Skip to content

Configuration >> General

Dashboard Security

Admin Console access can be managed through either:

  • Local credentials (username/password)
  • SAML integration with an existing identity provider (recommended for production)

Best Practice

Use SAML to avoid shared local passwords. This enhances security and allows for centralized access management.

To enable SAML directory integration for access to the Admin Console:

NOTE

Detailed SAML instruction is outside the scope of Shield's documentation. Please consult your directory provider's documentation for specific steps.

For the purposes of this integration, Nullafi Shield is the SAML 2.0 Service Provider (SP) and the organization's directory is the SAML Identity Provider (IdP).

  1. Prepare your directory for SAML integration.
    • Ensure that the correct group permissions are applied by the IdP. Members of allowed groups will be able to access the Admin Console.
    • Upload or Copy-and-Paste Shield's SP metadata into the IdP.
      • The Download SP metadata link in the Admin Console allows you to obtain information that the IdP will require from Nullafi Shield (the SP) for configuration. Click to link to download the file in XML format. It contains such items as Entity ID, ACS, and certificate information.
  2. After the IdP is configured, use the Set IdP Metadata button to upload the IdP configuration.
    • Nullafi Shield can consume the configuration from a URL (if the IdP provides one) or via XML formatted text (which may be copied from the IdP's settings pages).
  3. Check the Enable SAML box in the Dashboard Security section.
  4. Click Save Changes to apply.

Once SAML is configured, Administrators will be able to use their corporate credentials to access the Shield Admin Console.

Activity Configuration

Enable Activity Log

This is a global on/off switch for the Activity Log. See the Activities documentation for details of the Activity Log features.

REQMOD Scanning

By default, Shield only scans response traffic (downloaded data).
To also inspect request traffic (data sent by users):

  • Enable the REQMOD Scanning checkbox.
  • ⚠️ Be cautious when using request modification. Obfuscations that include data redaction may have unintended consequences on your applications. Be sure to test thoroughly. Obfuscations set to detect only are safer for REQMOD.

Periodic Cleanup of Activity Log

To manage disk usage, configure automatic cleanup:

  • Max Age: Number of days to retain log data.
  • Schedule: Cleanup schedule specified in crontab format (see https://crontab.guru for samples).

Example:
Max Age: 90
Schedule: 0 3 * * 7 → Every Sunday at 3:00 AM

Shield will scan the Activity log every Sunday at 3:00am and delete any records older than 90 days. On a Tuesday, there will be records from the past 92 days, because the last scheduled cleanup happened two days prior.

License Information

This section displays current license status.
Control over licensing is managed when the Shield services are started. See Deployment for details.

Enable/Disable Toggle

Use this switch to globally enable or disable Nullafi Shield.

Don’t forget to click Save Changes when enabling or disabling Shield.