Manage Site Security

Document created by Cisco Documentation Team on Dec 17, 2015Last modified by Cisco Documentation Team on Jul 25, 2017
Version 7Show Document
  • View in full screen mode
 

Set Security Options

Site Administration provides several methods for preventing unauthorized use of your WebEx service site. You can:

 
  • Strengthen the password criteria to make passwords more difficult to guess

     

  • Require that meeting attendees provide passwords to prevent unauthorized access to WebEx sessions

     

  • Review all requests for lost passwords

     

  • Allow the use of Access Anywhere

     

 
      
1    On the left navigation bar, select Configuration > Common Site Settings > Options.
2    In the Security Options section, configure the options for your site.
3    Select Update.

Security Options

 
                                                                                                                                                                

Option

 

Description

 

Account management section

 

Allow user to change user name

 

Select this option to allow users to change their usernames by editing their user profiles. This option is unavailable if the Auto Login option is enabled for your site.

 

Confirmation required for the user to update email address

 

Select this option to require site administrator approval for requests to update host email addresses. Ensure that the Review host account requests option in the Account Management Settings section is also selected.

 

Lock out account after [N] failed attempts to log in

 

Select and then specify the number of times a user can try to sign in before they have to contact you for assistance. You can also choose to have the site administrator notified when accounts are locked out.

 

Automatically unlock account after [N] minutes

 

Select to automatically unlock accounts after the number of minutes you specify.

 

Deactivate account after [N] days of inactivity

 

Select to specify how many days an account can be inactive before it is turned off. An account is "active" whenever a user logs on. You enable the timer when you turn on this option.

 
Important:

The user doesn't receive any notification from the site administrator to inform them that their account has been made inactive. For WBS31 and later, you can enable email notifications for accounts that will be deactivated.

 
 

Send email notifications [N] days and 1 day before account deactvation

(WBS31 and later)

Select to send email messages to users, whose accounts will expire because they have not signed in within the specified number of days. You can specify the number of days before account activation to send the first email.

Forgot password

Choose one of the following options:

  • Send user an email with a link to change password.

     

    (WBS32 and later) You can require administrator approval to send the emails. Check the Require approval for "Forgot your password?" requests  check box.

     

  • Require administrator to reset user's password.

     

Allow user to change password even if Auto Login APIs are on

 

Select this option to allow users to change their passwords, even if the Auto Login APIs are in use.

 

Manage user accounts through APIs

 

Select to use URL or XML APIs to create or change user accounts.

 

Forgot password

 

Specify which options to display when a user forgets their password:

 
  • Specify site administrators to receive user password requests.

     

  • Select Send email with the link to change the password to send an email that includes the password. This email also indicates whether a site administrator must approve the request. Non-SSO sites have the Send email with the link to change the password option selected by default.

     

  • Select Display brandable text if you want to create your own email message about resetting the password. SSO sites have this option selected by default.

     

    Note      

    If the Manage user accounts through APIs option is selected, only the Display brandable text option is available.

     
     

 

Account Signup section

 

Confirmation required for new accounts

 

Select to require confirmation for users to sign up for an account. Also, you can specify the number of days for which the confirmation link is active. If the account is not turned on within that period, the link expires.

 

Notify all site administrators whenever a new account is created

 

Select to notify all site administrators when a new user account is created.

 

Show security check in the signup form

 

Select this require new users to type the letters or digits of a distorted image that appears on the screen for added security.

 

Password management section

 

Require strong passwords for user accounts

 

Select to require that all new and changed user passwords comply with the password criteria that you specify.

The system automatically generates passwords when users sign up for an account or reset their passwords, or when you import account information from a .csv file. Automatically generated passwords only contain the following characters if your password settings enforce the use of mixed case and special characters.

  • ` (back quote, the character located on the tilde key)

     

  • L (uppercase L)

     

  • l (lowercase L)

     

  • 1 (the numeral, one)

     

  • O (uppercase O)

     

  • o (lowercase o)

     

  • 0 (the numeral, zero)

     

 

Require mixed case

Select to require that user passwords contain both upper and lower case letters.

Minimum length

Select to require that user passwords have at least the number of characters that you specify.

Minimum number of numeric

Select to require that user passwords contain at least the number of numeric characters that you specify.

Minimum number of alpha

Select to require that user passwords contain at least the number of alpha characters that you specify.

Minimum number of special characters

Select to require that user passwords contain at least the number of special characters that you specify.

Do not allow any character to be repeated 3 times or more

Select to prevent the use of any character more than twice in a user password.

Do not allow dynamic web page text for account passwords (site name, host's name, username)

Select to prevent the use of dynamic web page text, such as the

  • URL for the site on which the meeting, event, or session occurs—for example, your_company.webex.com

     

  • Host's own name

     

  • Username

     

If the host's name is "Wendy Smith", the following are some examples of passwords that are not allowed: Wendy, Smith, WendySmith, wendy, wendysmith, wendysmeeting, and meetwithwendy.

