Administer > System Security

System Security

Service Manager includes a number of security options you can configure after installation. The following table lists the security options you can enable or configure from a new development environment installation.

Tip For overall instructions on how to implement your Service Manager environment in a secure manner, see the Service Manager Security Guide.

Feature Description Default state in new installations
Encryption of configuration file settings A security option that protects values listed in the configuration file Enabled
Encryption of operator passwords A security option that protects the passwords listed in operator records Enabled
Inactivity timer A security option that automatically closes user sessions that have been idle for a specified period of time (except for those operators who are on the exception list) Enabled
Lockout feature A security option that automatically disables a user account if the user fails to provide the correct password after a specified number of attempts Enabled
Mandanten file security A security option that filters the data that operators can see when they query specific files Disabled
Multicompany mode A security option that filters the company information that service desk technicians see when creating service desk interactions and opening incidents Disabled
Requirements for required SSL encryption An implementation option that requires SSL encryptions for all connections Disabled
Requirements for required SSL encryption and client authentication An implementation option that requires SSL encryptions for all connections and validates the client's certificates Disabled
Requirements for required SSL encryption and trusted clients An implementation option that requires SSL encryptions for all connections and restricts connections to a list of trusted clients Disabled
Script utilities A security option that enables checksum calculation for Service Manager binaries and data security deletion. Disabled
Secure Sockets Layer (SSL) encryption and server certificates An implementation option to encrypt communications between your Service Manager server and clients Disabled
Trusted sign-on An implementation option that enables Service Manager clients to automatically log on using the same authentication information as users entered when they logged onto their client workstation's operating system. Disabled
Common Access Card (CAC) sign-on An implementation option that enables Service Manager clients to automatically log on using authentication information from the user's personal certificate stored in the user's CAC card. Disabled
SAML Single Sign-On An implementation option that enables Service Manager clients to log on to multiple web applications through single sign-on based on Security Assertion Markup Language (SAML) authentication. Disabled
FIPS mode A security option that requires data be encrypted using the FIPS-compliant AES encryption algorithm. Disabled
Tokenization A security option that enables tokenization in the web client to safeguard sensitive data. Enabled
Enhanced query hash algorithm A security option that enables the enhanced query hash algorithm. Disabled

Related topics

Security tables
Generating Web tier URL queries

Upgrade Service Manager