Access Settings
As a user with administrator permission, you can find the settings button by clicking on your user profile name on the top right corner.
The Server Settings are divided into four parts:
- authentication token
- email server connection (SMTP settings)
- artifact graph
- configuration of the cluster mode
Authentication Token
| Parameter | Description |
| Activate expiry of the token in case of inactivity | Enables all tokens to expire after the time defined below in case of inactivity. This means, a user gets automatically logged out after the time specified in “Idle time until the token is invalidated” of inactivity |
| Idle time until the token is invalidated | The duration in seconds that a token remains valid during inactivity. This has only an effect if “Activate expiry of the token in case of inactivity” is enabled |
| Activate maximum token validity | Enables all tokens to expire after the time defined below. This means, a user automatically gets logged out after the time defined in “Maximum token validity”. This enforces the logout, regardless wether or not there was any activity of the user |
| Maximum token validity | The maximum duration in seconds that a token is valid. This has only an effect if “Activate maximum token validity” is activated. |
SMTP Settings
Define the default settings for outgoing email via SMTP Protocol
| Parameter | Description |
| Send E-Mails | Enable or disable the sending of E-Mails generally |
| SMTP Host | Domain Name or IP Address of the E-Mail Server |
| SMTP Port | Specify the port of the outgoing mail server, e.g. Port 587 for TLS Connection |
| Authentication required | If activated, a user/password authentication for the outgoing mail server is required |
| Encrypted with TLS | If activated, the connection is encrypted by TLS |
| Sender E-Mail | Enter the sender’s default email address, e.g. no-reply@simplifier.io |
| Sender | Specify the name of the sender |
| Username | Username to authenticate at the SMTP Server. Often it is the same as the E-Mail Address |
| Change Password | Enable this, if you want to change the currently set password |
| Password and Confirm Password | Set a secure password |
Artifact Graph Settings
The Artifact Graph is the technical representation of all dependencies between for e.g. Connector and Apps or Business Objects and Login Methods etc. This “in-memory” Graph is built on Server Startup and used for Project Permission Checks or Projects Contents.
Please change the settings regarding the Artifact Graph only if the Simplifier support asks you to do so and only change the values to the ones given you from the support team.
Otherwise, please leave all values to their default values. Per default, all switches as disabled and all text input fields are empty.
Cluster Mode
The Cluster Mode enables the Horizontal Scaling Feature.
You will find more information about the cluster mode here.
The security settings are divided in two parts, the password settings and the behaviour settings.
Password
The Password settings specify the password policy for the user. Password Policy only applies to Simplifier User that are managed directly by Simplifier User Management. If you are using an external identity management solution like Azure Active Directory, this settings are not affected.
| Parameter | Description |
| Minlength | Minlength defines the minimum length of a password. Set a high number for added security |
| Count lowercase characters | Defines the minimum count of lowercase characters in passwords, e.g. setting it to 4 means that a password has to be “abcdEFG” (at least four lowercase characters) |
| Count uppercase characters | Defines the minimum count of uppercase characters in passwords, e.g. setting it to 4 means that a password has to be “ABCDefg” (at least four uppercase characters) |
| Count numbers | Defines the minimum count of numbers in passwords, e.g. setting it to 4 means that a password has to be “1234abc” (at least four numerical characters) |
| Force symbols | This forces the user to use at least one symbol such as $%&# |
| Prohibit parts of the username | This option prohibits users from using their username or parts of it for their password, e.g. the user ‘John’ cannot use a password like ‘John123’ |
Behaviour
Behaviour settings control the security mechanism for failed login attempts as well handle addtional permission checks for business objects and templates.
| Setting | Description |
| Block user after specified number of failed attempts | Specify a limit for failing logins to prevent Brute Force Attacks. If the user exceeds the limit he will be blocked. To unlock the user, the admin has to do this via the user management or the user can reset his password to unlock himself – Recommended Value: 5 |
| Demand captcha after specified number of failed attempts | This option demands a captcha after a specified number of failed attempts – Recommended Value: 3 |
| Activate deprecated Connector API | Activates an deprecated API version. Only activate this if you are told to do so by the Simplifier Support. |
| Enhanced Business Object Security | Activate permission check for executing Business Objects |
| Enhanced Template Security | Activate persmission check for rendering Templates |
| API Key for Enhanced Security for Connector Execution |
This is setting generates an API key that secures the access from external systems using connector calls via API over the public client route (…/client/2.0/connector/).If you use it from 3rd party client, this Key should be set as a header parameter named ‘SimplifierApiKey’. You can generate a new key by turning the option off and on again. |
Take a look at Authentication Settings and the following subpages.
