System Settings

The System Settings page enables you to view and add authorized domains, establish a custom form, manage customer credentials, set your server to maintenance mode, set expiration time for a session in your VPAM server, set Best Practices, share audit logs with a syslog server, and change your Connection Manager encryption preference.

The following sections provide details on each section in the System Settings page.

Authorized Domains

As its name suggests, the Authorized Domains section contains a list of all the domains (@domain.com) that a user's or customer's email can have to access your VPAM server. The system displays these authorized domains in the New Customer and New User forms. Only System Admins can add, remove, and set domains as primary.

To create an authorized domain:

  1. Click Add Domain.

  2. Type the domain after the @ symbol.
    Instead of "@company.com", type "company.com".

  3. Click Save.

To remove an authorized domain, click Remove in the domain list. The system must have at least one authorized domain at all times, so you can only remove domains when you have created a new domain, and have set it to Primary Domain.

To set a domain as the Primary Domain, click Set in the domain list. The domain moves to the top of the list. The Primary Domain is the default domain used when adding new users.

Custom Form Settings

The Custom From Settings enables you to set a default Connection Form. Read the Custom Forms document.

To set a Default Connection Form, click the drop-down menu and select the custom form you want to establish as the default.

Global Email Notifications List

The Global Connection Notification Email List lets you manage a global list of emails that receive connection notifications and session summary details.

NOTE:

For more information, see Connection Notification Settings.

Connection Notification Settings

The Connection Notification Settings section lets you to configure the frequency of notification emails that are triggered. There are currently two notification modes available:

  • The first time a user connects to a session

  • Every time a user connects to a session

A session summary is also be sent to the configured email list at the end of each session.

Maintenance Mode

Maintenance Mode disables access to the VPAM server to non-administrator users. When you set your VPAM server in Maintenance Mode, the system displays a customizable message that your non-admin users will see when trying to log in to the VPAM server.

Check the Schedule end of maintenance mode at: option to provide access to your users at a specific date and time. If you do not set an end date, a System Admin must Disable the maintenance mode manually in this same page.

The system effectively disables access 10 minutes after you click Save.

Web Session Expiration

The Web Session Expiration enables you to set how long an idle session remains active.

Best Practices Settings

The Best Practices Settings enable you to select the compliance Best Practices for the system to continuously evaluate. For more information on the available best practices, use the following resources:

To review a report of your Best Practices, open the Best Practices Checklist page, under Settings.

Syslog Server Settings

Syslog Server enables you to export audit and system events to an external server running the Syslog service.

IMPORTANT:
If you are an Imprivata Cloud customer, read the Syslog Configuration for Cloud Customers section before you continue with this process.

Imprivata Cloud customers may not be able to configure the Syslog Server directly through the System Settings page of their VPAM server. Before you continue with your Syslog Configuration in the System Settings page, you must first:

  1. Navigate to System Admin > Settings > Tunneled Services.

  2. Create a new tunnel service for your Syslog server.

  3. Provide the following information

    • Description: Provide a description for the service.

    • Host Name: Provide the DNS or FQDN of the syslog server.

    • Port: Set the default port 514 or alternate port for your syslog server.

      IMPORTANT:
      If you use the default port 514, no additional configuration or assistance is required. However, if you specify a non-standard port, you must contactImprivataSupport to open the corresponding firewall port to enable connectivity

      IMPORTANT:

      If you use the default port 514, no additional configuration or assistance is required. However, if you specify a non-standard port, you must contactImprivataSupport to open the corresponding firewall port and enable connectivity.

    • Protocol: Select UDP as the syslog server protocol.

  4. Save the service.

To configure the Syslog Server Setting:

  1. Select the type of server protocol you want to use.

  2. Provide the system with the IP Address or hostname of the server.
    If you have not configured DNS resolution in your VPAM server, it is recommended to use IP Addresses, instead of host names when specifying a syslog server.

  3. Specify the communication port.
    If no port is specified, port 514 is assumed.

    IMPORTANT:

    If you use the default port 514, no additional configuration or assistance is required. However, if you specify a non-standard port, you must contact ImprivataSupport to open the corresponding firewall port to enable connectivity.

The options RFC-5425 (TCP, with TLS) and RFC-3164 (TCP, with TLS) enable you to add more secure, flexible, and standards-compliant event logging across varied network environments. These options activate the following sections:

  • Syslog Server SSL Settings: The system enables you to either upload the syslog server SSL certificate or disable the verification.

  • Client Authentication Settings: The system enables you to use client authentication settings that require you upload the keystore file and password.

IMPORTANT:
The Syslog Server Setting requires you to meet one of the following requirements:
  • The configuration leverages and uses tunneled services to work properly.
  • Imprivata Support assists you in opening a firewall port to allow connectivity.

Connection Manager Cipher Preference

The Connection Manager Cipher Preference setting enables you to express a preference for the encryption cipher used in the Connection Manager when users connect to the VPAM sessions. Since export control may limit the available ciphers for some users, a small amount of users may fall-back to using a cipher with a shorter key length than the expressed preference. VPAM recommends 128-bit AES as a compromise between connection efficiency and security appropriate for most systems.