Skip to main content

GUI Overview

This section will briefly explain the available screens and their typical use within the Secfense Broker GUI. Please note that this relates to the full view, which is designed for Super Admin users. Support users will see a less detailed GUI, limited only to the parts necessary for them to fulfill their role.

Main View

GUI Main view

This is the view you see when you log in to the application. On the left side, under the Secfense logo, you will see the current software version followed by the application menu.

In the upper right corner, you will see the counter for the timeout of the current session (10 hours in this case) and the settings button for your account.

The center of the screen will display items related to the current Menu section. After logging in, this section will show the Dashboard view.

Dashboard

The Dashboard is divided into three sections:

  • Application and Users Overview: Shows total numbers for Application Representations you have access to.
  • Graph Representation: Displays User Actions in the past 48 hours.
  • Tabular View: Shows an overview of recent Authentication and Registration events.

Applications

The initial view shows the list of applications already configured within the Broker scope.

In the filter bar, you can search for a particular application, sort the list by name, creation or update time (both ascending and descending), and change the list to a more detailed view. The default view is a list, but it can be switched to a grid.

On this screen, you can also create or clone existing applications—these actions will be described in detail in the next sections of this guide.

Roles

Secfense Broker supports role demarcation per application. This feature allows for segmentation of admin functions for each application group, or even customer, and is achieved by configuring User Roles. These roles act as policies that can later be assigned to particular users.

In the Roles section of the Broker, you can view, add, and delete User Roles.

Roles can be assigned with Admin or Support privileges for as many applications as are already configured within the system.

  • Admin: Has full access (read/write) to the configuration of assigned applications and can view audit logs related to their scope.
  • Support: Also has access to assigned applications, but in a much more limited scope. They can view all settings for their application; however, they are not allowed to make any changes. The full scope of the Support role is described in the Support Manual document.

Administrators

A list of all local users configured in one of the previously set up roles. You can add or remove an administrator, change their role, password, or reset their second factor.

Trust Groups

Trust Groups are adjustable sets of applications that can use a shared cookie to limit the number of user interactions with their chosen authentication method.

When a user logs in to an application that is part of a Trust Group, they will not be asked to use their second factor for all other applications within this group until the configured timer expires

Users

By default, the list is empty. To administer a particular user, you need to know their full username (wildcards do not work here).

Once a user is identified, you can see whether they are trusted and in which application. You can perform admin actions on this user, such as removal or generating a bypass code if their second factor becomes unusable.

This list uses a global scope. To find users registered in particular applications, please use the application scope.

Releases

On this screen, you can add releases that will be used for upgrading the device.

You can also enter maintenance mode, which allows for a seamless Secfense Broker upgrade when devices are operating in a high availability cluster.

Audit Log

View the last 1000 user actions, which can be filtered by user, role, or affected domain. Older entries can be exported by filtering a range of dates and clicking the "Export" button

Settings

All settings that do not fit into the above categories and are related to device and system configuration are found here.

This page is divided into sections, each responsible for its own part of the configuration:

  • Configuration: Export and import the current configuration file (JSON) and change the timeout value for the GUI.
  • RADIUS/LDAP/OIDC: Enable and add details for external providers of authentication services.
  • IdP Section designated to configure both Secfense IdP cloud tenant and LDAP link used to authenticate and authorise SAML enabled users
  • Microsoft Entra API: Allows you to configure link to Entra ID user database to be used within the IDP use case.
  • Snapshots: Create snapshot of IDP configuration to be used as a backup.
  • SMS: Configure the gateway used to send GSM text messages.
  • Email: Configure the gateway used for emails.
  • Email Converter: Use this function to enable MFA enrollment via emails sent to your users. In this scenario users can pre-enroll to MFA even before their initial login. Feature is useful when combined with Full Site Protection
  • WebAuthn:** Configure WebAuthn parameters for key attestation.
  • Custom Certificate: By default, Secfense Broker is validated by a certificate issued by our own CA. Here, you can upload your own certificate validated by a CA of your choosing.
  • Secfense Mobile Authenticator: To use our proprietary app compliant with FIDO2, all Secfense Broker instances need to be whitelisted within our system. The validation is done once per Broker deployment (it can be regenerated), and the administrator needs to send the ID and Public Key to a Secfense representative to whitelist their instance of Secfense Broker.
  • Support Pack: Generate a package with logs and other diagnostic data to send to the Secfense support team.
  • Access Tokens: Secfense Broker allows for full REST API usage. To create your own webhooks, the administrator needs to create their own key (which will be generated with the same privileges as the person who created it) to validate these commands. Please note that once the key is created, there is only one chance to see and copy it. Once you close the pop-up with token details, you will not be able to extract the key again, and if it's lost, you will need to generate a new one.
  • Custom CSS: Allows you to prepare your own look and feel of the windows presented to users during authentication. The process to follow is described here
  • Licensing: The last section shows details of the current license. To relicense Secfense Broker, you need to copy the displayed Public Key and send it to Secfense. We will respond with a new license key that will prolong or expand your current license. Licensing is explained is this section of this manual.