Access authorisations

Help > Functions and applications > Access authorisations

In order to prevent important settings from being changed accidentally or by unauthorised people, the PBX can be protected from unauthorised access.

Administrator

The administrator has unrestricted access to the web interface (access with the admin user name and admin password). The PBX can completely be configured and the PINS and passwords of all internal users can be changed with this access.

Mit der Admin-PIN können einige Funtionen wie z. B. das Aufsprechen von Ansagen über ein angeschlossenes Telefon durchgeführt werden.

Admin-Passwort (mit hohem Sicherheitsgrad), Admin-Benutzername und Admin-PIN müssen während der Erstinbetriebnahme eingerichtet werden.

Users (internal users)

The user is any internal user of the PBX. For each user, a user PIN is generated. This PIN is used, among other things, to access the voice mail and fax box and for the functions FMC and Roaming User.

MFA

In addition to the security provided by the user name and password access data, the configuration can also be secured using multi-factor authentication (MFA). The COMtrexx supports MFA using time-based one-time passwords (TOTP). An authenticator app is required for this purpose, e.g. Google Authenticator or Microsoft Authenticator. However, the authenticator app function is also supported by various password managers.

Note: The Authenticator app should preferably be installed on a mobile device so that it can be accessed at any time.

Important: The time on the mobile device must match the time on the COMtrexx when using the Authenticator app.

When setting up MFA, the COMtrexx generates a secret key that must be transferred to the Authenticator app (e.g. using a QR code or via the clipboard). At the same time, the COMtrexx generates twelve 20-digit recovery codes, which must be stored securely so that the COMtrexx can still be accessed if the secret key is lost.

Important: The recovery codes can only be used once. If the secret key no longer exists and a recovery code is no longer available, access to the web interface is no longer possible. To regain access, the COMtrexx must be reset to the factory settings. Under certain circumstances, the COMtrexx can then be restored with a current backup.

Further help under Backup

API Access

The REST API makes it possible to query and set certain parameters and functions of a COMtrexx. Thus, for example, own applications can be used to read in the status of the COMtrexx and its endpoints (telephones, SIP trunks, etc.) and to configure certain functions.

Information on using the REST API can be found in the Auerswald DokuWiki.

To allow a computer system secure access even without MFA, a specific IP address or IP range can be set up for API access.

Additional app passwords for users

PBX access data must be saved frequently in external systems. This will lead to security risks, if these systems are insufficiently secured.

Therefore, additional user passwords for accessing the web interface or API can be generated (currently not used).

If an app password has been generated for the user and the corresponding access authorisation has been enabled, the previous user password loses the access authorisation for the correspondig application.

Configuration

•Administratorzugang ändern.

−Administration > Contact information > Administrator access

•MFA einrichten oder deaktivieren.

−Administration > Contact information > Administrator access

•Change the automatically generated user PINs.

−User > Phone numbers >

Configure > Basic Settings

•Generating additional app passwords (web interface/API) for a user.

−User > Phone numbers >

Configure > Basic Settings

•Configuring authorisation for controlling of the PBX via phone.

−User > Phone numbers >

Configure > Authorisations

•API-Zugriff einrichten.

−Administration > Network > Server service > Auerswald Admin API

Passwort (Zusammensetzung)

Password that consists of at least 8 characters containing digits, letters (upper and lower case, but no German umlauts and ß) and special characters - _ . ! ~ * ' ( ) & = + $ , .

Specific characteristic of the Admin password: All characters can be used without restrictions.

Passwords with a low security level cannot be saved. A high level does not necessarily indicate a secure password.

Note: General rule: The more complex the password, the shorter it can be. The longer the password, the simpler the character strings used can be. Coloured bars provide direct visual feedback about the password strength when a password is entered.

Caution: Visible PINs and passwords are a security risk.

PIN (Zusammensetzung)

The PIN consists of 6 digits.

All the PINs in the PBX are unique. For this reason, you cannot assign the same PIN twice.

Do not use dates of birth, dates or easy-to-guess PINs like 111111 or 123456.

Setting a user PIN is not absolutely necessary.

Caution: Visible PINs and passwords are a security risk.