In order to secure QUBEdocs it is recommend that you:
- Configure the website running QUBEdocs to use SSL/TLS
- Change default passwords and keys
- Setup QUBEdocs to use Windows Authentication
This article focuses on setting up QUBEdocs with Windows Authentication.
Securing access to connections, specific pages or a combination of both can be achieved when QUBEdocs is running in secured mode.
Once QUBEdocs is running in secured mode users will need to be added to specific profiles in order to give them access to the information in QUBEdocs. If segregation between the admin users and all other users browsing the documentation is all that is required, all users can simply be assigned to the default qubedocs profile. If more specific requirements such as limiting access by connections is required, additional profiles can be setup and user accounts associated with them.
Before setting up QUBEdocs to run in secured mode at least one administrator will need to be associated with the QUBEdocs Manager (Admin) profile. To do this:
1. Select Manage Profiles from the content pane in QUBdocs Manager (i.e. in http://localhost/QUBEdocs/#/qubedocsManager)
2. Select to the qubedocsManager profile shown below
3. Select the Profile Users
4. Enter, Validate and then Add the account for at least one user. Note that the users that are assigned here will have access to administer QUBEdocs and add other users. Standard users are typically associated with the qubedocs
Next, QUBEdocs needs to be setup to use Windows authentication. To enable this the administrator must first:
Go to http://localhost/QUBEdocs/#/setup and skip to the page Configure Security.
Click the switch to turn on security and then click next.
Providing the qubedocs profile hasn’t been associated with any accounts, the security setup can be tested by navigating to http://localhost/QUBEdocs/#/qubedocs. If the authentication has been setup correctly a 403 page should be displayed.