the key
To create a key for your SFTP server authentication, open Keyring tab and click Create Key.
Note: Give the key a clear and recognizable name for later identification, for example the server where it will be used for authentication.
When you have created the key, the confirmation dialog will show you the key’s name, creation date, the SHA1 fingerprint associated with it and the OpenSSH public key to be used in your SFTP server configuration.
This key will now be available for selection in the Remote source options when setting up your auto-imports.
You can view the details of any key by clicking the icon in the keys list.
You can also delete unwanted keys by clicking the icon in the keys list.