Reference13r1:Concept myApps: Difference between revisions
Line 4: | Line 4: | ||
* innovaphone PBX from version 13r1 | * innovaphone PBX from version 13r1 | ||
= Overview = | = Overview = | ||
innovaphone myApps is the client software for innovaphone users and administrators. The base functionality is provided by a web application that is loaded from the PBX. Additionally there are installable versions for Windows, Android and iOS that | innovaphone myApps is the client software for innovaphone users and administrators. The base functionality is provided by a web application that is loaded from the PBX. Additionally there are installable versions for Windows, Android and iOS that come with an integrated browser and implement adaptions to the local operating system. | ||
The purpose of myApps is to organize and run apps. All productive functionality is provided by additional apps that run inside myApps. | |||
== Requirements == | == Requirements == | ||
=== Web version === | === Web version === | ||
Line 41: | Line 43: | ||
All other functionality is provided by apps. For example phone calls require a phone app. Chats require a chat app. | All other functionality is provided by apps. For example phone calls require a phone app. Chats require a chat app. | ||
= Details = | |||
== Connecting to the PBX == | |||
The myApps web application is loaded from the PBX. The corresponding URL for opening myApps in a browser is | |||
https://<pbx-hostname>/PBX0/APPCLIENT/appclient.htm | |||
The installable versions ask for the "server name" on the first startup. Enter the host name of the PBX to proceed to the login screen. | |||
You can change the server afterwards by logging out and clicking the "Change server" link on the login screen. | |||
== Authentication and security == | |||
For using myApps you need an account (user object) on the pbx with a password. For logging-in you need to enter the username (SIP-URI) or email address and the password. | |||
=== Two-factor authentication === | |||
The purpose of two-factor authentication is to maintain an additional level of security that prevents attackers form logging-in even if they compromised a users password. Therefore we strongly recommend to use it. | |||
It can be activated during installation of the PBX or in the admin UI under PBX/Config/Authentication. If activated, the password alone is not sufficient for logging-in but the user must also verify the new session by | |||
* Confirming it in a dialog displayed on any existing myApps session. | |||
* Clicking a link that is sent to the email address configured at the user object. | |||
In both cases a security code is displayed that should be compared to the one that is shown on the login screen of the new session. If it is the same the user can be sure that he is confirming his own login but not the possible concurrent login of an attacker. | |||
If a user is notified about a login attempt he did not do, it means that the user password is compromised. The following should be done in such cases: | |||
* Reject the session (email link or displayed dialog) | |||
* Inform the administrator | |||
* Change the user password |
Revision as of 20:49, 4 March 2019
Applies To
This information applies to
- innovaphone PBX from version 13r1
Overview
innovaphone myApps is the client software for innovaphone users and administrators. The base functionality is provided by a web application that is loaded from the PBX. Additionally there are installable versions for Windows, Android and iOS that come with an integrated browser and implement adaptions to the local operating system.
The purpose of myApps is to organize and run apps. All productive functionality is provided by additional apps that run inside myApps.
Requirements
Web version
For opening myApps in the web browser you need the most recent version of one of the following browsers:
- Chrome
- Firefox
- Safari
- or Edge
The following browser features are required and must not be disabled:
- JavaScript
- HTML5 Local Storage
myApps for Windows
- Windows ? or higher (to be defined)
myApps for iOS
- iOS ? or higher (to be defined)
myApps for Android
- Android ? or higher (to be defined)
Licenses
- No license needed for myApps itself
- Apps might require licenses
Account
- A user account (user object) on the PBX is needed in order to use myApps.
Features
myApps comes with the following features:
- User login including two-factor authentication.
- Display and set the own presence.
- List of all available apps.
- Running apps (inside an iframe).
- Home screen with user-selected apps and app items that can be organized in collapsible groups.
- List of all myApps-Logins. Unused or suspicious sessions can be logged out remotely.
- Color scheme selection (light, dark).
- Configuration of standard apps for certain functions (like phone calls or chat).
- Link to account specific settings provided by a separate app (profile).
All other functionality is provided by apps. For example phone calls require a phone app. Chats require a chat app.
Details
Connecting to the PBX
The myApps web application is loaded from the PBX. The corresponding URL for opening myApps in a browser is
https://<pbx-hostname>/PBX0/APPCLIENT/appclient.htm
The installable versions ask for the "server name" on the first startup. Enter the host name of the PBX to proceed to the login screen. You can change the server afterwards by logging out and clicking the "Change server" link on the login screen.
Authentication and security
For using myApps you need an account (user object) on the pbx with a password. For logging-in you need to enter the username (SIP-URI) or email address and the password.
Two-factor authentication
The purpose of two-factor authentication is to maintain an additional level of security that prevents attackers form logging-in even if they compromised a users password. Therefore we strongly recommend to use it.
It can be activated during installation of the PBX or in the admin UI under PBX/Config/Authentication. If activated, the password alone is not sufficient for logging-in but the user must also verify the new session by
- Confirming it in a dialog displayed on any existing myApps session.
- Clicking a link that is sent to the email address configured at the user object.
In both cases a security code is displayed that should be compared to the one that is shown on the login screen of the new session. If it is the same the user can be sure that he is confirming his own login but not the possible concurrent login of an attacker.
If a user is notified about a login attempt he did not do, it means that the user password is compromised. The following should be done in such cases:
- Reject the session (email link or displayed dialog)
- Inform the administrator
- Change the user password