Security

Use the Security page to:

  • Access and regenerate the API Key and Shared Secret credentials for your tenancy.

API and Shared Secret

The API Key and Shared Secret credentials are important when you are integrating MXO with your mobile apps. You must provide these credentials when defining the initialization parameters for the mobile SDKs. {}

  • To update the API Key and Shared Secret, click Change.

OAuth 1.0

Coming soon.

Extended Login Session (not visible when using single sign-on)

This feature enables you to change the default re-authentication time of 30 minutes, meaning your users are not logged out after 30 minutes and can remain logged in to MXO for a longer time period.

  1. Select Enable extended login session to, then set the number of days.
  2. Click Apply.

Disable Session IP Check

The Session IP Check protects your organization (tenancy) against a cookie replay attack. This security feature is enabled by default.

It performs a security check on user requests to verify that the user's external IP address does not change for the duration of a session. If the IP address does change, the user's session is invalidated and they are asked to log in again.

In some circumstances, such as when a user is located behind an internal load balanced proxy setup, the external IP address may legitimately change. For this reason we allow this security feature to be disabled, providing the user accepts responsibility for the action.

If you accept the reduced level of security, this feature can be switched off by clearing the checkbox and then clicking Apply.

MXO does not then apply the Session IP Check to any logins in your tenancy.

Configure IP Address Authentication

IP address authentication can be used to give your tenancy in the Medallia Experience Orchestration a second layer of authentication (the first layer being direct login/AD, single sign-on using SAML 2.0, Salesforce login, or OAuth) such that users can only connect from specific IP addresses.

IP address authentication can be used with multi-factor authentication on the Collaboration Settings page in the Document Collaboration module to restrict access to your docboxes.

The IP address range restriction also applies to API calls. For more information about API calls see the Medallia Experience Orchestration API documentation.

To switch on this feature:

  1. Select the Enable IP Address Authentication check box.
  2. Type the IP address range that you want to access MXO .The IP range must be in the format <IP address 1> - <IP address 2>.

If you only want to give one IP address access, IP address 1 can be identical to IP address 2 in the example above.

Note: We support only IPv4 addresses.

If you want to type more than one range of IP addresses, press Enter then type the next address range. You can't enter an additional range if it overlaps an existing range - the same IP address can't be in more than one range.

When you've added all your IP address ranges, click Apply. IP address authentication is enabled for your organization (tenancy) immediately.

System Administrators can still access MXO if they don't pass the IP address authentication. This is so that they can always log in to make changes to the IP address ranges that have been configured.

X-Frame-Options (Clickjacking prevention)

THE SETTINGS IN THIS SECTION ARE NOT APPLICABLE TO MXO .