InSite Implementation Guide – 0.8.4

1.Information that the 411 Team needs #

Please provide the following three pieces of information to your InSite implementer at 411Labs:

 

The URL of your Jive instance:
The URL of a publicly available file of your Jive instance logo:
The name or branding of your Jive instance (Sparq, Neo, etc.):

 

2.Jive Settings for Data Extraction #

The following information should be collected by you, but not shared with any of us at 411Labs. This aids in maintaining the security of your InSite instance and your Jive data.
Please create a new, non-federated (Does not got through Single-Sign-On or LDAP for authentication) Jive User. We usually suggest that the User Name be something mnemonic, such as “InSiteAPIUser”. This user needs to have visibility to all content on your Jive site, and so must have Full Admin rights in Jive. You should also set that User up in their own Permission Group in the Jive admin console. InSite uses the credentials of that user to pull the data out of Jive nightly.

Username of InSite API User:
Password of the InSite API User:

In order for InSite to pull DES data, you will need to generate a new Client ID and Secret from Jive. This is also entered in the InSite Admin Console.

To create a new client ID and secret that enable access to your instance:

  1. When logged in to Jive as a full access administrator, click your avatar in the top right, and select Add-ons.
  2. From the Add-ons tab, select Analytics Services > New Client.
  3. Enter the Client name. Make sure you use a descriptive name that will help you remember the system it’s being used for.
  4. Click Generate Client ID & Secret.
DES Client ID:
DES Secret:

 

3.Campaign Approver #

The screen only has two sections, and will usually be completed when you first launch your InSite instance.  However, you can modify both the Approver Delivery method and the language of the message that is sent to the Approver of a Campaign.:
How you want the Campaign Approval Message to be delivered to the Approver – Email, DM, or Both. It is important that you pick at least one of these options, otherwise Campaigns will not launch.

 

Send approval request by email:

 

Send approval request as DM:

 

 

The Subject and Body of the message the Approver receives when a CM has launched a Campaign. You don’t need to worry about this right away, since we include a default Subject and Message Body when you implement InSite. However, you may wish to modify either the Subject or Body later – so it good to know where this is controlled. It is VERY important that your Approver Message ALWAYS includes the Approver Link merge field – [[campaign.approval_url]]. Campaigns will not function if the Approver is not able to get to the Campaign Approval InSite screen.

 

Subject: The [[campaign.name]] campaign is ready for you to review and approve

Template Body:

 

[[campaign_approver.name.formatted]],I have created the [[campaign.name]] for you to review, approve and launch.  Please click the link below:

[[campaign.approval_url]]

You will be taken to a review, approval and launch page where you can:

  1. Review the text of the message that will be sent to those included in the campaign
  2. A list of those who are set to receive the message.
  3. Fill in the fields for you to approve and launch the campaign.

After you have reviewed the message and recipients, and are satisfied that they are correct, please approve and launch the campaign by entering your Jive user ID and password in the fields provided and hit the Approve button.  Your credentials will be discarded from the system as soon as the Campaign is completed.

Thank you for your work with us on this campaign.  We look forward to seeing the positive results shortly.

Sincerely,

[[author.displayName]]

Community Manager

 

4.Enterprise VPN IP Range #

There is info we will need from your IT department regarding the IP range of your corporate VPN. I will send a separate email that lists the same information that we need and why – so you can forward it to your appropriate IT resources.

 

Enterprise VPN IP Range:

 

5.Corporate Email Integration Settings #

  1. We will send another separate email to get the info below needed to allow you to integrate InSite with your corporate email system in order to be able to send email-only Campaigns. Send this email to your IT staff involved with the corporate email system.
    Email Server (URL or IP address):
    Port:
    Secure?: Yes or No (Only choose one, please)
    “From” Email Address:
    Requires Authentication?: Yes or No (Only choose one, please)
          User ID (If Requires Authentication,            above is Yes):
           Password (If Requires Authentication,        above is Yes):

     

6.Initial Data Pull/Pull Frequency Settings #

  1. Think about the date and time you would like the initial data pull from Jive into InSite should to occur. This initial pull can take several hours, so choose a time that will be a lull in your Jive user activity, since this initial pull can slow Jive response times a bit.
    Date and Time first data pull should start – in universal time (GMT):

7.Security #

In this section, you will configure the security settings that govern your Password requirements and other security settings for InSite Users.  The screen is divided into two sections – Password Complexity and User Login and Session.

7.1.Password Complexity #

In this section you configure how complex your InSite passwords will be required to be.  If you set up a new InSite user that does not meet the criteria you set, or the user themselves updates their password in a way that no longer meet the criteria you select – you or them will be prompted to make a correction.

