HotDocs Hub Admin Guide
  • Table of ContentsTable of Contents
  • IndexIndex
  • GlossaryGlossary
 

Security Configuration Options

You can configure HotDocs Hub to use several different security options.

In this Topic Hide

Overview

You can deploy Hub with the following security configurations:

  • HotDocs Hub with Hub user management – use the Hub for user account management and authentication.
  • HotDocs Hub with Active Directory – use Active Directory for user account management and user authentication.

HotDocs Hub with User Management

The HotDocs Hub with Hub user management configuration uses the User Hub component to secure access to Hub resources. For example, templates and interviews. Users access the Hub using Hub-only user accounts.

Connection Security

TLS/SSL

You must enable a TLS/SSL connection in IIS when installing HotDocs Hub with Hub user management.

  • 2048 bit public key.
  • Must be exportable.
  • Must be imported to the local machine Personal store.
  • Must be imported to the local machine Trusted People store (if using a self-signed certificate).
  • You should provide permissions to the MachineKeys directory for the application pool under which Hub runs in IIS

Signing Certificate

The Hub requires a certificate for signing access tokens, used for authenticating requests to Hub APIs. You must supply this certificate yourself. The certificate has the following configuration requirements:

  • May be a self-signed certificate, if necessary.
  • 2048 bit public key.
  • Must be exportable.
  • Must be imported to the local machine Personal store.
  • The identity for the application pool under which the HotDocs Hub applications run must have permissions to the private key of the certificate. You configure these permissions after you install Hub.

You must also add the certificate's thumbprint to the HotDocs Identity Server application settings SigningCertificateThumbprint key during the installation process.

HotDocs recommends that you use a separate security certificate as the signing certificate for HotDocs Hub. However, you can use the SSL certificate as the signing certificate if necessary.

Hub-only User Accounts

Once you install and configure Hub, tenancy administrators can create Hub-only user accounts and set access permissions through the Hub user interface. These accounts are then allocated to resources by Administrators, through the Hub user interface. A user can only log in to the Hub user interface and see the resources they have been explicitly given access to by an Administrator. See Using the User Hub for more information.

HotDocs Hub with Active Directory

You can also configure HotDocs Hub to use Active Directory for user account management and authentication. In this configuration, HotDocs Hub reads user account details from an Active Directory server. You use these existing user accounts to allocate user permissions in Hub, rather than creating new user accounts in Hub itself. The User Hub component is still used to allocate permissions to HotDocs resources. For example, templates and interviews.

Connection Security

TLS/SSL

You must enable a TLS/SSL connection in IIS when installing HotDocs Hub with User Management and Active Directory.

  • 2048 bit public key.
  • Must be exportable.
  • Must be imported to the local machine Personal store.
  • Must be imported to the local machine Trusted People store (if using a self-signed certificate).
  • You should provide permissions to the MachineKeys directory for the application pool under which Hub runs in IIS

Signing Certificate

The Hub requires a certificate for signing access tokens, used for authenticating requests to Hub APIs. You must supply this certificate yourself. The certificate has the following configuration requirements:

  • May be a self-signed certificate, if necessary.
  • 2048 bit public key.
  • Must be exportable.
  • Must be imported to the local machine Personal store.
  • The identity for the application pool under which the HotDocs Hub applications run must have permissions to the private key of the certificate. You configure these permissions after you install Hub.

You must also add the certificate's thumbprint to the HotDocs Identity Server application settings SigningCertificateThumbprint key during the installation process.

HotDocs recommends that you use a separate security certificate as the signing certificate for HotDocs Hub. However, you can use the SSL certificate as the signing certificate if necessary.

 

 
 
 
 
 

Table of Contents

Index

Glossary

-Search-

Back