Skip to main content
  • Updated

Managing Security Options

  1. Jump to

  2. Site Password
  3. API Keys
  4. Configure Frame Options
  5. Volume Security Requests

 

Your site's security is high on our priority list. This article reviews the options you have on the Security page of your site.

Site Password

Your learning site will be password protected until your site is launched or goes live. Users who attempt to visit your site's URL will land on a page indicating that the site is closed. To bypass this page, you must enter the site password, or sign in with valid credentials. For testing purposes, you can enter the site password in order to view and test the different user flows without being logged in.

Note

The site password is not related to your personal login credentials.

  1. From your homepage, select Settings and then Security.
  2. Within the Passwords & Keys section, you will find your assigned site password. This password is randomly generated.
    SitePassword_ViewPassword_AdminView.png
  3. Go to your site URL and enter the password. Click Enter.
    SitePassword_LoginScreen_EndUserView.png

    Tip

    We highly recommend using a private/incognito browser in order to test your site as a logged out user.

  4. From here, you are ready to start testing!

Tip

Removing the password protection from your site is the final step in setting up your custom domain (launching your site). You should not remove the password protection on your site until all configuration steps and QA are completed.

Reactivating Your Site Password

If you do happen to accidentally remove password protection before you're ready, please reach out to your Tech Success & Support to have this reapplied to your site.

API Keys

Come here to view and copy your site's API key. For security purposes, your key is masked and you have the option to rotate your key as needed. You can generate up to two masked keys at a time.

  1. From your homepage, select Settings and then Security.
  2. Find the Passwords & Keys section.
  3. Click Generate API Key.
    SecurityOptions_GenerateAPIKey_Cropped_AdminView.png
  4. Once an API Key has been generated, click the eye icon to view it and copy if needed.
    SecurityOptions_APIEyeIcon_AdminView.png
  5. If you would like to generate a 2nd API Key, click Generate API Key again. 
  6. Once you've generated two API Keys, you have the option to remove either API Key from your site by clicking the trash icon.

    Warning

    Removing an API Key cannot be undone.

SecurityOptions_APIKeys_AdminView_GIF.gif

Configuring Frame Options

Your instance can be embedded onto another website, domain, or even app, via the use of these HTML tags: <frame>, <iframe>, or <object>. When you do this, we encourage you to set your Frame Options as described below.

  1. From the homepage, select Settings.
  2. From the left menu, select Security and then find the section for Security Options.
  3. Choose one of two options from the drop-down::
    • Allow (not recommended)
    • Allow from Same Origin (recommended)
  4. Click Save.

Note

We recommend the Allow from Same Origin setting for your site’s Frame Options in order to prevent clickjacking attacks.

Tip

For more information on Frame Options, click here.

SecurityOptions_FrameOptions_AdminView.png

Volume Security Requests

Security Volume Requests detect and block potential volume-based malicious activity, i.e., a large change in the volume of a particular activity at a particular location (password resets, code redemption, etc.). You have the option to disable volume security requests for your site.

  1. From the homepage, select Settings.
  2. From the left menu, select Security and then find the section for Security Options.
  3. Enable the toggle Disable Security Volume Requests?.
  4. Click Save.

SecurityOptions_VolumeRequests_AdminView.png

Related articles