Security

the security section in engini allows customers to customize and fortify their account’s security measures it provides access to essential security features designed to protect user data, enhance access control, and ensure secure workflows here’s how you can navigate to and utilize the security features click on the settings icon located in the lower side of the side bar click on the “security” section in the security section, users can view and manage 4 distinct features tailored to their specific security requirements session timout allows users to activate or deactivate this feature click on the toggle to turn on the session time out and to define the idle time enter the idle session timeout minimum idle time can be set to a minimum of 30 minutes if you changed the default (30 minutes) idle session time out, click on the “save” button to save the changes note after the specified time of inactivity, the user is automatically logged out and redirected to the login page if this feature remains inactive, users can remain on the platform indefinitely without being disconnected sso authentication sso (single sign on) allows users to securely access engini with a single login, eliminating the need for multiple credentials while enhancing security and user convenience click on “configure sso” to open the configuration dialog a window will open where you can fill in the required sso details provider – select your identity provider (e g , okta) once selected, the authority, sign in url, and sign out url fields will be automatically filled based on your provider authority the url of your identity provider’s authorization server (this will be pre filled if the provider is selected) client id – the unique identifier provided by your sso provider for the application client secret – the secure secret key provided by your sso provider for authentication sign in url – the url where users are redirected for authentication this field is pre filled if the provider is selected sign out url – the url for logging out and redirecting users back to the application this field is pre filled if the provider is selected save click on the save button to save your connection setting up sso in engini to configure sso, you need to exchange information between engini and your chosen identity provider (e g , okta) log in to okta access your okta account and log in with your credentials navigate to account and click on admin enter the verification code from the okta verify app to proceed create an app integration on the left side of the okta dashboard, click applications click create app integration choose the required sign in method and application type (follow your organization’s preferences) assign a name for your application and proceed to the next step configure redirect urls scroll down to the section for sign in redirect urls and sign out redirect urls open engini and copy the sign in url from engini’s sso configuration page into okta’s sign in redirect url field similarly, copy the sign out url from engini into okta’s sign out redirect url field set assignments at the bottom of the okta configuration page, in the assignments section, select allow everyone in your organization to access click save copy client credentials from okta to engini after saving, you will be redirected to a page showing the client id and client secret copy the client id from okta and paste it into the client id field in engini’s sso configuration window copy the client secret from okta and paste it into the client secret field in engini configure the authority field in engini in your browser, look at the url in the address bar of the okta page copy the domain part of the url (the portion between http // and okta) and paste it into the authority field in engini save the configuration in engini once all the fields in engini are filled out (client id, client secret, authority, sign in url, and sign out url), click save in engini’s sso configuration window disable federation broker mode go to the applications section in okta locate and disable the federation broker mode option for the application assign the application to users navigate back to applications in okta click assign to users for the application you created select the users you want to assign to this application create a new policy on the left hand menu, click on security, then select api locate the relevant authorization server and click edit in the authorization server settings, click on the access policies tab click add policy and provide a name and description for the policy select who to assign the policy to all clients or specific clients (you’ll need to select the clients manually) click create policy add a rule on the same access policies page, click add rule under the created policy configure the rule as needed after completing the sso configuration, click on the sso verification button in order to checks the connectivity between engini and the identity provider (e g , okta) final step now, simply toggle enable sso to activate sso authentication and start using it seamlessly signing in with sso after setting up sso in engini, you can sign in using your organizational credentials if you haven’t configured it yet, click here https //app archbee com/public/preview ixqqblwfxopjg0nave78y/preview vcgvwvr7lhgegoxeulrd#jzkun follow the steps below to connect to engini using sso click on sign in with sso sign in with sso allows you to log in with the name of your account account name enter you account name sign in with sso click the button to sign in to your engini account not sso user? go back returns you to the regular login flow if you are not using sso redirect to your identity provider after you enter your account name and click “sign in with sso” , engini will automatically redirect you to your organization’s login portal (such as okta) log in using your company credentials (email and password) before attempting to sign in with sso, make sure your organization has configured the correct redirect urls in the engini security settings learn how to configure redirect urls here https //app archbee com/public/preview ixqqblwfxopjg0nave78y/preview vcgvwvr7lhgegoxeulrd#jzkun successful login once authenticated, you will be automatically redirected back to your engini account, no need to enter a separate password for engini two factor authentication (2fa) when the user who created the