. Docs  . Admin Guide  . Security

Security

From the Security section of the Admin Console, enterprise admins can control the security configurations for their Kora account. These include:

  • Define Password Policy for their organization, see here.
  • Enable Single Sign-On for their domain users, see here.
  • Enable Exchange Impersonation, see here.
  • Manage sub-domains, see here.
  • Restrict Access to Kora by specific IP Addresses, see here.
  • Grant Skill Consent to authorize third-party skill bot developers to access Single Sign On (SSO) login tokens of your enterprise users, see here.

Password Policy

On the Kora Password Policy page in the Security module of the Enterprise Admin Console, you can

  • define and enable minimum password length,
  • requirements for inclusion of special characters, and
  • password expiration policies for Kora account passwords used to log on to Kora.

Note: These options are available only when Single Sign-On is not used.

The following table describes the Password Policy page controls.

COLUMN DESCRIPTION
Minimum Password Length Defines the minimum number of characters you can use in a Kora password
Include Numeric Values Enables or disables the requirement of numerical characters in a Kora password.
Include Alphabets Enables or disables the requirement of alphabetical characters in a Kora password.
Include Special Characters Enables or disables the requirement of special characters in a Kora password. Valid special characters are:

! – Exclamation mark
@   At Symbol
#   Number symbol
$   Dollar symbol
^  Caret symbol
&   Ampersand
*   Asterisk
_   Underscore
   Hyphen
   Double quotes

Enable a password expiration policy Enables or disables password expiration. If enabled, you can define a

  1. password validity period in days and
  2. expiration notification settings.
Apply this change to existing users Enables or disables password reset for all managed users in the domain.

Enable or Disable SSO

Depending on the security required for your company, you may need to enable or disable Single Sign-On (SSO) for your managed users accessing the Kore.ai application.

When you disable SSO or when the SSO authentication validity period expires, managed users must create and log on using their credentials. If no account-specific password policies have been defined, then default Kore.ai password policies are automatically enabled for the managed users.

Refer here on how to enable SSO.

Exchange Impersonation

Using this option you can enable the user to perform operations by using the permissions that are associated with the impersonated account, instead of the permissions that are associated with the user’s account.

With this feature enabled, exchange users need not provide access permissions directly while using the app. The impersonated account will fetch the required details on their behalf. Refer here for more on Exchange impersonation.
Pre-requisites
Before opting for impersonation, you need to create a service account for impersonation using the exchange management shell. For this you need:

  • Administrative credentials for the Exchange server.
  • Domain Administrator credentials, or other credentials with the permission to create and assign roles and scopes.
  • Exchange management tools. These are installed on the computer from which you will run the commands.
  • Follow the steps here to create a service account.

Once you have created the service account, you can enable the Exchange Impersonation from the Kora admin console and provide the following values from the Exchange service account:

  • Exchange Domain name
  • Exchange port
  • Username
  • Password

Note – Exchange Impersonation is not applicable to G-Suite sign-in.

Domain Management

You can use this page to add and manage sub-domains associated with your Kora account.

Restrict Access

You can choose to limit access to your domain’s users based on your choice of IP addresses.

You can set:

  • the channel to which the access should be restricted
  • start and end IP address for which access it allowed

Once this feature is enabled and the proper IP addresses are defined, your domain users will be able to access Kora.ai ONLY from the IP address(es) defined here.

Skill Consent

You can use this option to authorize third party skill bot developers to access Single Sign On (SSO) login tokens of your enterprise users who logged into Kora application. SSO tokens of all the Kora users will be shared with third-party skill bot developers to access the required user information.