From the Security section of the Admin Console, enterprise admins can control the security configurations for their Kora account. These include:
- Define Password Policy for their organization, see here.
- Enable Single Sign-On for their domain users, see here.
- Enable Exchange Impersonation, see here.
- Manage sub-domains, see here.
- Restrict Access to Kora by specific IP Addresses, see here.
- Grant Skill Consent to authorize third-party skill bot developers to access Single Sign On (SSO) login tokens of your enterprise users, see here.
On the Kora Password Policy page in the Security module of the Enterprise Admin Console, you can
- define and enable minimum password length,
- requirements for inclusion of special characters, and
- password expiration policies for Kora account passwords used to log on to Kora.
Note: These options are available only when Single Sign-On is not used.
The following table describes the Password Policy page controls.
|Minimum Password Length||Defines the minimum number of characters you can use in a Kora password|
|Include Numeric Values||Enables or disables the requirement of numerical characters in a Kora password.|
|Include Alphabets||Enables or disables the requirement of alphabetical characters in a Kora password.|
|Include Special Characters||Enables or disables the requirement of special characters in a Kora password. Valid special characters are:
! – Exclamation mark
|Enable a password expiration policy||Enables or disables password expiration. If enabled, you can define a
|Apply this change to existing users||Enables or disables password reset for all managed users in the domain.|
Enable or Disable SSO
Depending on the security required for your company, you may need to enable or disable Single Sign-On (SSO) for your managed users accessing the Kore.ai application.
When you disable SSO or when the SSO authentication validity period expires, managed users must create and log on using their credentials. If no account-specific password policies have been defined, then default Kore.ai password policies are automatically enabled for the managed users.
Refer here on how to enable SSO.
Using this option you can enable the user to perform operations by using the permissions that are associated with the impersonated account, instead of the permissions that are associated with the user’s account.
With this feature enabled, exchange users need not provide access permissions directly while using the app. The impersonated account will fetch the required details on their behalf. Refer here for more on Exchange impersonation.
Before opting for impersonation, you need to create a service account for impersonation using the exchange management shell. For this you need:
- Administrative credentials for the Exchange server.
- Domain Administrator credentials, or other credentials with the permission to create and assign roles and scopes.
- Exchange management tools. These are installed on the computer from which you will run the commands.
- Follow the steps here to create a service account.
Once you have created the service account, you can enable the Exchange Impersonation from the Kora admin console and provide the following values from the Exchange service account:
- Exchange Domain name
- Exchange port
Note – Exchange Impersonation is not applicable to G-Suite sign-in.
You can choose to limit access to your domain’s users based on your choice of IP addresses.
You can set:
- the channel to which the access should be restricted
- start and end IP address for which access it allowed
Once this feature is enabled and the proper IP addresses are defined, your domain users will be able to access Kora.ai ONLY from the IP address(es) defined here.
You can use this option to authorize third party skill bot developers to access Single Sign On (SSO) login tokens of your enterprise users who logged into Kora application. SSO tokens of all the Kora users will be shared with third-party skill bot developers to access the required user information.