Messages
The Message settings allow you to store system messages, which are displayed immediately to all logged-in users, e.g. if you want to inform them about maintenance work.
With corresponding rights (assigned role “System Messages”), you can add a expiry date. The messages can be written in HTML or Plaintext.
As soon as a message is stored, it is pushed to all user even on simplifier mobile client. A user who logs in later receive the message as well. The message is displayed as an overlay and must be closed manually.
Log
Log Level Settings
You can define for each category, on which detail level you will collect the logs.
The Default Value for all Levels are ERROR. That means only errors are logged.
Choose from the following categories:
| Category | Description |
| DEBUG | This level helps app builders to debug application. Level of message logged will be focused on providing support to an application builder. It is recommend for debugging purposes. It also includes the Log Level CRITICAL, ERROR and WARN as well as INFO. |
| INFO | This Level logs also non-errors like successful Logins or successful executions of connectors and business objects. It also includes the Log Level CRITICAL, ERROR and WARN. |
| WARN | This Log Level logs warnings that should bet taken care of , but not producing any kind of hard error. It also includes the Log Level CRITICAL and ERROR. |
| ERROR | This Log Level logs only ERRORs that can happen during the execution like failed logins or network timeouts within the connectors – This is the default value and recommended for production environments. It also includes the Log Level CRITICAL. |
| CRITICAL | This Log Level logs only CRITICAL Errors like Simplifier is Out of Memory etc. This is not recommended for production purpose and should not happen very often. |
Log Deletion Settings
The Log Deletion covers only the Audit and Mobile Log. The Log for Apps, Connectors, Business Objects and User Logins are not affected and managed by Monitoring Log Settings above.
| Setting | Description | Recommended Default Value |
| Deletion activated | Enable or Disable the Deletion of Logs. | Enabled |
| Deletion logs older than | Amount of Days , Weeks or Months that should past before the Logs are deleted. | 14 Days |
Monitoring Log Settings
The Monitoring Log Settings cover the Log for Apps, Connectors, Business Objects and User Logins.
| Setting | Description | Recommended Default Value |
| Delete monitoring logs older than | Amount of Days , Weeks or Months that should past before the Logs are deleted. | 30 Days |
| Maximum data length in monitoring log details | Maximum Chars of Details for each Log Entry . It limits the storage within the database to a maximum value to save storage space. The maximum length applies to one data field, not to the total execution payload. | 1000 Chars |
| Clear details of successful executions | Enables or Disables the immediate deletion of log entry details after the status of the log entry is sucessful. This optimization saves space in the simplifier database because normally if a call is sucessful you have not to go in to the details for further analysis. | Enable |
SAP Security
This section configures the needed Software Libraries from SAP for establishing a Secure Network Connection (SNC) from Simplifier to SAP System.
SAP Cryptographic Library
Simplifier needs the SAP Cryptolib to create a PSE keystore file. The PSE keystore will contain the certificates, so that Simplifier and SAP can identify each other as trusted communication partners of a RFC SNC connection.
- Go to the SAP Support Launchpad and download the Linux x86 64bit versions of:
- In Simplifier navigate to “Settings” -> “SAP Security” -> “SAP Cryptographic Library”
- Choose the already downloaded files, upload the files and press “Save”
Advanced Settings
| Setting | Description | Example |
| Debug Parameters | Command Extension for Debugging Purpose of SAP Cryptographic Library Functions | Directory=/opt/simplifier/data/logs/s |
PSE File
A personal security environment (PSE) is a secure location where the public-key certificates are stored. It contains both the public information (public-key certificate and private address book) as well as the private information (private key) for the SNC Connection between SAP and Simplifier.
For detailed Instruction read the manual under SAP SSO via SNC and Identity Provider