Reference13r1:Concept myApps: Difference between revisions
| Line 79: | Line 79: | ||
=== Using Windows passwords === | === Using Windows passwords === | ||
Instead of using the passwords configured at the user object, the Windows password can be used. Please see [[Reference13r1:Concept_Netlogon_and_myPBX_Windows_Authentication]] for details. | Instead of using the passwords configured at the user object, the Windows password can be used. Please see [[Reference13r1:Concept_Netlogon_and_myPBX_Windows_Authentication]] for details. | ||
=== Logging out === | |||
In the installable version a logout can be done in the myApps menu at "Account security" / "Current session". | |||
Revision as of 21:12, 4 March 2019
Applies To
This information applies to
- innovaphone PBX from version 13r1
Overview
innovaphone myApps is the client software for innovaphone users and administrators. The base functionality is provided by a web application that is loaded from the PBX. Additionally there are installable versions for Windows, Android and iOS that come with an integrated browser and implement adaptions to the local operating system.
The purpose of myApps is to organize and run apps. All productive functionality is provided by additional apps that run inside myApps.
Requirements
Web version
For opening myApps in the web browser you need the most recent version of one of the following browsers:
- Chrome
- Firefox
- Safari
- or Edge
The following browser features are required and must not be disabled:
- JavaScript
- HTML5 Local Storage
myApps for Windows
- Windows ? or higher (to be defined)
myApps for iOS
- iOS ? or higher (to be defined)
myApps for Android
- Android ? or higher (to be defined)
Licenses
- No license needed for myApps itself
- Apps might require licenses
Account
- A user account (user object) on the PBX is needed in order to use myApps.
Features
myApps comes with the following features:
- User login including two-factor authentication.
- Display and set the own presence.
- List of all available apps.
- Running apps (inside an iframe).
- Home screen with user-selected apps and app items that can be organized in collapsible groups.
- List of all myApps-Logins. Unused or suspicious sessions can be logged out remotely.
- Color scheme selection (light, dark).
- Configuration of standard apps for certain functions (like phone calls or chat).
- Link to account specific settings provided by a separate app (profile).
All other functionality is provided by apps. For example phone calls require a phone app. Chats require a chat app.
Details
Connecting to the PBX
The myApps web application is loaded from the PBX. The corresponding URL for opening myApps in a browser is
https://<pbx-hostname>/PBX0/APPCLIENT/appclient.htm
The installable versions ask for the "server name" on the first startup. Enter the host name of the PBX to proceed to the login screen. You can change the server afterwards by logging out and clicking the "Change server" link on the login screen.
Authentication and security
For using myApps you need an account (user object) on the pbx with a password. For logging-in you need to enter the username (SIP-URI) or email address and the password.
Permanent sessions
On each successful login on a new browser or new device a permanent session is created that is defined by a session id and a session password. Those are stored both in the local storage of the browser and at the user object in the PBX. If the user closes myApps and opens it again, the stored session is used. Only when logging-out the session is deleted in both places and the login screen is shown again.
Note that the user password is never transmitted over the network or permanently stored in the browser.
The user can keep track of all his permanent sessions in the myApps menu under "Account security". Sessions that are not needed anymore can be deleted here. The corresponding browser or device is logged out on-the-fly.
Two-factor authentication
The purpose of two-factor authentication is to maintain an additional level of security that prevents attackers form logging-in even if they compromised a users password. Therefore we strongly recommend to use it.
It can be activated during installation of the PBX or in the admin UI under PBX/Config/Authentication. If activated, the password alone is not sufficient for logging-in but the user must also verify the new session by
- Confirming it in a dialog displayed on any existing myApps session.
- Clicking a link that is sent to the email address configured at the user object.
In both cases a security code is displayed that should be compared to the one that is shown on the login screen of the new session. If it is the same the user can be sure that he is confirming his own login but not the possible concurrent login of an attacker.
The email account for sending the verification emails can be configured during installation of the PBX, in the PBX Manager plugin "Email" or in the admin UI under PBX/Config/Authentication.
If a user is notified about a login attempt he did not do, it means that the user password is compromised. The following should be done in such cases:
- Reject the session (email link or displayed dialog)
- Inform the administrator
- Change the user password
Using Windows passwords
Instead of using the passwords configured at the user object, the Windows password can be used. Please see Reference13r1:Concept_Netlogon_and_myPBX_Windows_Authentication for details.
Logging out
In the installable version a logout can be done in the myApps menu at "Account security" / "Current session".