account sets up two factor authentication, the users invited to access that account are required to set up their own two factor authentication account level settings require full authentication while allowing users to customize their preferences click the enable two factor authentication” button to initiate the setup process an authentication methods window will pop up and you can choose between phone number or email for verification click on the “send verification code” button to request a code be sent to your chosen phone/email once received, utilize the code as necessary ip filtering allows users to limit account access to specific addresses or countries users must configure at least one filtering row to use the ip filtering click “add filter record” to start defining filters applying filters choose between the options below user manage system users, including their access, roles, and permissions type ip related values or country value – enter the value for the selected type the required format and input will change depending on the type selected (for example a single ip address, an ip range, a cidr block, or a country) ip address allows access only from a specific single ip address ip range allows access from a range of ip addresses between a defined start and end ip cidr allows access using cidr notation, which defines a block of ip addresses in a compact format (e g , 192 168 1 0/24) country allows or restricts access based on the user’s geographic location (country) description – an optional field used to add a short note explaining the purpose of the ip rule, making it easier to identify and manage later app manage applications within the platform, including their settings and configurations application – select the application to which the ip rule will apply the rule will control access specifically for this application type – defines the type of ip rule you want to create (such as ip address, ip range, cidr, or country) the selected type determines how access will be filtered ip address allows access only from a specific single ip address ip range allows access from a range of ip addresses between a defined start and end ip cidr allows access using cidr notation, which defines a block of ip addresses in a compact format (e g , 192 168 1 0/24) country allows or restricts access based on the user’s geographic location (country) value – enter the value for the selected type the required format and input will change depending on the type selected (for example a single ip address, an ip range, a cidr block, or a country) description – an optional field where you can add a short note describing the purpose of the rule to make it easier to identify later connection manage integrations and external service connections used by the system connection – select the specific connection for which the ip restriction rule will apply the rule will control access only for this selected connection type – defines the type of ip rule you want to create (such as ip address, ip range, cidr, or country) the selected type determines how access will be filtered ip address allows access only from a specific single ip address ip range allows access from a range of ip addresses between a defined start and end ip cidr allows access using cidr notation, which defines a block of ip addresses in a compact format (e g , 192 168 1 0/24) country allows or restricts access based on the user’s geographic location (country) value – enter the value for the selected type the required format and input will change depending on the type selected (for example a single ip address, an ip range, a cidr block, or a country) description – an optional field where you can add a short note describing the purpose of the rule to make it easier to identify later worker manage background workers that run automated tasks, processes, or workflows connection – select the specific connection for which the ip restriction rule will apply the rule will control access only for this selected connection type – defines the type of ip rule you want to create (such as ip address, ip range, cidr, or country) the selected type determines how access will be filtered ip address allows access only from a specific single ip address ip range allows access from a range of ip addresses between a defined start and end ip cidr allows access using cidr notation, which defines a block of ip addresses in a compact format (e g , 192 168 1 0/24) country allows or restricts access based on the user’s geographic location (country) cors controls which external domains are allowed to send requests to the worker this is used to allow cross origin requests from specific domains value – enter the value for the selected type the required format and input will change depending on the type selected (for example a single ip address, an ip range, a cidr block, a country or allowed domain when using cors) description – an optional field where you can add a short note describing the purpose of the rule to make it easier to identify later activate the filter once configured and press on the green v to save the filter settings notes these security features are available exclusively with a premium subscription in engini configuration and management of these features empower users to enforce personalized security protocols suited to their workflow and access requirements allowed file types the allowed file types configuration enables administrators to control which types of files can be uploaded to the system instead of allowing users to upload any file type, administrators can restrict uploads to a predefined list of supported formats configure opens the configuration panel where administrators can define which file formats are allowed for upload all changes to the allowed file types are managed from this configuration screen images displays the category for image file types the indicator shows how many image formats are currently enabled out of the total available formats for this category available image file types that can be enabled or disabled gif image ( gif) webp image ( webp) png image ( png) jpeg image ( jpg, jpeg) bitmap image ( bmp) svg vector ( svg) documents displays the category for document file types the progress indicator represents the number of document formats currently allowed compared to the total supported formats available document file types that can be enabled or disabled