The criteria you can configure are:

Criteria: Your Selection:
Require lowercase letter:
Require uppercase letter:
Require number:
Require special character:
Require to be not the same as login:
Minimum Password Complexity:

Too guessable: risky password

Very guessable: protection from throttled online attacks

Somewhat guessable: protection from unthrottled online attacks

Safely unguessable: moderate protection from offline, slow-hash scenario

Very unguessable: strong protection from offline slow-hash scenario

(HIGHLIGHT YOUR CHOSEN SELECTION)
Minimum password length:

 

Explanation of each selection:

Require lowercase letter: Requires that passwords have at least one lowercase character.
Require uppercase letter: Requires that passwords have at least one uppercase character.
Require number: Requires that passwords have at least one number.
Require special character: Requires that passwords have at least one special character, such as: !@#$%^&*().
Require to be not the same as login: Requires that passwords cannot match the InSite User ID.  So if your User ID is “btaub”, your password cannot be “btaub”.
Minimum Password Complexity:

This setting bears some detailed explanation.  These selections represent a second set of password construction gates – over and above the other settings in this section.  The selection you choose here is completely independent of your other selections in this section.  Each pick from the drop-down menu enforces an increasing level of complexity on password that make them harder to crack in a brute-force attack.  A brute-force attack is one where the hacker has an automated tool that starts with “00000000” and then tries “00000001” and keeps going through “ZZZZZZZZZ” and then the special characters and so on.  Obviously, those tools try the easiest ones first (“password”, etc.)

This section uses a library that uses a combination of a dictionary of known words (e.g. “password”, “Welcome1”) and a construction algorithm that analyzes the password for things like how close the key are together on the keyboard. So, while “qwerty” is not a real word, the keys are in a row next to each other on a keyboard and could be guessed in milliseconds during a brute-force attack.

So each of the five selections represent passwords construction that will each take longer to crack than the selection before it.  If you pick “Too guessable” a hacker could brute-force this password in less than a second.  The highest selection would take years of machine time to crack and is by far, the best protection from a brute-force attack.  These passwords are usually VERY long, not real words and are essentially a string of random letters and characters.

Pick Approx. # of Tries to Hack
Too guessable: risky password < 1,000
Very guessable: protection from throttled online attacks < 1,000,000
Somewhat guessable: protection from unthrottled online attacks <100,000,000
Safely unguessable: moderate protection from offline, slow-hash scenario < 10,000,000,000
Very unguessable: strong protection from offline slow-hash scenario >= 10,000,000,000

So, the intent with this selection is to slow a hacker running a brute-force attack down – giving us and you a better chance to detect the intrusion and shut it down.

Again, this selection is independent of your picks on the other options above and below it.  So you may create a password that has no real words, is 18 characters long and is basically a string of random letters numbers and characters – and if you have chosen the highest level of this setting – you password may still not pass this gate and you will be alerted that the password needs to be even harder to crack.

So we recommend a balance of security and practicality.  Depending on the sensitivity of your Jive data, you may want to choose one of the middle level for this pick.  Too little security and you are asking for trouble these days.  Too much and the system can become unusable.  Use common sense and your organizations overall posture and policies for these things and set it up accordingly.

Minimum password length: Enter the minimum number of characters all InSite passwords need to be.  If you enter “0” there will be no minimum enforced.  In general, we recommend a minimum of 8 characters.  There is no maximum number of characters allowed in a password.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IMPORTANT NOTE: Changes to any of these configuration settings will not be saved and enforce unless you click the “SAVE” button at the bottom of the page.

7.2.User Logon and Session #

In this section you configure how complex your InSite passwords will be required to be.  If you set up a new InSite user that does not meet the criteria you set, or the user themselves updates

Criteria: Your Selection:
Lock account after this many failed login attempts:
Notify Admin about locked out account:
Security Admin Email:
Logout after this many minutes of inactivity:

Explanation of each selection:

Lock account after this many failed login attempts:

This is numeric field. If a user (or an unauthorized user) attempts to login to InSite beyond the specified number of allowed attempts, the account will be locked and the user will not be able to log in at all once the threshold has been reached – even if they subsequently enter the correct password.

Once locked, the account can only be unlocked by the InSite Security Admin (often the same person as the InSite Admin) resetting the account with a new password in the InSite User table.

Notify Admin about locked out account: If checked, InSite will notify the InSite Security Admin (at the email address specified in the next section) via email, that a particular user account has been locked.
Security Admin Email: Enter the email address of the InSite Security Admin here.
Logout after this many minutes of inactivity:

This is a numeric field.  Enter “0” if you do not wish to have any inactivity timeout enforced in InSite.  If you enter any number other than “0”, after that many minutes has passed – once the user attempts to move to another InSite screen, they will be logged out and presented with the InSite login screen.

A change to this setting will not come into force until you or your InSite users logout and log back in again.  Changes will not affect the current InSite session.

IMPORTANT NOTE: Changes to any of these configuration settings will not be saved and enforce unless you click the “SAVE” button at the bottom of the page.

8.InSite User Lists #

  1. Lastly, have a list of the people you would like to have access to InSite in addition to you. You will need their name, email address, Username and Password. You will set them up in the InSite admin console with their proper role/permission, when you are ready.
    First Last Email Username Password Role/Permissions*

     

    *The InSite Admin is the only Role that has access to the System Menu in InSite. You must designate at least one Admin for your InSite instance.

     

    When you are done with completing the information in this document, please save it with a unique name indicating that it has been filled out.  DO NOT SEND IT TO 411Labs.

     

Help Guide Powered by Documentor
Suggest Edit