Skip to main content

System

You can manage SecTrail MFA system administration and security configurations here.

Panel Management

Manage the users and their permissions who have access to the administration panel.

Administrator Users

Define and manage users who can access the SecTrail MFA administration panel.

Yönetici Kullanıcılar Listesi

Panel Administrators - Local and LDAP users and their roles

User Types:

1. Local Administrator Users:

  • Administrator accounts defined within SecTrail MFA
  • Authentication with username and password
  • Manually created and managed accounts

2. LDAP Administrator Users:

  • Panel access for LDAP/Active Directory users
  • Login with LDAP credentials
  • Centralized user management

LDAP Configuration:

LDAP Policy Mapping

LDAP Policy Mapping - Mapping LDAP groups to SecTrail roles

For LDAP users to access the administration panel, the following are required in the LDAP configuration:

  1. LDAP Connection Settings:

    • LDAP server address and port
    • Bind DN and password
    • Base DN configuration
    • User search filter

  2. Authorization Management Option:

    • Policy: Automatic authorization via group mapping (recommended)
    • Remote Admin: Manually designating specific LDAP users as administrators
Tip

If you are using LDAP integration, it is recommended to use the "Policy" mode for authorization management. This provides automatic authorization based on group memberships and reduces the need for manual management.

Role Management

Create and manage roles that you can assign to administrator users.

Rol Listesi

Role List - Administrator roles and authorization levels

Default Role:

Admin (Administrator):

  • Possesses all permissions
  • Modifies system configuration
  • Manages other administrators
  • Full access to all modules

Creating Custom Roles:

You can create roles with permissions customized to your needs:

Steps to Create a Role:

  1. Go to Panel Management → Roles page
  2. Click the "Create New Role" button
  3. Enter the role name (e.g., "Audit-Only", "User-Manager")
  4. Select permissions (modular permissions below)
  5. Save

Modular Permissions:

ModulePermissions
DashboardView
UsersView, Add, Edit, Delete
ApplicationsView, Add, Edit, Delete
PoliciesView, Add, Edit, Delete
RADIUS ClientsView, Add, Edit, Delete
AuthenticationProfile Management, Method Configuration
LogsUser Logs, GUI Logs, Reset Logs
ReportsView, Export
System SettingsBackup, License, Service Management
Panel AdministratorsView, Add, Edit, Delete

Permission Mapping (LDAP Policy)

Map LDAP/Active Directory groups to SecTrail MFA panel permissions. This feature is used when the 'Authorization Management' option is set to 'Policy' in the LDAP configuration.

Important Precondition

The Permission Mapping feature only works when the 'Authorization Management' → 'Policy' option is enabled in the LDAP configuration. Check the LDAP configuration first!

Mapping Options:

1. MemberOf Attribute (Group Membership):

  • Maps users based on group memberships
  • Ideal for Active Directory groups
  • Provides dynamic authorization

2. Username Attribute:

  • Maps users based on username attribute values
  • Specific authorization for particular users
  • Provides manual control

How It Works

Critical Rule

Only users matching at least one policy can log in to the panel. LDAP users who do not match any policy will be denied panel access.

Backup Settings

Configure automatic backup schedules for the SecTrail MFA system database and configurations. Backups provide data recovery in case of system failure.

Backup Configuration

Yedekleme Ayarları Formu

Backup Settings - Period, time, notification, and manual backup options

Configuration Parameters:

ParameterDescriptionOptions
Backup PeriodWhen backups will runDaily, Weekly, Monthly
Backup TimeTime for daily backup00:00 - 23:59
Backup DayDay for weekly backupMonday - Sunday
Backup DateDate for monthly backup1 - 31
Email NotificationNotification when backup is completeYes / No
Notification EmailsEmail addresses to send notifications toadmin@company.com, backup@company.com
Cluster BackupWhich server will perform the backupNode 1, Node 2, Node 3
Backup Best Practice

Regular backups are essential for disaster recovery. For maximum protection, store backups in a secure, remote location. Copy the backup files to an offsite server or cloud storage.

Manual Backup

Create an instant backup at any time, independent of the automatic schedule.

Manual Backup Steps:

  1. Go to System → Backup Settings page
  2. Click the "Backup Now" button
  3. Select "Yes" in the confirmation window
  4. Backup starts, progress bar is displayed
  5. Success message appears when complete

Use Cases:

  • Emergency backup before a system update
  • Before a major configuration change
  • For disaster recovery testing
  • Before offsite copying

Backup Retention and Cleanup

Retention Policy:

  • Daily backups: Last 7 days are kept
  • Weekly backups: Last 4 weeks are kept
  • Monthly backups: Last 12 months are kept

Automatic Cleanup:

  • Old backups are automatically deleted (to conserve disk space)
  • Manual backups are not automatically deleted
  • Retention periods are configurable
Disk Space Warning

Only one backup schedule can be active. Ensure sufficient disk space is available before starting a backup. The backup will fail if the disk is full!

Access Restriction

Control which IP addresses can access the SecTrail MFA administration panel. Only the listed IP addresses can access the system.

How IP Restriction Works

Default Behavior:

  • If no rules are defined: All IPs can access the panel
  • When at least one rule is defined: Only allowed IPs can access, others are blocked

Be extremely careful when adding IP restrictions!

Risk: If you enable the rules without adding your current IP address to the allow list, you will lose access to the administration panel!

Best Practices

Panel Management

  • Principle of Least Privilege: Grant users only the permissions they need
  • LDAP Integration: Use central management with LDAP if possible
  • Custom Roles: Create custom roles according to departmental needs
  • Regular Audit: Review the administrator list and permissions monthly
  • Strong Passwords: Enforce strong passwords for local administrator accounts

Backup

  • Daily Backup: Daily backup is mandatory for Production systems
  • Test Restore: Perform a restore from backup test once a month
  • Email Notification: Activate email to monitor backup status
  • Disk Monitoring: Ensure the backup disk does not fill up

Access Restriction

  • Default Deny: Block default access using IP restriction
  • Narrow Ranges: Use the narrowest possible IP ranges
  • VPN Requirement: Enforce VPN usage for remote access
  • Regular Update: Update the IP list regularly
  • Multi-Layer: Use IP restriction + strong authentication + MFA