word document 2007+ ( docx) powerpoint 2007+ ( pptx) text file ( txt) excel spreadsheet ( xls) word document ( doc) excel spreadsheet 2007+ ( xlsx) pdf document ( pdf) powerpoint ( ppt) videos displays the category for video file types the indicator provides a visual overview of how many video formats are currently approved available video file types that can be enabled or disabled windows media video ( wmv) mp4 video ( mp4) quicktime video ( mov) avi video ( avi) webm video ( webm) audio displays the category for audio file types the progress bar indicates the number of allowed audio formats within this category available audio file types that can be enabled or disabled mp3 audio ( mp3) aac audio ( aac) wav audio ( wav) ogg audio ( ogg) archives displays the category for compressed archive file types the indicator shows how many archive formats are currently permitted available archive file types that can be enabled or disabled rar archive ( rar) zip archive ( zip) 7 zip archive ( 7z) tar archive ( tar) note you can view the files that have already been uploaded by navigating to the storage storage usage this page helps administrators understand the overall storage consumption of the account and track which types of files are occupying storage space by reviewing this information, users can better manage their storage resources and maintain visibility over the files stored within the system here’s how you can navigate to and utilize the storage features click on the settings icon located in the lower side of the side bar click on the “security” section in the security section, users can view and manage 4 distinct features tailored to their specific security requirements summary displays a general overview of the account’s current storage usage this section shows how much storage is currently used, how much storage is available in the account, and the total number of files stored in the system used indicates the total amount of storage currently being used by files in the account available shows the total storage capacity available for the account files displays the total number of files currently stored in the system by file type presents a breakdown of storage usage based on file types this section displays the top 5 file types stored in the account and shows how storage is distributed between them file type the type and format of the stored file (for example jpeg image, pdf document) files the number of files stored for that specific file type size the total storage space currently used by files of that file type knowledge knowledge is a premium capability that allows users to upload, manage, and connect internal documents, files, and structured information so the system can use them as a reliable knowledge source once enabled, the uploaded content can be used to search for relevant information, answer questions, and support workflows, workers, or assistants with context based on the organization’s own data this option can be enabled or disabled from the security page and may be available only for accounts with a custom subscription plan or a plan that explicitly includes knowledge access on the settings page, in order to see the knowledge option, you need to toggle the "disabled" button to continue, click "yes" once enabled, the knowledge option will appear in the side toolbar after clicking the knowledge icon in the side toolbar, you will be redirected to the knowledge page on this page, you can see that there is an option to create a new knowledge source by clicking the “+ new knowledge” button this allows you to add and manage new knowledge entries for use within the system this screen is used to create a new knowledge base (kb), which will store and organize data that can later be used by the system for search, retrieval, and context in workflows, workers, or assistants first, a knowledge base must be added name the name of the knowledge base, used to identify it within the system description a short explanation of what the knowledge base contains or is used for ai connection (embedding) the connection used to generate embeddings for the data, enabling semantic search and understanding embedding model the specific model used to convert the data into vector representations; available after selecting a connection dimensions the size of the vector generated by the embedding model, automatically filled based on the selected model vector db connection the database where the vectorized data is stored and managed for efficient retrieval create the button used to create the knowledge base; it will only be enabled once all required fields are filled after creating a knowledge base, you are redirected to the edit page at this stage, the knowledge base is empty, so before you can use the query functionality, you must first click “add content” this will open a file upload dialog where you can upload files from your computer once content is added, the query section will become available for use you can add content to the knowledge base in two ways files or url files this option allows you to upload files directly from your computer upload area click or drag & drop files to upload supported formats include pdf, txt, md, docx, pptx, json, csv (up to 10 files, 50mb each) chunk size (tokens) (optional) defines how the content is split into chunks for processing larger chunks = more context per chunk, but heavier processing default 1000 tokens overlap (tokens) (optional) determines how much content overlaps between chunks helps preserve context between chunks default 200 tokens upload becomes active after selecting files click to upload and process the content url this option allows you to scrape and add content from a web page url the web page link you want to extract content from name (optional) a custom name for the content if not provided, the page title may be used description (optional) a short description of the content to help identify it later chunk size (tokens) (optional) same as in files, controls how the scraped content is divided overlap (tokens) (optional) same as in files, maintains context between chunks upload click to fetch, process, and add the content from the url query after adding content to the knowledge base, the query section becomes available at this stage, you can enter a question in the query field, and the system will search across the uploaded content to return relevant results