Do not allow account passwords from this list:

Select to prevent the use of any word in the list, in user passwords. You can edit the list to add or remove words.

User can reset password after [N] hours

Select to prevent the user from changing the password for the number of hours that you specify.

Allow user to save account password in cookies

 

Select to allow users to store their password information in browser cookies. If you enable this option, users don't have to enter their passwords each time they use the same computer to log in.

 

Do not allow reuse of the last [N] passwords

 

Select this option to prevent users from using the same password until they exceed the specified number of unique passwords.

This option is also known as the "cyclic passwords" option.

 

Password aging section

 

Force all users to change password every [N] days

 

Select to force users to change passwords after the specified number of days.

 

Force all users to change password on next login

 

Select to force users to change passwords the next time they log in.

 

Centers section

 

All meetings must be unlisted

 

Separate options for Meeting Center, Event Center, and Training Center. Check to require that all WebEx sessions be unlisted on the site calendar.

 

All meetings must have a password

 

Separate options for Meeting Center, Event Center, and Training Center. Check to require that users must provide a valid password for all scheduled WebEx sessions.

 
Important:

By default, the All meetings must have a password option is selected. We strongly recommend that you leave this option selected to help ensure the security of meetings on your site.

 
 

Exclude password from invitation

Applies to Meeting Center only. Select to prevent the password being sent in the invitation email.

Require users to have an account when joining by phone

Applies to Meeting Center and Training Center only. (Not applicable if your site has TSP audio) Select to require attendees to sign in from their phones, if the host requires sign-in. Attendees must have added a phone number and PIN to their profile settings to do so.

Enforce meeting password when joining by phone

Separate options for Meeting Center, Event Center, and Training Center. (Not applicable if your site has TSP audio) Select to require participants to enter the numeric meeting password, when joining by phone.

Enforce meeting password when joining from video conferencing systems

Separate options for Meeting Center, Event Center, and Training Center. Select to require participants to enter the numeric meeting password, when joining from a video conferencing system.

When sign-in is required to join meeting, video conferencing systems will be:

Separate options for Meeting Center, Event Center, and Training Center; when a meeting password is required when joining from video conferencing systems. Select Blocked or Allowed. When blocked, video conferencing system users cannot start or join meetings that require sign-in. This includes Personal Rooms when configured to require sign-in.

Restrict the viewing of recordings to signed in users

Separate options for Meeting Center, Event Center, and Training Center. Select to require that users sign in to view recordings. If you do not restrict access to recordings, hosts can apply their own security settings.

Prevent the downloading of recordings

Separate options for Meeting Center, Event Center, and Training Center. Select to prevent users from downloading recordings. If you do not restrict access to recordings, hosts can apply their own security settings.

Allow attendees or panelists to join before host

 

Applies to Meeting Center, Event Center, and Training Center only. Select to allow participants or panelist to join the sessions before the host joins the session.

 

The first attendee to join is the presenter

 

Applies to Meeting Center only. Select to designate the first attendee that joins the meeting before the host as the presenter. This attendee has the ball and can share content within the meeting. The join session before host option must first be enabled.

 

Allow attendees or panelists to join teleconference before host

 

Applies to Meeting Center, Event Center, and Training Center only. Select to allow participants or panelist to also join the teleconference before the host joins the sessions. The join session before host option must first be enabled.

 

Require strong passwords for meetings

 

Select to require that all WebEx session passwords comply with the strict password criteria that you specify. For more information about strict password criteria.

 

Display teleconference information on meeting Info tab and Information window

 

This option controls the display of teleconference information when Personal Conference Numbers are used for telephony. Subscriber access code information can also be displayed with a suboption. By default, the options are enabled but can be disabled for security.

 

Automatically end meetings if there is only one participant

 

Applies to Meeting Center, Event Center, and Training Center only. Select this option to automatically end WebEx sessions after a specified period of inactivity. You can specify that session hosts be warned some minutes so that they can prevent the meeting from automatically ending in a specified number of minutes.

 

Include Host Key in host meeting emails

 

Applies to Meeting Center, Event Center, and Training Center only. Select this option to automatically include the host key in the host meeting emails.

 

Other section

 

Require login before site access

 

Select this option to require that all users have an account to log in to your WebEx service site to host or attend WebEx sessions.

 

Require attendee email address

 

Applies to Meeting Center and Training Center only. Select to require that participants provide an email address to join WebEx sessions.

 

All Access Anywhere sessions must use strict access code

 

Select to require that users specify Access Anywhere passwords that conform to your strict password criteria. For more information about strict password criteria.

 

Allow user to store personal information for joining meetings and call-back teleconferences

 

Select to allow users to store and access personal information, such as name, email, and registration. You can also use this option to remember previously and frequently used numbers when using the Join Teleconference dialog.

 

Allow individual hosts to reassign their recordings

 

Select to allow a host to transfer ownership of a network-based recording file to another user.

 
 
 

Attachments

    Outcomes