How to secure your administrator access

Introduction

inWebo is a strong authentication cloud service. The administration console access is highly protected and rely on our technology (browser token). Hence, it is important your administrators are aware of the following recommendations in order not to loose their access.

Please note that once your service is in “Production” state (i.e not during “Trial” period), inWebo have no authority nor is not able to create/recreate any type of account on your service (including administrator profiles). In other words, inWebo won't be able to help you in case of lost access to your administration console.


To prevent this situations to happen, we recommend you to follow the steps below :

  1. Install and use our Helium Backup browser extension for the enrollment to persist in your browser

  2. Always have two active inWebo token (your browser and your mobile phone by example)

  3. Always have at least 2 different administrators for your inWebo service

  4. It's strongly recommended to generate an API certificate and to keep it carefully in a secure place

1) Keep your browser enrolled / Helium backup

The administration console is a web console. You authenticate and log on it using the inWebo browser token (Helium or Virtual Authenticator). In order to keep you access to the administration, you have to keep you web browser enrolled.

To keep your browser enrolled, it's strongly recommended not to clean your cookies/localstorage. If your browser permit it, you can also whitelist the 2 following domains :

An additional security is to install our browser extension : Helium Backup.

You will find here detailled informations about web browser enrollment persistance and Helium Backup.

2) Activate a second device

As mentioned in our Getting Starting with inWebo Guide, it is strongly recommended you enroll a second inWebo token as soon as you can.

You probably have already enrolled your main web browser, we recommend you to enroll a second one. Your mobile phone is probably the better choice at this stage.

Download the inWebo Authenticator application (Mobile or PC): https://www.inwebo.com/telechargements/

3) Enroll a second administrator (or more)

Also as mentioned in our Getting Starting with inWebo Guide, create one (or more) administrator account(s) for your colleague(s) if possible. It is probably one of the best advice we can give to you.

To do so:

  1. log on to the administration console (https://www.myinwebo.com/console/)

  2. under the 'Service Users' tab, click the 'Add a new user' button

  3. fill-in the different fields, especially the 'login' and 'email address', select 'Send an activation email' and finally choose 'Administrator' in the 'USER SERVICE ROLE' dropdown list.

  4. click on 'Save' to validate the administrator account creation.

Congratulations, you are done. 

4) Generate and keep an inWebo API certificate for emergency use

As described in the inWebo web API Documentation, you can do a lot of things by using our https API, and especially generate new activation codes or create new inWebo accounts on the service.

The access to the API is protected by an SSL certificate authentication. Thus, you have to generate and download a client certificate to be able to use the API. Additionally, the access to the API can also be protected by an IP address filter, set up on the administration console.

Here is the process to generate a client certificate for the inWebo API :

  1. log on to the administration console (https://www.myinwebo.com/console/)

  2. under the 'Secure Sites' tab, click the 'Download a new certificate for the API' button

  3. give it an explicit name, choose the rights (provisioning read/write mandatory), type a 'Certificate passphrase' and keep it in a secure place as you will need it to invoke the API, choose a validity period

  4. finally select PKCS12 format (.p12) and click on 'Download' to validate the certificate creation and proceed to download.

Store this certificate and its passphrase carefully in a secured place.