Security overview

System Manager Security menu options contains menu items for configuring Ivanti EPMM access. The following table summarizes the tasks associated with each menu item.

Table 21.   Security Menu Items

Settings Menu

Task

Identity Source > Local Users

Create, delete, and manage local users for System Manager.

Identity Source > Password Policy

Set the password requirements for System Manager local users.

Certificate Mgmt

View and manage certificates for:

  • Portal HTTPS
  • Client TLS
  • iOS Enrollment

Access Control Lists > Networks & Hosts

Create and manage entries for networks and hosts

Access Control Lists > Network Services

Create and manage entries for network services

Access Control Lists > ACLs

Compile access control lists

Access Control Lists > Portal ACLs

Compile access control lists for specific Ivanti EPMM components

Advanced settings - Most configurations do not require changing the following settings.

Advanced > Host Header Validation

Enhances the security of HTTP traffic

Advanced > HSTS

Configure HTTP Strict Transport Security

Advanced > Incoming SSL Configuration

Select protocols and cipher suites other than the defaults for incoming SSL/TLS connections

Advanced > ModSecurity

Configure protection against certain types of future public security vulnerabilities

Advanced > Outgoing SSL Configuration

Select protocols and cipher suites other than the defaults for outgoing SSL/TLS connections.

Advanced > Outgoing SSL Configuration

Select protocols and cipher suites other than the defaults for outgoing SSL/TLS connections.

Advanced > SAML

Allow local administrator users to use single-sign on for the Admin Portal and self-service user portal. This feature also allows administrators to automatically redirect authentication for the Admin Portal and the user portal to your external Identity Provider (IdP).

Advanced > Trusted Front End

Configure a Trusted Front End between devices and Ivanti EPMM.

Advanced > Admin/Self-Service User Portal Authentication

Select whether device users authenticate to the user portal, and whether administrators authenticate to the Admin Portal, with a password, a certificate, or either.

Advanced > SSH Configuration

Configure SSH to enable Public Key Authentication and Password Authentication.