GUI Overview
This section will briefly explain the available screens and their typical use within the Secfense Broker GUI. Please note that this relates to the full view, which is designed for Super Admin users. Support users will see a less detailed GUI, limited only to the parts necessary for them to fulfill their role.
Main View
This is the view you see when you log in to the application. On the left side, under the Secfense logo, you will see the current software version followed by the application menu.
The center of the screen will display items related to the current Menu section. After logging in, this section will show the Dashboard view.
Dashboard
The Dashboard is divided into three sections:
- Application and Users Overview: Shows total numbers for Application Representations you have access to.
- Graph Representation: Displays User Actions in the past 48 hours.
- Tabular View: Shows an overview of recent Authentication and Registration events.
Applications
The initial view shows the list of applications already configured within the Broker scope.
In the filter bar, you can search for a particular application, sort the list by name, creation or update time (both ascending and descending), and change the list to a more detailed view. The default view is a list, but it can be switched to a grid.
On this screen, you can also create or clone existing applications—these actions will be described in detail in the next sections of this guide.
Roles
Secfense Broker supports role demarcation per application. This feature allows for segmentation of admin functions for each application group, or even customer, and is achieved by configuring User Roles. These roles act as policies that can later be assigned to particular users.
In the Roles section of the Broker, you can view, add, and delete User Roles.
Roles can be assigned with Admin or Support privileges for as many applications as are already configured within the system.
- Admin: Has full access (read/write) to the configuration of assigned applications and can view audit logs related to their scope.
- Support: Also has access to assigned applications, but in a much more limited scope. They can view all settings for their application; however, they are not allowed to make any changes. The full scope of the Support role is described in the Support Manual document.
Administrators
A list of all local users configured in one of the previously set up roles. You can add or remove an administrator, change their role, password, or reset their second factor.
Trust Groups
Trust Groups are adjustable sets of applications that can use a shared cookie to limit the number of user interactions with their chosen authentication method.
When a user logs in to an application that is part of a Trust Group, they will not be asked to use their second factor for all other applications within this group until the configured timer expires
Users
By default, the list is empty. To administer a particular user, you need to know their full username (wildcards do not work here).
Once a user is identified, you can see whether they are trusted and in which application. You can perform admin actions on this user, such as removal or generating a bypass code if their second factor becomes unusable.
This list uses a global scope. To find users registered in particular applications, please use the application scope.
Releases
On this screen, you can add releases that will be used for upgrading the device.
You can also enter maintenance mode, which allows for a seamless Secfense Broker upgrade when devices are operating in a high availability cluster.
Audit Log
View the last 1000 user actions, which can be filtered by user, role, or affected domain. Older entries can be exported by filtering a range of dates and clicking the "Export" button
Settings
All settings that do not fit into the above categories and are related to device and system configuration are found here.
This page is divided into sections, each responsible for its own part of the configuration:
- Configuration – Export and import of the current configuration file (JSON) and modification of the GUI timeout value.
- RADIUS – Configuration of the RADIUS server to support the second authentication factor.
- LDAP – Configuration of the connection to the LDAP server (e.g., Active Directory).
- IdP – Enabling and configuring Secfense IdP functionality.
- Microsoft Entra API – Configuration of the cloud identity server API for use in IdP configuration.
- Snapshots – Creating and restoring IdP configurations using snapshots.
- OIDC – Configuring the connection to the Open ID Connect service to support the second authentication factor.
- SMS – Configure the gateway used for SMS messages.
- Email – Configure the gateway used for email messages.
- Email Converter – Configuration of the email gateway for the Email Converter service.
- WebAuthn – Configuration of WebAuthn attestation parameters for U2F keys.
- Custom SSL/TLS for the admin panel – By default, Secfense Broker is validated by a certificate issued by our own CA. Here, you can upload your own certificate verified by a selected certification authority.
- Secfense Mobile Authenticator – To use our proprietary FIDO2-compliant application, all Secfense Broker instances must be whitelisted in our system. Validation is performed once per Broker deployment (it can be regenerated), and the administrator must send the identifier and public key to a Secfense representative to whitelist their Secfense Broker instance.
- Support Pack – Generate a package containing logs and other diagnostic data to send to the Secfense support team.
- Access Tokens – Secfense Broker allows full use of the REST API. To use webhooks, the administrator must generate a personal key (which will have the same permissions as the creator) to authorize these commands. Note that after generating the key, there is only one chance to view and copy it. Once the token details pop-up is closed, the key cannot be retrieved again, and if lost, a new one must be generated.
- Custom CSS – Support for custom CSS files to modify the appearance of screens presented to users.
- Licensing – The last section displays details of the current license. To re-license Secfense Broker, copy the displayed public key and send it to Secfense. We will respond with a new license key that will extend or expand the current license.