x Want to participate? Join the group to interact
  • State Not Answered
  • Replies 1 reply
  • Subscribers 74 subscribers
  • Views 923 views
  • Users 0 members are here
Browse Forums
Announcements
105
topics
32
replies
General Discussion
6k
topics
18k
replies
pie8ter

How to secure the Sage CRM?

Posted By

We have SageCRM version 7.1.h. I am looking for a way to secure the access to outside users. Our concern involves two things: authentication and encryption.

The current authentication scheme uses the username/password from the Sage CRM database. It isn't adequate as anyone with the credentials can log in and access our business data. We want to go one level above and validate the identity of the user who they say they are. A two factor authentication may work.

Is there any support for a two factor authentication or other ways to validate the identity of the sage user. We just want this for users from outside our corporate network.

Also, when we enabled SSL on IIS, we ran into a lot of issues with SageCRM. I am guessing it interfered with IIS to tomcat communication. What's the best way to enable SSL for Sage? Is there a manual or guide?

  • 0

    Hi,

    In response to your first query: you could try using Windows authentication (referred to in the documentation as IIS auto login), then do your 2-factor authentication on the client machine. There's a few other considerations. You're mentioning that you want to restrict access to users outside your corporate network - how about only publishing CRM inside the corporate network, then have users use a VPN to connect? There's a large number of additional security options available in IIS, such as using IP address restrictions.

    With regards to enabling SSL - I guess it depends how you've done it. People occasionally run into trouble when they only implement SSL on a gateway proxy / load balancer rather than on the CRM web server. The issue here is that CRM occasionally returns full URLs in the response content. These are beuilt using the request protocol - from its perspective, the requests coming in are over HTTP, so it should be fine returning HTTP URLs. This can often be resolved on whatever's handling HTTP requests. If you've got HTTPS set up on the CRM server itself, then it should just work. You might need to change the HTTPPort entry in Custom_Sysparams so that the Outlook integration will pick up the correct port.

    I'm not sure what you might have done that would cause problems with the redirector to Tomcat. You'd never enable SSL on the Tomcat server, as no requests will be hitting it from outside of the server. Only the eWare DLL and SDATA application should be sending it requests. I'd contact your local support team with any issues you're having here.

    Thanks,

    Rob

*Community Hub is the new name for Sage City