Skip to content

Configuration >> General

Admin Console Configuration

The Configuration section of the Admin Console is for controlling the application settings of Nullafi Shield. These affect the behavior of Shield itself, not the traffic flowing through it (see Policy for traffic behavior settings).

General

The General configuration section controls basic Nullafi Shield behavior.

Dashboard Security

Access to the Admin Console can be controlled either by a local username/password pair, or by SAML integration to an existing directory. It is best practice to use directory integration. Local credentials would require multiple administrators to share the password. While this may be convenient for testing purposes, it is not recommended for production environments.

To enable SAML directory integration for access to the Admin Console:

  • Prepare the directory for integration.
    • Complete SAML instruction is outside the scope of Shield's documentation.
      • For the purposes of this integration, Nullafi Shield is the SAML 2.0 Service Provider (SP) and the organization's directory is the SAML Identity Provider (IdP).
      • Ensure that the correct group permissions are applied by the IdP. Members of allowed groups will be able to access the Admin Console.
    • The 'Download SP metadata' link in the Admin Console allows you to obtain information that the IdP will require from Nullafi Shield (the SP) for configuration. Click to link to download the file in XML format. It contains such items as Entity ID, ACS, and certificate information.
  • After the IdP is configured, use the 'Set IdP Metadata' button in the Dashboard Security section to upload the IdP configuration. Nullafi Shield can consume the configuration from a URL (if the IdP provides one) or via XML formatted text (which may be copied from the IdP's settings pages).
  • Check the 'Enable SAML' box in the Dashboard Security section.
  • Click on the 'Save Changes' button at the bottom of the page

Once SAML is configured, Administrators will be able to use their corporate credentials to access the Shield Admin Console.

Activity Configuration

Enable Activity Log: This is a global on/off switch for the Activity Log. See the Activity section for full description of the Activity Log features.

REQMOD Scanning: By default, Nullafi Shield applies policies only to downloaded data. If you wish to scan data flowing FROM users, enable REQMOD Scanning here. Caution: combining REQMOD Scanning with Obfuscations that include data redaction may have unintended consequences on your applications. Be sure to test thoroughly.

Periodically clean activity log: In order to control the use of storage space on your server, Nullafi Shield can be configured to delete old Activity Log data.

  • Max Age is the number of days worth of log data that will be kept.
  • Schedule controls when the cleanup will happen. It is specified in crontab format (see https://crontab.guru for samples).

Setting Max Age to 90 days and using "0 3 * * 7" for the schedule, Shield would scan the Activity log every Sunday at 3:00am and delete any records older than 90 days.

License Information

The License Information section only reports the current status of the license. Control over licensing is accomplished when the Shield services are started. See Deployment for details.

Enable/Disable Toggle

Nullafi Shield can be temporarily disabled entirely using the global toggle switch. Don't forget to Save Changes using the button on the bottom right when enabling or disabling Shield.