Settings screen allows you to manage your properties, view API tokens, add webhooks, configure customized alerts for your users, and apply our SDK to integrate AuthSafe with external platform.
The AuthSafe settings screen has the following sections:
- Property Settings: Set up your property name and shadow mode. Properties can be set up such as your property name and shadow mode.
- Shadow Mode: When turned on, all user can log in to the website. The default response is Allow. Though all users are allowed to login, the system tracks all events, logs the activities, and performs risk assessment.
- By turning it on, you can silently observe the capabilities of AuthSafe and how it works. Once analysed, turn off the shadow mode to access everything.
- Property Platforms: Select the property platform (Website/Android/iOS) and enter its configuration details. In case of website, enter the website URL address. Android and iOS are coming soon and not yet launched. The format of the URL address is something.com and for a subdomain, it is something.domain.com.
- Tracking Code: AuthSafe pixel tracking code to integrate in the user’s web application for tracking user activities.
- The tracking code is placed on the user’s web application, inside the head tag and just before the flash head tag. The included script creates an IMG tag that will load a GIF file of size 1pixel by 1 pixel. The GIF file will track the activities.
- Against each tracking event, a GIF request will go to the server and Authsafe will be intimated of the activities that are being performed by the user. The GIF file tracks all the activities of the user visiting the web application. These activities include mouse movements or keypress events, page opening, and page closing using the pixels. The tracking code also collects information on parameters like user agent, browser, plugins, device, device height, width of the screen. For the browser and device additional details like height and width of the screen, resolution, and the plugins installed will be collected.
- API Keys: Generate API keys which are needed in the AuthSafe SDK integration or REST API integration. In order to access the login/reset password APIs, you require Property ID and Property Secret. These two parameters act as API keys to gain access to our APIs. To create a new Property Secret, click the generate button.
- SDK: On this page you can download the SDK files for various programming languages. Currently, AuthSafe supports PHP, Python, and .NET SDKs.
- Tracking Whitelist: Whitelist is a list of IP addresses or user IDs for which you want to disable tracking. For this list, there will be no change in risk score and no user notifications will be sent as user consider them as safe by default. Whitelist is like a do not track list.
- Webhooks: AuthSafe uses the webhooks to send information about incidents. Incidents are generated when a particular device reaches a critical risk score. The conditions of webhook triggering can be set while adding/editing a webhook. For more information, refer to webhooks.
- Customize Alerts: Specify the method in which a notification is sent when a login exceeds the specified risk threshold. There are two options:
- Risk Score – Indicates the threshold of user risk score which will initiate the email.
- Email – Enter the email address to which the notifications will be sent to. You can also let your users resolve these alerts by activating Security Notifications.
- By default, the user does not receive any notifications for each activity. Every day some users will go suspicious or higher rates or any particular risk score. If we start shooting emails, the admin will get overburdened by email.
- By setting customized alerts, for a particular risk score ranging between 30 to 100, where 30 is low and 100 means completely compromised, user will receive the email notifications.
- Delete Property: On this page you can delete the selected property.
- By setting customized alerts, for a particular risk score ranging between 30 to 100, where 30 is low and 100 means completely compromised, user will receive the email notifications.
NOTE: Once the property is deleted, it cannot be recovered.